Application: Joomla!
Affected Version: versions 2.5.18, 3.2.1 and 3.2.2
Vendor’s URL: Joomla!
Bug Type: Security Bypass, Cross Site Scripting, SQL Injection
Risk Level: Critical

Solution:
Update to version 2.5.19 or 3.2.3.

Access Bypass, Content Management, Cross Site Scripting, SQL Injection

Application: WordPress
Affected Version: version 7.0.2 and prior versions.
Vendor’s URL: Search Everything Plugin
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Update to version 7.0.3 or later.

Content Management, SQL Injection

Application: Drupal
Affected Version: 7.x-1.x versions prior to 7.x-2.0.
Vendor’s URL: Slickgrid Module
Bug Type: Security Bypass
Risk Level: Critical

Solution:
Update to version 7.x-2.0.

Access Bypass, Content Management

Application: WordPress
Affected Version: AdRotate Free version 3.9.4 and reported in AdRotate Pro versions prior to 3.9.6.
Vendor’s URL: AdRotate Plugin
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Update to a fixed version.

Content Management, SQL Injection

Application: WordPress
Affected Version: version 1.9.1 and prior versions.
Vendor’s URL: BuddyPress Plugin
Bug Type: Script Insertion and Security Bypass
Risk Level: Critical

Solution:
Update to version 1.9.2.

Access Bypass, Content Management, Cross Site Scripting

Application: WordPress
Affected Version:
Vendor’s URL: Kiddo Theme
Bug Type: File Upload
Risk Level: Critical

Solution:
No official solution is currently available.

Content Management, File Inclusion

Application: Zabbix
Affected Version: versions prior to 2.0.11 and 2.2.2.
Vendor’s URL: Zabbix
Bug Type: User Spoofing and Security Bypass
Risk Level: Critical

Solution:
Update to version 2.0.11 or 2.2.2.

Access Bypass

Application: Drupal
Affected Version: 7.x-1.x versions prior to 7.x-3.7.
Vendor’s URL: Drupal Services Module
Bug Type: Security Bypass
Risk Level: Critical

Solution:
Update to version 7.x-3.7.

Access Bypass, Content Management

Application: Joomla!
Affected Version: versions prior to 3.0.3.
Vendor’s URL: PROJOOM Smart Flash Header Component
Bug Type: File Upload
Risk Level: Critical

Solution:
Update to version 3.0.3.

Content Management, File Inclusion

Application: MyBB
Affected Version: version 1.6.12 and other versions.
Vendor’s URL: MyBB
Bug Type: Cross-Site Scripting
Risk Level: Critical

Solution:
No official solution is currently available.

Cross Site Scripting, Discussion Boards

Application: ImpressCMS
Affected Version: versions 1.3.5, 1.3.6, and 1.3.6.1 and other versions.
Vendor’s URL: ImpressCMS
Bug Type: File Deletion
Risk Level: Critical

Solution:
The vendor has released a fix in version 1.3.6, however, the fix is only partially effective. No official solution is currently available.

Access Bypass, Content Management

Application: Joomla!
Affected Version: version 2.4.0 and prior versions.
Vendor’s URL: Music Collection Component
Bug Type:
Risk Level: Critical

Solution:
Update to version 2.4.1.

Content Management

Application: Joomla!
Affected Version: version 3.0.2 and prior versions
Vendor’s URL: JV Comment Component
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Update to version 3.0.3.

Content Management, SQL Injection