Application: WordPress
Affected Version: version 1.4 and other versions
Vendor’s URL: ReFlex Gallery Plugin
Bug Type: File Upload
Risk Level: Critical

Solution:
No official solution is currently available.

Content Management, File Inclusion

Application: WordPress
Affected Version: version 12.09 and other versions.
Vendor’s URL: WP Symposium Plugin
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Update to version 12.12.

Content Management, SQL Injection

Application: WordPress
Affected Version: version 0.9.3 and prior versions.
Vendor’s URL: Simple Login Log Plugin
Bug Type: Cross Site Scripting and SQL Injection
Risk Level: Critical

Solution:
Update to version 0.9.4.

Content Management, Cross Site Scripting, SQL Injection

Application: WordPress
Affected Version: version 1.4.2 and other versions.
Vendor’s URL: Zingiri Forum Plugin
Bug Type: File Disclosure
Risk Level: Critical

Solution:
Update to version 1.4.4.

Content Management, File Inclusion

Application: WordPress
Affected Version: version 3.8.6 and prior versions.
Vendor’s URL: Store Locator Plus Plugin
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Update to version 3.8.7

Content Management, SQL Injection

Application: WordPress
Affected Version: version 2.10 and prior versions.
Vendor’s URL: Browser Rejector Plugin
Bug Type: File Inclusion
Risk Level: Critical

Solution:
Update to version 2.11.

Content Management, File Inclusion

Application: WordPress
Affected Version: version 2.8.4 and prior versions.
Vendor’s URL: WP SlimStat Plugin
Bug Type: Cross Site Scripting
Risk Level: Critical

Solution:
Update to version 2.8.5

Content Management, Cross Site Scripting

Application: MyBB
Affected Version: version 1.0 and other versions.
Vendor’s URL: Profile Wii Friend Code Plugin
Bug Type: Cross-Site Scripting and SQL Injection
Risk Level: Critical

Solution:
No official solution is currently available.

Cross Site Scripting, Discussion Boards, SQL Injection

Application: WordPress
Affected Version:
* Lightspeed version 1.1.2
* Eptonic version 1.4.3
* Nuance version 1.2.3
Vendor’s URL: WPScientist Multiple Themes
* Lightspeed version 1.1.2
* Eptonic version 1.4.3
* Nuance version 1.2.3
Bug Type: File Upload
Risk Level: Critical

Solution:
No official solution is currently available.

Content Management, File Inclusion

Application: WordPress
Affected Version: version 2.4.6 and other versions.
Vendor’s URL: Google Doc Embedder Plugin
Bug Type: File Disclosure
Risk Level: Critical

Solution:
Update to version 2.5.4.

Content Management, File Inclusion

Application: CubeCart
Affected Version: version 5.1.5 and other versions
Vendor’s URL: CubeCart
Bug Type: Cross Site Scripting
Risk Level: Critical

Solution:
No official solution is currently available.

Cross Site Scripting, E-Commerce

Application: WordPress
Affected Version: version 0.32 and other versions.
Vendor’s URL: Xerte Online Plugin
Bug Type: File Upload
Risk Level: Critical

Solution:
No official solution is currently available.

Content Management, File Inclusion

Application: WordPress
Affected Version: version 8.1.14 and other versions.
Vendor’s URL: Shopping Cart Plugin
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Update to version 8.1.15.

Content Management, SQL Injection

Application: MyBB
Affected Version: version 1.1 and other versions.
Vendor’s URL: Country Flags Plugin
Bug Type: SQL Injection
Risk Level: Critical

Solution:
No official solution is currently available.

Discussion Boards, SQL Injection