Multiple vulnerabilities affecting eleven WordPress Plugins (XSS, CSRF, LFI & object injection)

[Summer of Pwnage <lists () securify nl>]

Please see attached advisories for more information. These issues were 
found during Summer of Pwnage (https://sumofpwn.nl), a Dutch community 
project. Its goal is to contribute to the security of popular, widely 
used OSS projects in a fun and educational way.

Attachment: ajax_load_more_local_file_inclusion_vulnerability.txt
Description:

Attachment: cross_site_request_forgery_in_photo_gallery_wordpress_plugin_allows_adding_of_images.txt
Description:

Attachment: cross_site_request_forgery_in_photo_gallery_wordpress_plugin_allows_deleting_of_galleries.txt
Description:

Attachment: cross_site_request_forgery_in_photo_gallery_wordpress_plugin_allows_deleting_of_images.txt
Description:

Attachment: cross_site_request_forgery_vulnerability_in_add_from_server_wordpress_plugin.txt
Description:

Attachment: cross_site_request_forgery_vulnerability_in_email_users_wordpress_plugin.txt
Description:

Attachment: cross_site_scripting_cross_site_request_forgery_in_peter_s_login_redirect_wordpress_plugin.txt
Description:

Attachment: cross_site_scripting_in_link_library_wordpress_plugin.txt
Description:

Attachment: cross_site_scripting_in_store_locator_plus_for_wordpress.txt
Description:

Attachment: cross_site_scripting_vulnerability_in_google_maps_wordpress_plugin.txt
Description:

Attachment: ecwid_ecommerce_shopping_cart_wordpress_plugin_unauthenticated_php_object_injection_vulnerability.txt
Description:

Attachment: persistent_cross_site_scripting_in_magic_fields_1_wordpress_plugin.txt
Description:

Attachment: persistent_cross_site_scripting_in_magic_fields_2_wordpress_plugin.txt
Description:

Attachment: stored_cross_site_scripting_vulnerability_in_photo_gallery_wordpress_plugin.txt
Description: