• WordPress Plugin Eventify-Simple Events is prone to a remote file include vulnerability because it fails to sufficiently sanitize user-supplied input. Exploiting this issue may allow an attacker to compromise the application and the underlying system; other attacks are also possible. WordPress Plugin Eventify-Simple Events version 1.7.g is vulnerable; prior versions may also be affected.

• Update to plugin version 1.7.h or latest

• • http://plugins.trac.wordpress.org/changeset/441308/eventify/trunk/php/ajax/fetcheventdetails.php?old=434868&old_path=eventify%2Ftrunk%2Fphp%2Fajax%2Ffetcheventdetails.php
  • http://secunia.com/advisories/46345

• 

• CWE-94

• CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

• Missing Update File Inclusion

• WordPress Plugin Fusion:Extension-Menu Multiple Unspecified Vulnerabilities (1.0.2)
• WordPress Plugin Bitcoin Faucet Cross-Site Scripting (1.0.12)
• Joomla! Core 3.x.x Security Bypass (3.2.0 - 3.4.4)
• WordPress Plugin Featured Post with thumbnail Unspecified Vulnerability (1.4)
• WordPress Plugin Portfolio Cross-Site Request Forgery (1.0)