- WordPress Plugin WP-Lytebox is prone to a vulnerability which can be exploited by malicious people to disclose sensitive information. Input passed to the "pg" parameter in wp-lytebox/main.php is not properly verified before being used to include files. This can be exploited to include arbitrary files from local resources via directory traversal attacks. WordPress Plugin WP-Lytebox version 1.3 is vulnerable; other versions may also be affected.
- Edit the source code to ensure that input is properly verified or disable the plugin until a fix is available
- WordPress Plugin Wordfence Security-Firewall & Malware Scan Multiple Vulnerabilities (7.1.12)
- WordPress 4.8.x Multiple Vulnerabilities (4.8 - 4.8.7)
- WordPress Plugin WC Marketplace Unspecified Vulnerability (2.1.2)
- WordPress Plugin CWIS-Antivirus Security Scanner Unspecified Vulnerability (2.3.2)
- WordPress Plugin DSubscribers SQL Injection (1.2)