Application: WordPress
Affected Version: versions prior to 3.4.
Vendor’s URL: Image News slider Plugin
Bug Type: -
Risk Level: Critical

Solution:
Update to version 3.4.

Content Management

Application: WordPress
Affected Version: version 3.2.3 and other versions.
Vendor’s URL: Count Per Day Plugin
Bug Type: Cross Site Scripting
Risk Level: Critical

Solution:
No official solution is currently available.

Content Management, Cross Site Scripting

Application: Joomla!
Affected Version: version 1.0.2769 free edition and other versions.
Vendor’s URL: Komento Component
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Update to version 1.0.2771.

Content Management, SQL Injection

Application: WordPress
Affected Version: version 2.4.7 and prior versions.
Vendor’s URL: Zingiri Web Shop Plugin
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Update to version 2.4.8.

Content Management, SQL Injection

Application: WordPress
Affected Version: versions prior to 2.5.5.
Vendor’s URL: RSVPMaker RVSP Report
Bug Type: Cross Site Scripting
Risk Level: Critical

Solution:
Update to version 2.5.5.

Content Management, Cross Site Scripting

Application: WordPress
Affected Version: version 2.1 and other versions.
Vendor’s URL: Mz-jajak Plugin
Bug Type: SQL Injection
Risk Level: Critical

Solution:
No official solution is currently available.

Content Management, SQL Injection

Application: WordPress
Affected Version: version 1.0.6 and other versions.
Vendor’s URL: SimpleMail Plugin
Bug Type: Cross Site Scripting
Risk Level: Critical

Solution:
No official solution is currently available.

Content Management, Cross Site Scripting

Application: WordPress
Affected Version: version 1.4.4 and other versions.
Vendor’s URL: Postie Plugin
Bug Type: Cross Site Scripting
Risk Level: Critical

Solution:
The vendor has released a fix, however, the fix is ineffective. No official solution is currently available.

Content Management, Cross Site Scripting

Application: Joomla!
Affected Version: versions prior to 3.1.3.
Vendor’s URL: En Masse Component
Bug Type: File Inclusion
Risk Level: Critical

Solution:
Update to version 3.1.3.

Content Management, File Inclusion

Application: Joomla!
Affected Version: version 3.0.3 and other versions.
Vendor’s URL: En Masse Component
Bug Type: SQL Injection
Risk Level: Critical

Solution:
No official solution is currently available.

Content Management, SQL Injection

Application: WordPress
Affected Version: version 1.0.
Vendor’s URL: Vitamin Plugin
Bug Type: File Disclosure
Risk Level: Critical

Solution:
Update to version 1.1.

Content Management, Information Disclosure

Application: WordPress
Affected Version: version 3.0.0 and other versions.
Vendor’s URL: WP Lead Management Plugin
Bug Type: Cross Site Scripting
Risk Level: Critical

Solution:
No official solution is currently available.

Content Management, Cross Site Scripting

Application: WordPress
Affected Version: versions prior to 1.5.
Vendor’s URL: Featured Post with thumbnail Plugin
Bug Type: Unspecified
Risk Level: Critical

Solution:
Update to version 1.5.

Content Management

Application: Joomla!
Affected Version: version 1.2.0.4 and other versions.
Vendor’s URL: Joomgalaxy Component
Bug Type: SQL Injection
Risk Level: Critical

Solution:
No official solution is currently available.

Content Management, SQL Injection

Application: Drupal
Affected Version: all 6.x versions.
Vendor’s URL: Monthly Archive by Node Type Module
Bug Type: Security Bypass
Risk Level: Critical

Solution:
No official solution is currently available.

Access Bypass, Content Management

Application: Joomla!
Affected Version: SQL Injection
Vendor’s URL: Movm Component
Bug Type: SQL Injection
Risk Level: Critical

Solution:
No official solution is currently available.

Content Management, SQL Injection

Application: WordPress
Affected Version: version 1.46 and prior versions.
Vendor’s URL: Cloudsafe365 Plugin
Bug Type: Cross Site Scripting
Risk Level: Critical

Solution:
Update to version 1.47.

Content Management, Cross Site Scripting