- WordPress Plugin WP Forum Server is prone to an SQL injection vulnerability and a cross-site scripting vulnerability. Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. WordPress Plugin WP Forum Server version 1.7.3 is vulnerable; prior versions may also be affected.
- Update to plugin version 1.7.5 or latest
CVE-2012-6622 CVE-2012-6623 CVE-2012-6625
- WordPress Plugin Hellodialog Unspecified Vulnerability (1.0.2)
- Drupal Core 6.x Security Bypass (6.0 - 6.35)
- WordPress Plugin JS MultiHotel Cross-Site Scripting (2.2.1)
- WordPress Plugin Tinymce Thumbnail Gallery 'href' Parameter Information Disclosure (1.0.7)
- Drupal Core 6.x Multiple Vulnerabilities (6.0 - 6.17)