• WordPress Plugin Easy Forms for MailChimp is prone to a local file inclusion vulnerability because it fails to sufficiently verify user-supplied input. Exploiting this issue may allow an attacker to obtain sensitive information that could aid in further attacks. WordPress Plugin Easy Forms for MailChimp version 6.0.5.5 is vulnerable; prior versions may also be affected.

• Update to plugin version 6.1 or latest

• • https://sumofpwn.nl/advisory/2016/easy_forms_for_mailchimp_local_file_inclusion_vulnerability.html
  • https://packetstormsecurity.com/files/137879/WordPress-Easy-Forms-For-MailChimp-6.0.5.5-Local-File-Inclusion.html
  • https://wordpress.org/plugins/yikes-inc-easy-mailchimp-extender/changelog/

• 

• CWE-22

• Missing Update File Inclusion

• WordPress Plugin Featured Comments Cross-Site Request Forgery (1.2.4)
• WordPress Plugin UpdraftPlus Backup and Restoration Cross-Site Scripting (1.9.63)
• WordPress Plugin jRSS Widget 'url' Parameter Directory Traversal (1.1.1)
• Joomla! Core 1.0.x Multiple Vulnerabilities (1.0.0 - 1.0.9)
• WordPress Plugin Coupon Tab for DirectoryPress Multiple Cross-Site Scripting Vulnerabilities (0.2.0)