Example URIs have been provided: Cross-site scripting examples: http://www.example.com/wp-admin/edit-comments.php?s=[XSS] http://www.example.com/wp-admin/edit-comments.php?s=bla&submit=Search&mode=[XSS] http://www.example.com/wp-admin/templates.php?file=[XSS] http://www.example.com/wp-admin/link-add.php?linkurl=[XSS] http://www.example.com/wp-admin/link-add.php?name=[XSS] http://www.example.com/wp-admin/link-categories.php?cat_id=[XSS]&action=Edit http://www.example.com/wp-admin/link-manager.php?order_by=[XSS] http://www.example.com/wp-admin/link-manager.php?cat_id=[XSS] http://www.example.com/wp-admin/link-manager.php?action=linkedit&link_url=[XSS] http://www.example.com/wp-admin/link-manager.php?action=linkedit&link_name=[XSS] http://www.example.com/wp-admin/link-manager.php?action=linkedit&link_description=[XSS] http://www.example.com/wp-admin/link-manager.php?action=linkedit&link_rel=[XSS] http://www.example.com/wp-admin/link-manager.php?action=linkedit&link_image=[XSS] http://www.example.com/wp-admin/link-manager.php?action=linkedit&link_rss_uri=[XSS] http://www.example.com/wp-admin/link-manager.php?action=linkedit&link_notes=[XSS] http://www.example.com/wp-admin/link-manager.php?action=linkedit&link_id=[XSS] http://www.example.com/wp-admin/link-manager.php?action=linkedit&order_by=[XSS] http://www.example.com/wp-admin/link-manager.php?action=linkedit&cat_id=[XSS] http://www.example.com/wp-admin/post.php?content=[XSS] http://www.example.com/wp-admin/moderation.php?action=update&item_approved=[XSS] SQL injection examples: http://www.example.com/index.php?m=[SQL] http://www.example.com/wp-admin/edit.php?m=[SQL] http://www.example.com/wp-admin/link-categories.php?cat_id=[SQL]&action=Edit The following proof of concept examples are available: Cross-site Scripting: /wp-login.php?action=login&redirect_to=[XSS] /wp-admin/templates.php?file=[XSS] /wp-admin/post.php?content=[XSS] SQL Injection: /index.php?m=bla /wp-admin/edit.php?m=bla</body> </html>