Apache Tomcat default installation contains the "/examples" directory which has many example servlets and JSPs.
Some of these examples are a security risk and should not be deployed on a production server.
The Sessions Example servlet (installed at /examples/servlets/servlet/SessionExample) allows session manipulation. Because the session is global this servlet poses a big security risk as an attacker can potentitally become an administrator by manipulating its session.
Disable public access to the examples directory.
WordPress Plugin NEX-Forms-The Ultimate WordPress Form Builder Security Bypass (7.8.7)
WordPress Plugin Toolset Types-Custom Post Types, Custom Fields and Taxonomies Privilege Escalation (2.3.3)
WordPress Plugin SendPress Newsletters Security Bypass (220.127.116.11)
WordPress Plugin Pctags-Pinterest conversion tags for Pinterest Ads (advertising) + Event tracking + Site verification + WooCommerce Security Bypass (1.0.1)