- WordPress Plugin Service Finder-Provider and Business Listing is prone to a local file disclosure vulnerability because it fails to adequately validate user-supplied input. Exploiting this vulnerability could allow an attacker to obtain potentially sensitive information from local files on computers running the vulnerable application; this may aid in further attacks. WordPress Plugin Service Finder-Provider and Business Listing version 3.0 is vulnerable; prior versions may also be affected.
- Update to plugin version 3.2 or latest
- WordPress Plugin Images Lazyload and Slideshow Cross-Site Scripting (3.2)
- WordPress Plugin CMS Tree Page View Cross-Site Scripting (1.2.31)
- WordPress Plugin dwnldr Cross-Site Scripting (1.0)
- WordPress Plugin WP with Spritz Local/Remote File Inclusion (1.0)
- WordPress Plugin Olevmedia Shortcodes Cross-Site Scripting (1.1.8)