Description
WordPress Plugin Ruben Boelinger wordTube is prone to multiple remote file include vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues may allow an attacker to compromise the application and the underlying system; other attacks are also possible. WordPress Plugin Ruben Boelinger wordTube version 1.43 is vulnerable; other versions may also be affected.
Remediation
Update to plugin version 1.44 or latest
References
http://www.securityfocus.com/bid/23737/exploit
http://www.securityfocus.com/archive/1/467362
Related Vulnerabilities
Drupal Core 4.7.x Multiple Cross-Site Scripting Vulnerabilities (4.7.0 - 4.7.6)
WordPress Plugin Google Maps CP Cross-Site Scripting (1.0.3)
Joomla! Core Multiple Vulnerabilities (2.5.0 - 3.8.12)
WordPress Plugin WatchMan-Site7 Cross-Site Request Forgery (3.0.2)
WordPress Plugin No Page Comment Multiple Vulnerabilities (1.1)