• WordPress Plugin MyPixs is prone to a local file inclusion vulnerability because it fails to sufficiently verify user-supplied input. Exploiting this issue may allow an attacker to obtain sensitive information that could aid in further attacks. WordPress Plugin MyPixs version 0.3 is vulnerable; prior versions are also affected.

• Edit the source code to ensure that input is properly verified or disable the plugin until a fix is available

• • http://www.vapidlabs.com/advisory.php?v=154

• 

• CVE-2015-1000012

• CWE-22

• CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

• Missing Update File Inclusion

• WordPress Plugin Garee's Flickr Feed Multiple Cross-Site Scripting Vulnerabilities (0.8)
• WordPress Plugin Job Manager Multiple Cross-Site Scripting Vulnerabilities (0.7.18)
• WordPress Plugin Google Maps Cross-Site Scripting (2.1.3)
• WordPress Plugin WP Google Maps Cross-Site Scripting (6.3.14)
• WordPress Plugin Breezing Forms SQL Injection (1.2.7.30)