Application: Joomla!
Affected Version: versions prior to 7.9.1.
Vendor’s URL: jNews Component Open Flash Chart
Bug Type: System Bypass
Risk Level: Critical
Solution:
Update to version 7.9.1.
Access Bypass, Content Management
Application: WordPress
Affected Version: version 1.0
Vendor’s URL: vTiger CRM Lead Capture Plugin
Bug Type:
Risk Level: Critical
Solution:
Update to version 1.1.0.
Content Management
Application: DotNetNuke
Affected Version: versions prior to 6.2.5.
Vendor’s URL: DotNetNuke
Bug Type: Security Bypass, Cross Site Scripting
Risk Level:
Solution:
Update to version 6.2.5.
Access Bypass, Content Management, Cross Site Scripting
Application: Drupal
Affected Version: 6.x-1.x versions prior to 6.x-1.4 and 7.x-1.x versions prior to 7.x-1.4.
Vendor’s URL: User Read-Only Module
Bug Type: Security Bypass
Risk Level: Critical
Solution:
Update to a fixed version.
Access Bypass, Content Management
Application: WordPress
Affected Version: version 3.5.1 and prior versions.
Vendor’s URL: Advanced Custom Fields Plugin
Bug Type: File Inclusion
Risk Level: Critical
Solution:
Update to version 3.5.2.
Content Management, File Inclusion
Application: Moodle
Affected Version: versions prior to 2.3.3, 2.2.6, and 2.1.9.
Vendor’s URL: Moodle
Bug Type: Security Bypass, Cross Site Scripting, SQL Injection
Risk Level: Critical
Solution:
Update to version 2.3.3, 2.2.6, or 2.1.9.
Access Bypass, Content Management, Cross Site Scripting, SQL Injection
Application: WordPress
Affected Version: version 0.2.9.24 and prior versions.
Vendor’s URL: WP-Filebase Plugin
Bug Type: -
Risk Level: Critical
Solution:
Update to version 0.2.9.25.
Content Management
Application: Eventy
Affected Version: version 1.8 and other versions.
Vendor’s URL: Eventy
Bug Type: Cross-Site Scripting and SQL Injection
Risk Level: Critical
Solution:
No official solution is currently available.
Content Management, Cross Site Scripting, SQL Injection
Application: PrestaShop
Affected Version: version 1.5.1 and prior versions.
Vendor’s URL: PrestaShop
Bug Type: Cross Site Scripting
Risk Level: Critical
Solution:
Update to version 1.5.2.
Cross Site Scripting, E-Commerce
Application: WordPress
Affected Version: version 1.1 and other versions.
Vendor’s URL: Hitasoft FLV Player Plugin
Bug Type: SQL Injection
Risk Level: Critical
Solution:
No official solution is currently available.
Content Management, SQL Injection
Application: WordPress
Affected Version: version 1.1 and other versions.
Vendor’s URL: AJAX Post Search Plugin
Bug Type: SQL Injection
Risk Level: Critical
Solution:
Update to version 1.3.
Content Management, SQL Injection
Application: WordPress
Affected Version: version 1.1 published prior to 2012-11-02 and prior versions.
Vendor’s URL: All Video Gallery Plugin
Bug Type: SQL Injection
Risk Level: Critical
Solution:
Update to version 1.1 published after 2012-11-01.
Content Management, SQL Injection
Application: WordPress
Affected Version: version 1.1 and other versions.
Vendor’s URL: Spider Catalog Plugin
Bug Type: Cross Site Scripting
Risk Level: Critical
Solution:
No official solution is currently available.
Content Management, Cross Site Scripting
Application: MyBB
Affected Version: version 1.5 and other versions.
Vendor’s URL: Follower User Plugin
Bug Type: SQL Injection
Risk Level: Critical
Solution:
No official solution is currently available.
Discussion Boards, SQL Injection
Application: Joomla!
Affected Version: version 1.1 and other versions.
Vendor’s URL: Spider Catalog Component
Bug Type: SQL Injection
Risk Level: Critical
Solution:
No official solution is currently available.
Content Management, SQL Injection
Application: Plone
Affected Version: Plone 2.x, 3.x, 4.x.
Vendor’s URL: Plone
Bug Type: Security Bypass, Cross Site Scripting, DOS, Brute force, System Access
Risk Level: Critical
Solution:
Apply patches.
Access Bypass, Content Management, Cross Site Scripting, Denial Of Service