- WordPress Plugin Mini Mail Dashboard Widget is prone to a remote file include vulnerability because it fails to sufficiently sanitize user-supplied input. Exploiting this issue could allow an attacker to compromise the application and the underlying system; other attacks are also possible. WordPress Plugin Mini Mail Dashboard Widget version 1.36 is vulnerable; prior versions may also be affected.
- Update to plugin version 1.37 or latest
- WordPress Plugin Easy MailChimp Forms Cross-Site Scripting (5.0.6)
- WordPress Plugin Autoship Cloud PHP Object Injection (1.0.13)
- WordPress Plugin Facebook Promotion Generator for WordPress Multiple Cross-Site Scripting Vulnerabilities (1.3.4)
- WordPress Plugin cformsII Arbitrary File Upload (14.7)
- WordPress Plugin Image Gallery-Responsive Photo Gallery Multiple Unspecified Vulnerabilities (1.9.58)