• WordPress Plugin Simply Static is prone to a vulnerability that lets attackers download arbitrary files because the application fails to sufficiently verify user-supplied input. This may allow an attacker to gain access to sensitive information, which may aid in launching further attacks. WordPress Plugin Simply Static version 1.6.2 is vulnerable; prior versions may also be affected.

• Update to plugin version 1.6.3 or latest

• • https://www.pluginvulnerabilities.com/2016/10/11/vulnerability-details-arbitrary-file-viewing-vulnerability-in-simply-static/
  • https://wordpress.org/plugins/simply-static/changelog/

• 

• CWE-22

• Missing Update Information Disclosure

• WordPress Plugin Backlink Rechecker Multiple Cross-Site Scripting Vulnerabilities (1.2.1)
• WordPress Plugin GD bbPress Attachments Cross-Site Scripting (2.5)
• WordPress Plugin MiniMax-Page Layout Builder Cross-Site Scripting (1.3.4)
• WordPress Plugin WassUp Real Time Analytics Unspecified Vulnerability (1.7.2)
• WordPress Plugin Two-Factor Authentication-Clockwork SMS Cross-Site Scripting (1.0.3)