Application: WordPress
Affected Version: version 0.4.1 and other versions
Vendor’s URL: cdnvote Plugin
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitised.

Content Management, SQL Injection

Application: WordPress
Affected Version: version 2.9.23 and prior versions
Vendor’s URL: Comment Rating Plugin
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Update to version 2.9.24.

Content Management, SQL Injection

Application: Joomla!
Affected Version: versions prior to 1.5.7.7
Vendor’s URL: JCE Component
Bug Type: File Upload
Risk Level: Critical

Solution:
Update to version 1.5.7.7.

Content Management, File Inclusion

Application: Joomla!
Affected Version: versions prior to 1.0.1.
Vendor’s URL: People Component
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Update to version 1.0.1.

Content Management, SQL Injection

Application: Joomla!
Affected Version: version 1.6.2 and other version
Vendor’s URL: Kunena Component
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Update to version 1.6.3.

Content Management, SQL Injection

Application: WordPress
Affected Version: version 1.6.1 and other versions
Vendor’s URL: WP Forum Server Plugin
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitised.

Content Management, SQL Injection

Application: WordPress Enable Media Replace Plugin
Affected Version: version 2.3 and other versions.
Vendor’s URL: Enable Media Replace Plugin
Bug Type: SQL Injection and System Bypass
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitised. Grant the “Author” role to trusted users only.

Access Bypass, Content Management, SQL Injection

Application: Drupal
Affected Version: versions prior to 6.x-2.8.
Vendor’s URL: Droptor Module
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Update to version 6.x-2.8 or later.

Content Management, SQL Injection

Application: Serendipity
Affected Version: bundled version of Xinha.
Vendor’s URL: Serendipity Xinha
Bug Type: Cross-Site Scripting and File Upload
Risk Level: Critical

Solution:
Update to version 1.5.5.
Original Advisory

http://blog.s9y.org/archives/224-Important-Security-Update-Serendipity-1.5.5-released.html

Content Management, Cross Site Scripting, File Inclusion

Application: VirtueMart
Affected Version: version 1.1.6 and other versions.
Vendor’s URL: VirtueMart
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Apply patch.

E-Commerce, SQL Injection

Application: Simple Web Content Management System
Affected Version: version downloaded on 2011-02-01 and other versions.
Vendor’s URL: Simple Web Content Management System
Bug Type: Security Bypass and SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitised. Restrict access to admin/item_delete.php (e.g. via .htaccess).

Access Bypass, Content Management, SQL Injection

Application: Joomla!
Affected Version: version 3.4.1
Vendor’s URL: Frontend-User-Access
Bug Type: File Inclusion
Risk Level: Critical

Solution:
Update to version 3.4.2.

Content Management, File Inclusion