- WordPress Plugin Participants Database is prone to multiple vulnerabilities, including arbitrary file upload and cross-site request forgery vulnerabilities. A successful exploit may allow an attacker to upload arbitrary code and run it in the context of the webserver process, which may facilitate unauthorized access or privilege escalation, or to perform certain administrative actions; other attacks are also possible. WordPress Plugin Participants Database version 18.104.22.168 is vulnerable; prior versions may also be affected.
- Update to plugin version 22.214.171.124 or latest
- WordPress Plugin WP RSS Aggregator Unspecified Vulnerability (4.8.2)
- WordPress Plugin eHive Object Details Cross-Site Scripting (2.1.6)
- WordPress Plugin WPtouch Mobile Security Bypass (3.4.2)
- WordPress Plugin Autoptimize Multiple Vulnerabilities (2.1.0)
- WordPress Plugin Gallery by BestWebSoft 'php.php' Arbitrary File Upload (3.06)