The Secrets of CS 1.6 Admin Hack V3.0 1: How to Get Admin Rights on Any Counter-Strike Server
The Logincontacts WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation in the /inc/functions.php script where a user with administrative privileges is able to inject arbitrary web scripts, in versions up to and including 1.4.1. This only affects multi-site installations whereunfiltered_htmlis disabled for administrators, and sites whereunfiltered_htmlis disabled.
Cs 1.6 Admin Hack V3.0 1
The Ultimate Settings WordPress plugin is vulnerable to Remote Code Execution due to an oversight in the options-page functionality found in the /plugins/UltimateSettings/functions.php script where an attacker with administrative privileges is able to upload arbitrary files, in versions up to and including 3.6. In contrast to the file_ext_filter filter which is supposed to prevent the uploading of PHP files by users without permissions, this filter isn't. By uploading a PHP file, an attacker is able to trick the users into opening it as an HTML file and thus make malicious actions possible.
The Haja & Halkları WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation in the /inc/admin/components/haja.php script where a user with administrative privileges is able to inject arbitrary web scripts, in versions up to and including 1.0.2. This only affects multi-site installations whereunfiltered_htmlis disabled for administrators, and sites whereunfiltered_htmlis disabled.
The WPPerf plugin is vulnerable to Remote Code Execution via an internal email. In version 1.3, an attacker is able to specify the email address of a user with administrative privileges to include the following code, which would let an attacker to execute arbitrary PHP code on the system via mail() function.