• WordPress Plugin Theme My Login is prone to a local file inclusion vulnerability because it fails to sufficiently sanitize user-supplied input. Exploiting this issue may allow an attacker to obtain sensitive information that could aid in further attacks. WordPress Plugin Theme My Login version 6.3.9 is vulnerable; prior versions may also be affected.

• Update to plugin version 6.3.10 or latest

• • https://security.dxw.com/advisories/lfi-in-theme-my-login/
  • http://packetstormsecurity.com/files/127302/WordPress-Theme-My-Login-6.3.9-Local-File-Inclusion.html
  • http://seclists.org/fulldisclosure/2014/Jun/172
  • http://secunia.com/advisories/59620/
  • https://wordpress.org/plugins/theme-my-login/changelog/

• 

• CVE-2014-5155

• CWE-22

• CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

• Missing Update File Inclusion

• WordPress 'wp-admin/admin.php' Module Configuration Security Bypass Vulnerability (0.6.2 - 2.8)
• WordPress Plugin WP Live Chat Support Cross-Site Scripting (8.0.05)
• WordPress Plugin Supafolio Multiple Unspecified Vulnerabilities (2.1.0)
• WordPress Plugin GD Rating System Multiple Vulnerabilities (2.3)
• WordPress 4.6.x Denial of Service Vulnerability (4.6 - 4.6.10)