The Ultimate WordPress Toolkit – WP Extended

Missing Authorization to Unauthenticated Post Order Manipulation vulnerability <= 3.0.13

Unauthenticated SQL Injection via Login Attempts Module vulnerability <= 3.0.12

Missing Authorization to Authenticated (Subscriber+) Remote Code Execution vulnerability <= 3.0.11

Missing Authorization to Authenticated (Subscriber+) Stored CrossSite Scripting vulnerability <= 3.0.11

Reflected CrossSite Scripting vulnerability <= 3.0.9