I checked, and AdServe has been fixed and updated to 0.3:
http://downloads.wordpress.org/plugin/adserve.zip
Haven’t found the others yet.
wp-cal has not been fixed, but can be easily enough…
In the wp-cal/functions/edit-event.php file, find this:
$id = $_GET['id'];
And change it to this:
$id = (int) $_GET['id'];
fGallery has not been fixed either, however can be as well…
In fgallery/fim-rss.php, change this:
$cat = $wpdb->get_row("SELECT * FROM $cats WHERE id = $_GET[album]");
$images = $wpdb->get_results("SELECT * FROM $imgs WHERE cat = $_GET[album] AND status = 'include'");
To this:
$album = (int) $_GET[album];
$cat = $wpdb->get_row("SELECT * FROM $cats WHERE id = $album");
$images = $wpdb->get_results("SELECT * FROM $imgs WHERE cat = $album AND status = 'include'");
However, after looking around at this code a bit, I would suggest not using the fGallery plugin at all. It uses lots and lots of insecure programming methods, and while I don’t see any immediately obvious problems, I have no doubt that they are there. The plugin does no input checking whatsoever.
The WassUp plugin has upgraded to version 1.4.3a and claims to have fixed the hole… However, their “fix” seems unusual to me, and I’m not sure why they didn’t simply escape the input string correctly (using $wpdb->escape). Nevertheless, they claim to have fixed it.
http://wordpress.org/extend/plugins/wassup/
sniplets located here:
http://urbangiraffe.com/plugins/sniplets/
time to upgrade if you are using that. version 1.2 has a vulnerability — an RFI vulnerability, and those are ugly.
