• WordPress Plugin Theme Tuner is prone to a remote file include vulnerability because it fails to sufficiently sanitize user-supplied input. Exploiting this issue could allow an attacker to compromise the application and the underlying system; other attacks are also possible. WordPress Plugin Theme Tuner version 0.7 is vulnerable; prior versions may also be affected.

• Update to plugin version 0.8 or latest

• • http://spareclockcycles.org/2011/09/18/exploitring-the-wordpress-extension-repos/
  • http://secunia.com/advisories/47722/

• 

• CVE-2012-0934

• CWE-94

• CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

• Missing Update File Inclusion

• WordPress Plugin DS.DownloadList PHP Object Injection (1.2)
• WordPress 4.7.x Denial of Service Vulnerability (4.7 - 4.7.9)
• WordPress Plugin Real3D FlipBook Multiple Vulnerabilities (2.18.8)
• WordPress 4.6.x Denial of Service Vulnerability (4.6 - 4.6.10)
• WordPress Plugin MarketPress-WordPress eCommerce PHP Object Injection (3.2.6)