List of public advisories.

Date Application Type Identifiers Notes
2019-03-17 WordPress plugin hrm Missing server side authorization checks CVE-2019-9573, CVE-2019-9574 https://www.openwall.com/lists/oss-security/2019/03/17/1
2016-05-10 WordPress plugin nelio-ab-testing CWE-22: Path Traversal OVE-20160509-0045 http://www.openwall.com/lists/oss-security/2016/05/10/1
2016-03-01 WordPress plugin GravityForms CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) CVE out-of-scope http://seclists.org/bugtraq/2016/Mar/0
2016-02-25 WordPress plugin wp-ultimate-exporter CWE-89: Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) CVE out-of-scope http://seclists.org/bugtraq/2016/Feb/183
2015-05-29 WordPress plugin wp-smiley CWE-79: Cross-site scripting, CWE-352: Cross-Site Request Forgery CVE-2015-4139, CVE-2015-4140 https://www.openwall.com/lists/oss-security/2015/05/31/2
2014-12-16 WordPress plugin db-backup CWE-22: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) CVE-2014-9119 http://www.openwall.com/lists/oss-security/2014/12/16/5
2014-08-19 WordPress plugin wp-source-control CWE-22: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) CVE-2014-5368
2013-12-30 WordPress plugin advanced-dewplayer Directory traversal CVE-2013-7240 https://wordpress.org/support/topic/security-vulnerability-cve-2013-7240-directory-traversal/ http://www.securityfocus.com/bid/64587/info
2013-02-25 WordPress plugin smart-flv Reflected cross-site scripting CVE-2013-1765 http://www.openwall.com/lists/oss-security/2013/02/24/7
2012-01-17 golismero CWE-59: Improper Link Resolution Before File Access (‘Link Following’) CVE-2012-0054 http://www.openwall.com/lists/oss-security/2012/01/17/7
2010-06-13 pyftpd Default username and password CVE-2010-2073 BTS#585776
2010-06-13 pyftpd Insecure usage of temporary directory CVE-2010-2072 BTS#585773
2010-04-27 wafp Insecure temporary directory CVE-2010-1438