• WordPress Plugin Nmedia MailChimp Widget is prone to a remote file include vulnerability because it fails to sufficiently sanitize user-supplied input. Exploiting this issue could allow an attacker to compromise the application and the underlying system; other attacks are also possible. WordPress Plugin Nmedia MailChimp Widget version 3.1 is vulnerable; prior versions may also be affected.

• Update to plugin version 3.2 or latest

• • http://ceriksen.com/2012/06/21/wordpress-nmedia-mailchimp-widget-abs_path-remote-file-inclusion-vulnerability/
  • http://secunia.com/advisories/49538/

• 

• CWE-94

• CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

• Missing Update File Inclusion

• WordPress Plugin Conduit Banner 'banner-index-field-id' Parameter Cross-Site Scripting (0.2)
• WordPress Plugin Nginx Helper Cross-Site Scripting (1.8.9)
• WordPress Plugin BuddyPress Security Bypass (2.3.4)
• WordPress Plugin Levo Slideshow Multiple Vulnerabilities (2.3)
• WordPress 3.4 Multiple Vulnerabilities (3.4 - 3.4)