20170317 Vulnerable Plugins/Themes Report

	A	B	C	D	E	F	G	H	I	J
1	Name	Version(s) Affected	Fixed in Version	Plugin Directory	Vulnerability	Link/Plugin Status	Suggested Action	Plugin/Theme	Other Notes	Historical Link

2	Really Simple Gallery	1.4 and earlier	unfixed	really-simple-gallery	Cross-Site Request Forgery and Arbitrary File Upload	Plugin removed from repository	Remove Immediately	Plugin		https://wordpress.org/plugins-wp/really-simple-gallery/
3	WP Markdown Editor	2.3.0	unfixed	wp-markdown-editor	Authenticated Stored Cross-Site Scripting	Plugin removed from repository	Remove	Plugin		https://wordpress.org/plugins-wp/wp-markdown-editor/
4	Membership Simplified	1.58	unfixed	membership-simplified-for-oap-members-only	Unauthenticated Arbitrary File Download	Plugin removed from repository	Remove	Plugin		https://wordpress.org/plugins-wp/membership-simplified-for-oap-members-only/
5	Profile Builder	5.2.7 and earlier	2.5.8	profile-builder	Authenticated Stored Cross-Site Scripting	https://wordpress.org/plugins/profile-builder/	Update	Plugin
6	CMS Page Order	0.3.3 and earlier	unfixed	cms-page-order	SQL Injection	https://wordpress.org/plugins/cms-page-order/	Remove	Plugin
7	PICA Photo Gallery	1.0 and earlier	unfixed	pica-photo-gallery	SQL Injection	https://www.apptha.com/category/extension/Wordpress/PICA-Photo-Gallery	Remove	Plugin
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100