- WordPress Plugin User registration & user profile-Profile Builder is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently change the password of arbitrary users. WordPress Plugin User registration & user profile-Profile Builder version 1.1.59 is vulnerable; prior versions may also be affected.
- Update to plugin version 1.1.60 or latest
- WordPress Plugin WooCommerce Instamojo Cross-Site Scripting (0.0.6)
- WordPress Plugin Share Buttons Cross-Site Scripting (1.3.1)
- WordPress Plugin FireStats Multiple Cross-Site Scripting and Authentication Bypass Vulnerabilities (1.0.2)
- WordPress Plugin GigPress 'Notes' Field HTML Injection (2.1.10)
- WordPress Plugin Image Gallery-Responsive Photo Gallery Cross-Site Scripting (1.7.0)