Wordpress plugin WP Fast Cache 1.4 and below suffers from CSRF Stored/Reflected XSS
WP Fast Cache is vulnerable to CSRF attacks, which can also be combined with stored/reflected XSS attacks (authenticated administrators only).
Wordpress Video Gallery 2.8 Unprotected Mail Page.
Any guest user can send spam/phishing from unprotected php page.
Wordpress NEX-Forms Ultimate Form builder 3.0 suffers from SQL Injection Vulnerability
Wordpress Ajax Store Locator 1.2 and below suffers from Arbitrary SQL Injection Vulnerability
Wordpress Video Gallery 2.8 suffers from SQL Injection vulnerability.
Wordpress N-Media Website Contact Form with File Upload 1.3.4 suffers from Shell Upload Vulnerability
Wordpress Duplicator 0.5.14 SQL Injection Vulnerability
Wordpress All In One WP Security & Firewall 3.9.0 sufferse from SQL Injection Vulnerability
Wordpress Work the flow file upload 2.5.2 Shell Upload Vulnerability
# Exploit Title : Wordpress Video Gallery 2.7 SQL Injection Vulnerabilitiey
# Exploit Author : Claudio Viviani