The Ultimate WordPress Toolkit – WP Extended

Cross Site Scripting (XSS) vulnerability <= 3.0.14

Missing Authorization to Unauthenticated Post Order Manipulation vulnerability <= 3.0.13

Unauthenticated SQL Injection via Login Attempts Module vulnerability <= 3.0.12

Missing Authorization to Authenticated (Subscriber+) Remote Code Execution vulnerability <= 3.0.11

Missing Authorization to Authenticated (Subscriber+) Stored CrossSite Scripting vulnerability <= 3.0.11