• WordPress Plugin PictPress is prone to multiple local file include vulnerabilities because it fails to properly sanitize user-supplied input. Exploiting these issues may allow an unauthorized user to view files and execute local scripts. WordPress Plugin PictPress version 0.91 is vulnerable; other versions may also be affected.

• Update to the latest version

• • http://www.securityfocus.com/bid/26743/exploit
  • http://www.exploit-db.com/exploits/4695/
  • http://packetstormsecurity.com/files/view/61555/wppict-disclose.txt
  • http://secunia.com/advisories/27962/

• 

• CVE-2007-6369

• CWE-22

• CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

• Missing Update File Inclusion

• WordPress Plugin Pym.js Embeds Cross-Site Scripting (1.3.2)
• WordPress Plugin WPMovieLibrary Multiple Cross-Site Scripting Vulnerabilities (2.1.4.1)
• WordPress Plugin Stealth Login Page Unspecified Vulnerability (1.1.3)
• Drupal Core 6.x Multiple Vulnerabilities (6.0 - 6.26)
• WordPress Plugin Ninja Forms-The Easy and Powerful Forms Builder Cross-Site Scripting (3.3.17)