Application: WordPress
Affected Version: version 2.00 and other versions.
Vendor’s URL: GRAND FlAGallery Plugin
Bug Type: SQL Injection, System Access
Risk Level: Critical
Solution:
No official solution is currently available.
Access Bypass, Content Management, SQL Injection
Application: Tiki Wiki CMS/Groupware
Affected Version: versions prior to 6.8 and 9.2.
Vendor’s URL: Tiki Wiki CMS/Groupware
Bug Type: Code Execution
Risk Level: Critical
Solution:
Update to version 6.8 or 9.2.
Content Management, Remote Command Execution
Application: WordPress
Affected Version: version 33.5 and prior versions.
Vendor’s URL: Poll Plugin
Bug Type: SQL Injection
Risk Level: Critical
Solution:
Update to version 33.6.
Content Management, SQL Injection
Application: WordPress
Affected Version: version 2.05.01 and other versions.
Vendor’s URL: FireStorm Professional Real Estate Plugin
Bug Type: SQL Injection
Risk Level: Critical
Solution:
Update to version 2.06.03
Content Management, SQL Injection
Application: Joomla!
Affected Version: version 3.1 and prior versions.
Vendor’s URL: Commedia Component
Bug Type: SQL Injection
Risk Level: Critical
Solution:
Update to version 3.2.
Content Management, SQL Injection
Application: WordPress
Affected Version: version 1.4.2 and other versions.
Vendor’s URL: Cimy User Manager Plugin
Bug Type: File Disclosure
Risk Level: Critical
Solution:
No official solution is currently available.
Content Management, Information Disclosure
Application: WordPress
Affected Version: version 2.1.5 and other versions.
Vendor’s URL: UnGallery Plugin
Bug Type: System access
Risk Level: Critical
Solution:
Update to version 2.1.6 or later.
Access Bypass, Content Management
Application: Magento
Affected Version: versions 2.0.0 and prior.
Vendor’s URL: Unirgy uStoreLocator Extension
Bug Type: SQL Injection
Risk Level: Critical
Solution:
Update to version 2.0.1 or later.
E-Commerce, SQL Injection
Application: Joomla!
Affected Version: version 1.9.1.1400 and other versions.
Vendor’s URL: Freestyle Support Component
Bug Type: SQL Injection
Risk Level: Critical
Solution:
Update to version 1.9.2.1484.
Content Management, SQL Injection
Application: WordPress
Affected Version: version 0.1.
Vendor’s URL: Download Shortcode Plugin
Bug Type: File Disclosure
Risk Level: Critical
Solution:
Update to version 0.2.1.
Content Management, Information Disclosure
Application: PBBoard
Affected Version: version 3.0 and other versions.
Vendor’s URL: PBBoard
Bug Type: SQL Injection
Risk Level: Critical
Solution:
No official solution is currently available.
Discussion Boards, SQL Injection
Application: WordPress
Affected Version: version 1.12.1 and prior versions.
Vendor’s URL: Crayon Syntax Highlighter Plugin
Bug Type: File Inclusion
Risk Level: Critical
Solution:
Update to version 1.13.
Content Management, File Inclusion
Application: WordPress
Affected Version: version 0.1.
Vendor’s URL: eShop Magic Plugin
Bug Type: File Disclosure
Risk Level: Critical
Solution:
Update to version 0.2.
Content Management, Information Disclosure
Application: Drupal
Affected Version: 6.x-1.x versions prior to 6.x-1.2.
Vendor’s URL: Basic webmail Module
Bug Type: Cross Site Scripting
Risk Level: Critical
Solution:
Update to version 6.x-1.2.
Content Management, Cross Site Scripting
Application: Joomla!
Affected Version: version 1.0.2 and prior versions.
Vendor’s URL: AceFTP Component
Bug Type:
Risk Level: Critical
Solution:
Upgrade to version 2.0.0.
Content Management
Application: WordPress
Affected Version: versions prior to 1.4.0.
Vendor’s URL: Pinterest “Pin It” Button Lite Plugin
Bug Type: -
Risk Level: Critical
Solution:
Update to version 1.4.0.
Content Management
Application: WordPress
Affected Version: versions 1.0.1 and other versions.
Vendor’s URL: Spider Calendar Plugin
Bug Type: #1 Cross Site Scripting and #2 SQL Injection
Risk Level: Critical
Solution:
Update to version 1.1.0, which fixes vulnerability #2. No official solution is currently available for vulnerability #1.
Content Management, Cross Site Scripting, SQL Injection
Application: Joomla!
Affected Version: versions prior to 1.1.0.
Vendor’s URL: MijoFTP Component
Bug Type: System Access
Risk Level: Critical
Solution:
Update to version 1.1.0.
Access Bypass, Content Management