Application: WordPress
Affected Version: version 1.3.3 and other versions.
Vendor’s URL: Frontier Post Plugin
Bug Type: Security Bypass
Risk Level: Critical

Solution:
The vendor has released a fix. However, the fix is not effective. No official solution is currently available.

Access Bypass, Content Management

Application: WordPress
Affected Version: version 1.4.7 and other versions.
Vendor’s URL: Spider Catalog Plugin
Bug Type: Cross-Site Scripting and SQL Injection
Risk Level: Critical

Solution:
No official solution is currently available.

Content Management, Cross Site Scripting, SQL Injection

Application: WordPress
Affected Version: versions prior to 2.0.
Vendor’s URL: SS Quiz Plugin
Bug Type: -
Risk Level: Critical

Solution:
Upgrade to version 2.0.

Content Management

Application: WordPress
Affected Version: versions 1.6 and 2.0 and other versions.
Vendor’s URL: Video Gallery Plugin
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Upgrade or update to version 2.1.

Content Management, SQL Injection

Application: WordPress
Affected Version: versions prior to 0.5.3.
Vendor’s URL: WP Print Friendly Plugin
Bug Type: Security Bypass
Risk Level: Critical

Solution:
Update to version 0.5.3.

Access Bypass, Content Management

Application: Joomla!
Affected Version: version 2.3.2 and other versions.
Vendor’s URL: DJ-Classifieds Component
Bug Type: SQL Injection
Risk Level: Critical

Solution:
No official solution is currently available.

Content Management, SQL Injection

Application: YaBB
Affected Version: version 2.5.2.
Vendor’s URL: YaBB
Bug Type: File Inclusion
Risk Level: Critical

Solution:
Fixed in the SVN repository.

Discussion Boards, File Inclusion

Application: WordPress
Affected Version: versions prior to 0.5.
Vendor’s URL: open-flash-chart-core Plugin
Bug Type: Access Bypass
Risk Level: Critical

Solution:
Update to version 0.5.

Access Bypass, Content Management

Application: MediaWiki
Affected Version: versions prior to 1.20.4 and 1.19.5.
Vendor’s URL: MediaWiki
Bug Type: System Access
Risk Level: Critical

Solution:
Update to version 1.20.4 or 1.19.5.

Access Bypass, Content Management

Application: WordPress
Affected Version: versions prior to 1.06.09.
Vendor’s URL: Formidable Pro Plugin
Bug Type: -
Risk Level: Critical

Solution:
Update to version 1.06.09.

Content Management

Application: phpVMS
Affected Version: version 2.0 and other versions.
Vendor’s URL: PopUpNews Module
Bug Type: SQL Injection
Risk Level: Critical

Solution:
No official solution is currently available.

Content Management, SQL Injection

Application: WordPress
Affected Version: version 1.0 and other versions.
Vendor’s URL: FAQs Manager Plugin
Bug Type: Cross Site Scripting
Risk Level: Critical

Solution:
No official solution is currently available.

Content Management, Cross Site Scripting

Application: Joomla!
Affected Version: version 1.0.0 Rev 11 and other versions.
Vendor’s URL: RSFiles! Component
Bug Type: SQL Injection
Risk Level: Critical

Solution:
No official solution is currently available.

Content Management, SQL Injection

Application: WordPress
Affected Version: version 3.8 and prior versions.
Vendor’s URL: LeagueManager Plugin
Bug Type: Security Bypass and SQL Injection
Risk Level: Critical

Solution:
Update to version 3.8.1.

Access Bypass, Content Management, SQL Injection

Application: WordPress
Affected Version: version 1.3.2 and other versions.
Vendor’s URL: MailUp Plugin
Bug Type: Security Bypass
Risk Level: Critical

Solution:
Update to version 1.3.3.

Access Bypass, Content Management

Application: WordPress
Affected Version: version 5.3.5 and prior versions.
Vendor’s URL: Events Manager Plugin
Bug Type: Cross Site Scripting
Risk Level: Critical

Solution:
Update to version 5.3.6.

Content Management, Cross Site Scripting

Application: WordPress
Affected Version: version 1.0.4 and other versions.
Vendor’s URL: Uploader Plugin
Bug Type: Cross-Site Scripting & File Upload
Risk Level: Critical

Solution:
No official solution is currently available.

Content Management, Cross Site Scripting, File Inclusion

Application: Joomla!
Affected Version: versions prior to 1.6.8.
Vendor’s URL: Virtuemart 2 Multiple Customfields Filter Module
Bug Type:
Risk Level: Critical

Solution:
Update to version 1.6.8.

Content Management

Application: WordPress
Affected Version: version 2.9.32 and other versions.
Vendor’s URL: Comment Rating Plugin
Bug Type: Security Bypass & SQL Injection
Risk Level: Critical

Solution:
No official solution is currently available.

Access Bypass, Content Management, SQL Injection

Application: CubeCart
Affected Version: version 5.2.0 and prior versions.
Vendor’s URL: CubeCart
Bug Type: Security Bypass
Risk Level: Critical

Solution:
Update to version 5.2.1.

Access Bypass, E-Commerce