- WordPress Plugin Ultimate Member-User Profile & Membership is prone to a local file inclusion vulnerability because it fails to sufficiently verify user-supplied input. Exploiting this issue may allow an attacker to obtain sensitive information that could aid in further attacks. WordPress Plugin Ultimate Member-User Profile & Membership version 1.3.64 is vulnerable; prior versions may also be affected.
- Update to plugin version 1.3.65 or latest
- WordPress Plugin Tera Charts Cross-Site Scripting (1.0)
- WordPress Plugin WP Symposium Cross-Site Scripting (13.02)
- WordPress Plugin S3 Video Cross-Site Scripting (0.982)
- WordPress Plugin Ninja Forms-The Easy and Powerful Forms Builder Multiple Cross-Site Scripting Vulnerabilities (2.9.21)
- Apache version older than 1.3.39