• WordPress Plugin Simple Ads Manager is prone to a local file inclusion vulnerability because it fails to sufficiently verify user-supplied input. Exploiting this issue may allow an attacker to obtain sensitive information that could aid in further attacks. WordPress Plugin Simple Ads Manager version 2.10.0.130 is vulnerable; prior versions may also be affected.

• Edit the source code to ensure that input is properly verified or disable the plugin until a fix is available

• • https://www.pluginvulnerabilities.com/2016/10/28/local-file-inclusion-lfi-vulnerability-in-simple-ads-manager/
  • http://portfob.ru/security-time/0day-exploit-for-wordpress-plugins-simple-ads-manager-sam-pro-lite-sam-pro-free-edition/

• 

• CWE-22

• Missing Update File Inclusion

• WordPress Plugin Skype Legacy Buttons Multiple Vulnerabilities (3.0.4)
• WordPress Plugin Facebook Button by BestWebSoft Cross-Site Request Forgery (2.13)
• WordPress Plugin Akeeba Backup CORE for WordPress Arbitrary File Upload (1.1.3)
• Apache Tomcat version older than 5.5.26
• WordPress Plugin Claptastic Clap! Button Multiple Cross-Site Scripting Vulnerabilities (1.3)