• WordPress Plugin WordPress Ad Widget is prone to a local file inclusion vulnerability because it fails to sufficiently verify user-supplied input. Exploiting this issue may allow an attacker to obtain sensitive information that could aid in further attacks. WordPress Plugin WordPress Ad Widget version 2.11.0 is vulnerable; prior versions may also be affected.

• Update to plugin version 2.12.0 or latest

• • http://seclists.org/fulldisclosure/2017/Oct/17
  • https://packetstormsecurity.com/files/144553/WordPress-Ad-Widget-2.10.0-Local-File-Inclusion.html
  • https://plugins.trac.wordpress.org/changeset/1628751/ad-widget

• 

• CWE-22

• Missing Update File Inclusion

• WordPress Plugin AdRotate 'title' Parameter Multiple Cross-Site Scripting Vulnerabilities (3.7.3.5)
• Joomla! Core Multiple Vulnerabilities (1.5.0 - 3.8.11)
• WordPress Plugin FoxyPress 'uploadify.php' Arbitrary File Upload (0.4.2.1)
• WordPress Plugin BuddyBoss Media Cross-Site Scripting (3.0.3)
• WordPress Plugin Cherry Multiple Vulnerabilities (1.2.6)