• WordPress Plugin WP Forum Server is prone to an SQL injection vulnerability and a cross-site scripting vulnerability. Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. WordPress Plugin WP Forum Server version 1.7.3 is vulnerable; prior versions may also be affected.

• Update to plugin version 1.7.5 or latest

• • http://www.securityfocus.com/bid/53530/exploit
  • http://packetstormsecurity.com/files/112703/WordPress-WP-Forum-Server-1.7.3-SQL-Injection-Cross-Site-Scripting.html
  • http://secunia.com/advisories/49167/
  • http://secunia.com/advisories/49155/

• 

• CVE-2012-6622

  CVE-2012-6623

  CVE-2012-6625

• CWE-79

  CWE-89

• CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N

• Missing Update SQL Injection XSS

• WordPress Plugin Hellodialog Unspecified Vulnerability (1.0.2)
• Drupal Core 6.x Security Bypass (6.0 - 6.35)
• WordPress Plugin JS MultiHotel Cross-Site Scripting (2.2.1)
• WordPress Plugin Tinymce Thumbnail Gallery 'href' Parameter Information Disclosure (1.0.7)
• Drupal Core 6.x Multiple Vulnerabilities (6.0 - 6.17)