Application: WordPress
Affected Version: version 3.8.6 and prior versions.
Vendor’s URL: WordFence Plugin
Bug Type: Cross Site Scripting
Risk Level: Critical

Solution:
Update to version 3.8.7.

Content Management, Cross Site Scripting

Application: Joomla!
Affected Version: version 1.0.8 and prior versions.
Vendor’s URL: Sexy Polling Component
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Update to version 1.0.9.

Content Management, SQL Injection

Application: Drupal
Affected Version: 6.x versions prior to 6.30 and 7.x versions prior to 7.26.
Vendor’s URL: Drupal
Bug Type: Security Bypass
Risk Level: Critical

Solution:
Update to a fixed version.

Access Bypass, Content Management

Application: Drupal
Affected Version: versions 7.x-1.2 and 7.x-1.3.
Vendor’s URL: Anonymous Posting Module
Bug Type: Cross Site Scripting
Risk Level: Critical

Solution:
Update to version 7.x-1.4.

Content Management, Cross Site Scripting

Application: WordPress
Affected Version: version 1.0.
Vendor’s URL: Let Them Unsubscribe Plugin
Bug Type: -
Risk Level: Critical

Solution:
Update to version 1.1.

Content Management

Application: InstantCMS
Affected Version: versions 1.10.3 and prior.
Vendor’s URL: InstantCMS
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Apply patch.

Content Management, SQL Injection

Application: WordPress
Affected Version: version 1.3 and other versions.
Vendor’s URL: FormCraft Plugin
Bug Type: SQL Injection
Risk Level: Critical

Solution:
No official solution is currently available.

Content Management, SQL Injection

Application: WordPress
Affected Version: version 2.5.8 and other versions.
Vendor’s URL: Download Manager Plugin
Bug Type: Cross Site Scripting
Risk Level: Critical

Solution:
No official solution is currently available.

Content Management, Cross Site Scripting

Application: WordPress
Affected Version:
Vendor’s URL: Blooog Theme jPlayer
Bug Type: Cross-Site Scripting
Risk Level: Critical

Solution:
No official solution is currently available.

Content Management, Cross Site Scripting

Application: CMS Made Simple
Affected Version: version 1.11.9 and other versions.
Vendor’s URL: CMS Made Simple
Bug Type: Cross Site Scripting
Risk Level: Critical

Solution:
No official solution is currently available.

Content Management, Cross Site Scripting

Application: WordPress
Affected Version: version 2.2.1 and other versions
Vendor’s URL: JS Hotel Plugin
Bug Type: Cross-Site Scripting
Risk Level: Critical

Solution:
No official solution is currently available.

Content Management, Cross Site Scripting

Application: WordPress
Affected Version: versions prior to 0.983.
Vendor’s URL: S3 Video Plugin
Bug Type: Cross-Site Scripting
Risk Level: Critical

Solution:
Update to version 0.983.

Content Management, Cross Site Scripting

Application: WordPress
Affected Version: versions prior to 1.9.2.
Vendor’s URL: Broken Link Checker Plugin
Bug Type: Cross-Site Scripting
Risk Level: Critical

Solution:
Update to version 1.9.2.

Content Management, Cross Site Scripting

Application: WordPress
Affected Version: versions prior to 1.6.
Vendor’s URL: OptimizePress Plugin
Bug Type: File Upload
Risk Level: Critical

Solution:
Update to version 1.6.

Content Management, File Inclusion

Application: WordPress
Affected Version: version 1.2 and other versions.
Vendor’s URL: Advanced Dewplayer Plugin
Bug Type: Access Bypass
Risk Level: Critical

Solution:
No official solution is currently available.

Access Bypass, Content Management

Application: MyBB
Affected Version: versions prior to 1.6.12.
Vendor’s URL: MyBB
Bug Type: Cross-Site Scripting and SQL Injection
Risk Level: Critical

Solution:
Update to version 1.6.12.

Cross Site Scripting, Discussion Boards, SQL Injection

Application: WordPress
Affected Version: version 2.0.2 and other versions.
Vendor’s URL: Recommend to a friend Plugin
Bug Type: Cross-Site Scripting
Risk Level: Critical

Solution:
No official solution is currently available.

Content Management, Cross Site Scripting

Application: Joomla!
Affected Version: versions prior to 3.0.11.
Vendor’s URL: Projectfork Component
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Update to version 3.0.11.

Content Management, SQL Injection

Application: WordPress
Affected Version: version 0.4.3 and prior version
Vendor’s URL: FunCaptcha Plugin
Bug Type: Cross-Site Scripting
Risk Level: Medium

Solution:
Update to version 0.4.4.

Content Management, Cross Site Scripting

Application: Drupal
Affected Version: versions prior to 7.x-1.12.
Vendor’s URL: EU Cookie Compliance Module
Bug Type: Cross Site Scripting
Risk Level: Medium

Solution:
Update to version 7.x-1.12.

Content Management, Cross Site Scripting