• WordPress Plugin Posts in Page is prone to a local file inclusion vulnerability because it fails to sufficiently verify user-supplied input. Exploiting this issue may allow an attacker to obtain sensitive information that could aid in further attacks. WordPress Plugin Posts in Page version 1.2.4 is vulnerable; prior versions may also be affected.

• Update to plugin version 1.3.0 or latest

• • https://www.pluginvulnerabilities.com/2017/02/13/authenticated-local-file-inclusion-lfi-vulnerability-in-posts-in-page/
  • https://wordpress.org/plugins/posts-in-page/changelog/

• 

• CWE-22

• Missing Update File Inclusion

• WordPress Plugin Social Essentials-Social Stats and Sharing Buttons Cross-Site Scripting (1.3.1)
• WordPress Plugin WP Fastest Cache Cross-Site Scripting (0.8.5.5)
• WordPress Plugin Dean's FCKEditor with pwwang's code Arbitrary File Upload (1.0.0)
• Joomla! Core 1.5.x Multiple Vulnerabilities (1.5.0 - 1.5.3)
• Joomla! Core 2.5.x SQL Injection (2.5.0 - 2.5.1)