InetTester сказал(а):

[!] Title: WordPress prepare() potential SQL Injection
Reference: WordPress 2.3.0-4.8.1 - $wpdb->prepare() potential SQL Injection
Reference: WordPress 4.8.2 Security and Maintenance Release
Reference: Database: Hardening for `wpdb:repare()` · WordPress/WordPress@70b2127
Reference: Database: Hardening to bring `wpdb:repare()` inline with documentat… · WordPress/WordPress@fc930d3
Fixed in: 4.2.16

InetTester сказал(а):

[!] Title: WordPress 2.3.0-4.7.4 - Authenticated SQL injection
Reference: WordPress 2.3.0-4.7.4 - Authenticated SQL injection
Reference: Wordpress SQLi
Reference: WordPress 4.8.2 Security and Maintenance Release
Reference: Database: Hardening for `wpdb:repare()` · WordPress/WordPress@70b2127
Reference: WordPress 2.3.0-4.8.1 - $wpdb->prepare() potential SQL Injection
Fixed in: 4.7.5

InetTester сказал(а):

[!] Title: WordPress 3.5-4.7.1 - WP_Query SQL Injection
Reference: WordPress 3.5-4.7.1 - WP_Query SQL Injection
Reference: WordPress 4.7.2 Security Release
Reference: Query: Ensure that queries work correctly with post type names with s… · WordPress/WordPress@8538429
Reference: CVE - CVE-2017-5611
Fixed in: 4.2.12

[!] Title: All in One SEO Pack <= 2.3.6.1 - Unauthenticated Stored Cross-Site Scripting (XSS)
Reference: All in One SEO Pack <= 2.3.6.1 - Unauthenticated Stored Cross-Site Scripting (XSS)
Reference: Full Disclosure: Persistent Cross-Site Scripting in All in One SEO Pack WordPress Plugin
Reference: All in One SEO Pack Changelog | WordPress Developer
Reference: Summer of Pwnage! July 1-29, Amsterdam.
Reference: All in One SEO 2.3.7 Patches Persistent XSS Vulnerability
Reference: Serious Vulnerability in All in One SEO Pack Plugin 2.3.6.1 and earlier
Fixed in: 2.3.7