Application: WordPress
Affected Version: version 2.0.7 and other versions.
Vendor’s URL: WP-RecentComments Plugin
Bug Type: SQL Injection
Risk Level: Critical
Solution:
Edit the source code to ensure that input is properly sanitised.
Content Management, SQL Injection
Application: Drupal
Affected Version: versions prior to 6.23 and versions prior to 7.11.
Vendor’s URL: Drupal
Bug Type: Security Bypass
Risk Level: Critical
Solution:
Update to the latest version.
Access Bypass, Content Management
Application: WordPress
Affected Version: version 1.1.4 and prior versions.
Vendor’s URL: Magn Drag and Drop Upload Plugin
Bug Type: File Upload
Risk Level: Critical
Solution:
Update to version 1.2.0.
Content Management, File Inclusion
Application: Joomla!
Affected Version: version 2.7.13a and other versions.
Vendor’s URL: DT Register Component
Bug Type: SQL Injection
Risk Level: Critical
Solution:
Filter malicious characters and character sequences using a proxy.
Content Management, SQL Injection
Application: WordPress
Affected Version: version 3.2 and other versions.
Vendor’s URL: SB Uploader Plugin
Bug Type: File Upload
Risk Level: Critical
Solution:
Edit the source code to ensure that input is properly verified.
Content Management, File Inclusion
Application: WordPress
Affected Version: version 2.0.5 and other versions.
Vendor’s URL: Absolute Privacy Plugin
Bug Type: Security Bypass
Risk Level: Critical
Solution:
Edit the source code to ensure that input is properly verified.
Access Bypass, Content Management
Application: Drupal
Affected Version: versions prior to 7.x-1.2.
Vendor’s URL: Faster Permissions Module
Bug Type: Security Bypass
Risk Level:
Solution:
Update to version 7.x-1.2.
Access Bypass, Content Management
Application: WordPress
Affected Version: version 0.14 and prior versions.
Vendor’s URL: Relocate Upload Plugin
Bug Type: File Inclusion
Risk Level: Critical
Solution:
Update to version 0.20.
Content Management, File Inclusion
Application: Drupal
Affected Version: versions 7.x-1.6 and prior.
Vendor’s URL: Finder Module
Bug Type: Cross Site Scripting and system bypass
Risk Level: Critical
Solution:
The script insertion vulnerabilities are fixed in version 7.x-2.0-alpha8. Edit the source code to ensure that input is properly sanitised.
Access Bypass, Content Management, Cross Site Scripting
Application: ImpressCMS
Affected Version: version 1.3 Final and prior versions.
Vendor’s URL: ImpressCMS
Bug Type: Cross Site Scripting
Risk Level: Critical
Solution:
Update to version 1.2.7 Final or 1.3.1 Final.
Content Management, Cross Site Scripting
Application: Joomla!
Affected Version: version 1.3.5 and other versions.
Vendor’s URL: Simple File Upload Module
Bug Type: File Upload
Risk Level: Critical
Solution:
Restrict access to the upload folder (e.g. via .htaccess).
Content Management, File Inclusion
Application: Joomla!
Affected Version: version 1.9.3 and other versions.
Vendor’s URL: JE Story Submit Component
Bug Type: File Upload
Risk Level: Critical
Solution:
Restrict access to the upload folder (e.g. via .htaccess).
Content Management, File Inclusion
Application: WordPress
Affected Version: version 1.2 and other versions.
Vendor’s URL: Kish Guest Posting Plugin
Bug Type: File Upload
Risk Level: Critical
Solution:
Restrict access to wp-content/plugins/kish-guest-posting/uploadify/scripts/uploadify.php (e.g. via .htaccess).
Content Management, File Inclusion
Application: WordPress
Affected Version: version 0.7 and other versions
Vendor’s URL: Theme Tuner Plugin
Bug Type: File Inclusion
Risk Level: Critical
Solution:
Update to version 0.8.
Content Management, File Inclusion
Application: WordPress
Affected Version: version 1.1.8 and prior versions.
Vendor’s URL: AllWebMenus Plugin
Bug Type: File Upload
Risk Level: Critical
Solution:
Update to version 1.1.9.
Content Management, File Inclusion
Application: WordPress
Affected Version: versions prior to 3.8.7.6.
Vendor’s URL: WP e-Commerce
Bug Type: SQL Injection
Risk Level: Critical
Solution:
Update to version 3.8.7.6.
Content Management, SQL Injection
Application: WordPress
Affected Version: version 1.0.09 and other versions.
Vendor’s URL: uCan Post Plugin
Bug Type: Cross Site Scripting
Risk Level: Critical
Solution:
Edit the source code to ensure that input is properly sanitised.
Content Management, Cross Site Scripting
Application: WordPress
Affected Version: versions prior to 1.9.1.
Vendor’s URL: NextGEN Gallery Plugin
Bug Type: Input Sanitisation
Risk Level: Critical
Solution:
Update to version 1.9.1.
Content Management
Application: WordPress
Affected Version: version 1.0.8.1 and other versions.
Vendor’s URL: myEASYbackup Plugin
Bug Type: File Disclosure
Risk Level: Critical
Solution:
Update to version 1.0.9.
Content Management, Information Disclosure
Application: phpMyDirectory
Affected Version: version 1.3.3 and other versions.
Vendor’s URL: phpMyDirectory
Bug Type: SQL Injection
Risk Level: Critical
Solution:
Filter malicious characters and character sequences using a proxy.
General Purpose Directories, SQL Injection