WordPress Plugin WP-DBManager is prone to a vulnerability that lets attackers download arbitrary files because the application fails to sufficiently verify user-supplied input. An attacker can exploit this issue to download the 'wp-config.php' script. This may allow attacker to gain access to sensitive information, which may aid in launching further attacks. WordPress Plugin WP-DBManager version 2.60 is vulnerable; prior versions may also be affected.
Update to plugin version 2.61 or latest
WordPress Plugin Contact Form by WD-responsive drag & drop contact form builder tool Cross-Site Scripting (1.7.18)
WordPress Plugin Social Sharing-Sassy Social Share Cross-Site Scripting (3.3.39)
WordPress Plugin Wechat Broadcast Local/Remote File Inclusion (1.2.0)
WordPress Plugin NextScripts:Social Networks Auto-Poster Unspecified Vulnerability (4.3.2)
WordPress Plugin Last.fm Rotation Local File Inclusion (1.0)