• WordPress Plugin NextGEN Gallery-WordPress Gallery is prone to a local file inclusion vulnerability because it fails to sufficiently verify user-supplied input. Exploiting this issue may allow an attacker to obtain sensitive information that could aid in further attacks. WordPress Plugin NextGEN Gallery-WordPress Gallery version 2.1.56 is vulnerable; prior versions may also be affected.

• Update to plugin version 2.1.60 or latest

• • http://www.kb.cert.org/vuls/id/346175
  • https://www.pluginvulnerabilities.com/2016/12/07/wpscan-vulnerability-databases-data-can-leave-you-unaware-that-you-are-still-vulnerable/
  • https://wordpress.org/plugins/nextgen-gallery/changelog/

• 

• CVE-2016-6565

• CWE-22

• Missing Update File Inclusion

• Joomla! Core Cross-Site Scripting (1.5.0 - 3.7.3)
• WordPress Plugin podPress Cross-Site Scripting (8.8.10.13)
• WordPress Plugin Co-Authors Plus Multiple Unspecified Vulnerabilities (3.1.2)
• WordPress Plugin HDInvoice-Create Invoices Arbitrary File Upload (0.1)
• WordPress Plugin WP Easy Post Types Cross-Site Scripting (1.4.3)