• WordPress Plugin FireStats is prone to a remote file include vulnerability because it fails to sufficiently sanitize user-supplied data. Exploiting this issue may allow an attacker to compromise the application and the underlying system; other attacks are also possible. WordPress Plugin FireStats version 1.6.1 is vulnerable; prior versions may also be affected.

• Update to plugin version 1.6.2 or latest

• • http://www.securityfocus.com/bid/35367/exploit
  • http://packetstormsecurity.com/files/view/78366/firestats-rfi.txt
  • http://secunia.com/advisories/35400/

• 

• CVE-2009-2143

• CWE-94

• CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

• Missing Update File Inclusion

• WordPress Plugin WooCommerce Unspecified Vulnerability (3.5.3)
• WordPress Plugin WP eCommerce Multiple Vulnerabilities (3.8.9.5)
• WordPress Plugin Save Contact Form 7 Information Disclosure (2.0)
• WordPress Plugin Evarisk 'ajax.php' SQL Injection (5.1.3.6)
• WordPress Plugin Advanced Custom Fields Cross-Site Scripting (4.4.3)