- WordPress Plugin Simple Login Log is prone to multiple vulnerabilities, including cross-site scripting and SQL injection vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, to steal cookie-based authentication credentials, to compromise the application, access or modify data or to exploit vulnerabilities in the underlying database. WordPress Plugin Simple Login Log version 0.9.3 is vulnerable; prior versions may also be affected.
- Update to plugin version 0.9.4 or latest
- WordPress Plugin Latest Posts by BestWebSoft Cross-Site Scripting (0.2)
- WordPress Plugin Custom Login Cross-Site Scripting (3.2)
- WordPress Plugin Injectbody Spam Injection (All)
- Joomla! Core 3.3.x Security Bypass (3.3.0 - 3.3.3)
- WordPress Plugin Omni Secure Files 'upload.php' Arbitrary File Upload (0.1.13)