Application: WordPress
Affected Version: version 3.8.6 and other versions.
Vendor’s URL: WP e-Commerce Plugin
Bug Type: SQL Injection
Risk Level: Critical
Solution:
Update to version 3.8.6.1.
Content Management, E-Commerce, SQL Injection
Application: WordPress
Affected Version: version 1.8.8 and other versions.
Vendor’s URL: Auctions Plugin
Bug Type: SQL Injection
Risk Level: Critical
Solution:
Edit the source code to ensure that input is properly sanitised.
Content Management, SQL Injection
Application: WordPress
Affected Version: version 1.8 and other versions.
Vendor’s URL: WP Easy Stats Plugin
Bug Type: File Inclusion
Risk Level: Critical
Solution:
Edit the source code to ensure that input is properly verified.
Content Management, File Inclusion
Application: WordPress
Affected Version: version 0.1 and other versions.
Vendor’s URL: Filedownload Plugin
Bug Type: File Disclosure
Risk Level: Critical
Solution:
Edit the source code to ensure that input is properly verified.
Content Management, Information Disclosure
Application: Ayco Resim Galeri
Affected Version:
Vendor’s URL: Ayco Resim Galeri
Bug Type: SQL Injection
Risk Level: Critical
Solution:
Edit the source code to ensure that input is properly sanitised.
Image Galleries, SQL Injection
Application: WordPress
Affected Version: version 2.17 and prior versions.
Vendor’s URL: Count Per Day Plugin
Bug Type: SQL Injection
Risk Level: Critical
Solution:
Upgrade to version 3.0.
Content Management, SQL Injection
Application: WordPress
Affected Version: version 2.2.0 and prior versions.
Vendor’s URL: Zingiri Web Shop Plugin
Bug Type: File Inclusion
Risk Level: Critical
Solution:
Update to version 2.2.1.
Content Management, File Inclusion
Application: ImpressPages CMS
Affected Version: version 1.0.12 and prior versions.
Vendor’s URL: ImpressPages CMS
Bug Type: Code Execution
Risk Level: Critical
Solution:
Update to version 1.0.13.
Content Management, Remote Command Execution
Application: WordPress
Affected Version: version 1.0.3 and prior versions.
Vendor’s URL: Adsense Extreme Plugin
Bug Type: File Inclusion
Risk Level: Critical
Solution:
Update to version 1.0.4.
Content Management, File Inclusion
Application: WordPress
Affected Version: version 1.2.0.0 and other versions.
Vendor’s URL: Annonces Plugin
Bug Type: File Inclusion
Risk Level: Critical
Solution:
Edit the source code to ensure that input is properly verified.
Content Management, File Inclusion
Application: OpenCart
Affected Version: version 1.5.1.1 and prior versions.
Vendor’s URL: OpenCart
Bug Type: File Overwrite
Risk Level: Critical
Solution:
Update to version 1.5.1.2.
E-Commerce, File Inclusion
Application: WordPress
Affected Version: versions prior to 110812.
Vendor’s URL: s2Member Plugin
Bug Type: File Disclosure
Risk Level: Critical
Solution:
Update to version 110812 or later.
Content Management, Information Disclosure
Application: WordPress
Affected Version: version 1.36 and other versions.
Vendor’s URL: Mini Mail Dashboard Widget Plugin
Bug Type: File Inclusion
Risk Level: Critical
Solution:
Update to version 1.37.
Content Management, File Inclusion
Application: WordPress
Affected Version: version 1.7 and other versions.
Vendor’s URL: WP Forum Server Plugin
Bug Type: SQL Injection
Risk Level: Critical
Solution:
Edit the source code to ensure that input is properly sanitised.
Content Management, SQL Injection
Application: WordPress
Affected Version: version 0.61 and prior versions.
Vendor’s URL: Easy Comment Uploads Plugin
Bug Type: File Upload
Risk Level: Critical
Solution:
Update to version 0.70 or later.
Content Management, File Inclusion
Application: WordPress
Affected Version: version 0.2.9 and prior versions.
Vendor’s URL: WP-Filebase Plugin
Bug Type: SQL Injection
Risk Level: Critical
Solution:
Update to version 0.2.9.1.
Content Management, SQL Injection
Application: WordPress
Affected Version: version 1.5.6 and prior versions.
Vendor’s URL: 1 Flash Gallery Plugin
Bug Type: File Upload
Risk Level: Critical
Solution:
Update to version 1.5.8.
Content Management, File Inclusion
Application: WordPress
Affected Version: version 1.2.2 and other versions.
Vendor’s URL: Community Events Plugin
Bug Type: Cross-Site Scripting and SQL Injection
Risk Level: Critical
Solution:
Edit the source code to ensure that input is properly sanitised.
Content Management, Cross Site Scripting, SQL Injection
Application: WordPress
Affected Version: version 0.55 and prior versions.
Vendor’s URL: wpcu3er Plugin
Bug Type: File Upload
Risk Level: Critical
Solution:
Update to version 0.56 or later.
Content Management, File Inclusion
Application: WordPress
Affected Version: version 2.0 and other versions.
Vendor’s URL: KNR Author List Plugin
Bug Type: SQL Injection
Risk Level: Critical
Solution:
Edit the source code to ensure that input is properly sanitised.
Content Management, SQL Injection