Theme exploits, Black label , EvoLve and Pixiv custom themes.

Name: EvoLve theme
Version: 1.2.6.
Credit: Sitewatch
URL: http://wordpress.org/extend/themes/evolve

Input passed via the “s” parameter to index.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user’s browser session in context of an affected site.

Name: Pixiv Custom theme
Version: 2.1.5.
Credit: Sitewatch

http://wordpress.org/extend/themes/pixiv-custom

Input passed via the “s” parameter to index.php is not properly sanitised in wp-content/themes/pixiv-custom/archive.php before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user’s browser session in context of an affected site.

Name: Black label premium
Version: 1.2.0
Credit: Wpsecure
URL: http://themeforest.net

Bundled with Timthumb.php exploit, that allows for remote file inclusion