Application: Joomla!
Affected Version: version 2.0 and other version
Vendor’s URL: BookLibrary Component
Bug Type: SQL Injection
Risk Level: Critical
Solution:
The vendor has released an updated version 2.0, which fixes the vulnerability.
Content Management, SQL Injection
Application: WordPress
Affected Version: version 0.5.2 and other versions.
Vendor’s URL: PHP Speedy Plugin
Bug Type: Cross-Site Scripting and Remote File Inclusion
Risk Level: Critical
Solution:
Edit the source code to ensure that input is properly sanitised and verified.
Content Management, Cross Site Scripting, SQL Injection
Application: WordPress
Affected Version: version 1.5.2 and other versions
Vendor’s URL: BackWPup Plugin
Bug Type: File Inclusion
Risk Level: Critical
Solution:
Edit the source code to ensure that input is properly verified.
Content Management, File Inclusion
Application: WordPress
Affected Version: version 1.7.8 and other versions.
Vendor’s URL: WP Forum
Bug Type: SQL Injection
Risk Level: Critical
Solution:
Edit the source code to ensure that input is properly sanitised.
Content Management, SQL Injection
Application: Joomla!
Affected Version: versions 3.0.4 and 2.2 and other versions.
Vendor’s URL: XCloner Component
Bug Type: File Inclusion
Risk Level: Critical
Solution:
Edit the source code to ensure that input is properly verified.
Content Management, File Inclusion
Application: Joomla!
Affected Version: from February 21st, 2011 to February 23rd, 2011 in version 1.2.10.
Vendor’s URL: Xmap Component
Bug Type: Packages compromise
Risk Level: Critical
Solution:
Updated to a fixed version 1.2.10 or later.
Content Management
Application: WordPress
Affected Version: version 1.0 and other versions.
Vendor’s URL: jQuery Mega Menu Widget Plugin
Bug Type: File Disclosure
Risk Level: Critical
Solution:
Update to version 1.1.
Content Management, Information Disclosure
Application: WordPress
Affected Version: version 2.2.1 and other version
Vendor’s URL: OPS Old Post Spinner Plugin
Bug Type: File Disclosure
Risk Level: Critical
Solution:
Edit the source code to ensure that input is properly verified.
Content Management, Information Disclosure
Application: WordPress
Affected Version: version 3.0.1
Vendor’s URL: IWantOneButton Plugin
Bug Type: Cross-Site Scripting and SQL Injection
Risk Level: Critical
Solution:
Edit the source code to ensure that input is properly sanitised.
Content Management, Cross Site Scripting, SQL Injection