- WordPress Plugin Spicy Blogroll is prone to a local file include vulnerability because it fails to sufficiently sanitize user-supplied input. An attacker can exploit this vulnerability to view files and execute local scripts in the context of the web server process; this may aid in launching further attacks. WordPress Plugin Spicy Blogroll version 1.0.0 is vulnerable; other versions may also be affected.
- Edit the source code to ensure that input is properly sanitised or disable the plugin until a fix is available
- WordPress Plugin User Control SQL Injection (2.1.0)
- WordPress Plugin PIKLIST-Rapid development framework Cross-Site Scripting (0.9.4.25)
- WordPress Plugin Users Ultra Membership Multiple Vulnerabilities (1.5.62)
- WordPress Plugin Jetpack by WordPress.com Cross-Site Scripting (6.4.2)
- WordPress Plugin WP Custom Pages 'url' Parameter Local File Disclosure (0.5.0.1)