Application: WordPress
Affected Version: version 1.0.9 and other versions.
Vendor’s URL: Universal Post Manager Plugin
Bug Type: Cross Site Scripting and SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitised.

Content Management, Cross Site Scripting, SQL Injection

Application: WordPress
Affected Version: version 1.1 and other versions.
Vendor’s URL: WP-StarsRateBox Plugin
Bug Type: Cross-Site Scripting and SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitised.

Content Management, Cross Site Scripting, SQL Injection

Application: MyBB
Affected Version: version 1.6.2 and version 1.4.15 and other versions.
Vendor’s URL: MyBB
Bug Type: Information Disclosure and SQL Injection
Risk Level: Critical

Solution:
Update to version 1.6.3 or 1.4.16.

Discussion Boards, Information Disclosure, SQL Injection

Application: Joomla!
Affected Version: version 1.6.0 and 1.6.1 and other versions.
Vendor’s URL: Joomla!
Bug Type: Cross Site Scripting, Security Bypass, SQL Injection
Risk Level: Critical

Solution:
Update to version 1.6.2.

Access Bypass, Content Management, Cross Site Scripting, SQL Injection

Application: EZ-Shop
Affected Version: version 1.0.2 and other versions.
Vendor’s URL: EZ-Shop
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitised.

E-Commerce, SQL Injection

Application: PHP Album
Affected Version: version 0.4.1.14.fix06 and other versions.
Vendor’s URL: PHP Album
Bug Type: Cross Site Scripting and system access
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitised. Do not browse untrusted sites or follow untrusted links while being logged-in to the application.

Access Bypass, Cross Site Scripting, Image Galleries

Application: TinyBB
Affected Version: version 1.4 released before April 11th 2011.
Vendor’s URL: TinyBB
Bug Type: SQL Injection
Risk Level: Critical

Solution:
The vendor has released an updated version 1.4 on April 11th, 2011, which fixes the vulnerability.

Discussion Boards, SQL Injection

Application: vBulletin
Affected Version: all versions of vBulletin 4.X
Vendor’s URL: vBulletin
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Upgrade to the latest patch.

Content Management, SQL Injection

Application: WordPress
Affected Version: versions prior to 3.1.1.
Vendor’s URL: WordPress
Bug Type: Cross-Site Scripting and Denial of Service
Risk Level: Critical

Solution:
Update to version 3.1.1.

Content Management, Cross Site Scripting, Denial Of Service

Application: Joomla!
Affected Version: versions prior to 1.5.
Vendor’s URL: FLEXIcontent Component
Bug Type: Insecure Permissions and Command Injection
Risk Level:

Solution:
Update to version 1.5.

Content Management, Remote Command Execution

Application: WordPress
Affected Version: version 0.5.0.1 and other versions.
Vendor’s URL: WP Custom Pages
Bug Type: File Disclosure
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly verified.

Content Management, Information Disclosure

Application: Joomla!
Affected Version: versions prior to 1.3.
Vendor’s URL: Joomanager Component
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Update to version 1.3.

Content Management, SQL Injection