WordPress Plugin jRSS Widget is prone to a directory traversal vulnerability because it fails to sufficiently sanitize user-supplied input. Exploiting this issue can allow an attacker to obtain sensitive information that could aid in further attacks. WordPress Plugin jRSS Widget version 1.1.1 is vulnerable; other versions may also be affected.
Update to plugin version 1.2 or latest
WordPress Plugin Easy Filter SQL Injection (1.5)
WordPress Plugin All-In-One Security (AIOS)-Security and Firewall Cross-Site Scripting (3.8.3)
WordPress Plugin Facebook for WordPress Cross-Site Request Forgery (3.0.3)
WordPress Plugin Qwizcards-online quizzes and flashcards Cross-Site Scripting (3.36)
WordPress Plugin Profile Builder-User Profile & User Registration Forms Multiple Cross-Site Scripting Vulnerabilities (1.1.65)