Hello participants of Mailing List. First of all, Merry Christmas! Here is my greeting card for you: http://mlbpg.narod.ru/bp-flash/x-mas-2011.swf And here is interesting information for you. After conducting Month of Search Engines Bugs (http://websecurity.com.ua/category/moseb/) in June 2007 and Month of Bugs in Captchas (http://websecurity.com.ua/category/mobic/) in November 2007 and many other projects during 2007-2008, I conducted projects Day of bugs in WordPress in December 2007 and Day of bugs in WordPress 2 in July 2010. As I've announced earlier (http://seclists.org/fulldisclosure/2013/Nov/219), at 30.11.2013 I conducted a Day of bugs in WordPress 3. In this project I've disclosed many new vulnerabilities in WordPress. In the first "Day of bugs in WordPress" project I disclosed 81 vulnerabilities in WP, in the second I disclosed 8 interesting vulnerabilities in WP. And in the third I disclosed 10 new interesting vulnerabilities in WP. Here is a summary of results of the project "Day of bugs in WordPress 3" (http://websecurity.com.ua/6908/). There were disclosed Information Leakage, Backdoor, Cross-Site Request Forgery, Denial of Service, URL Redirector Abuse and Cross-Site Scripting vulnerabilities in WP. In December I translated description of all these vulnerabilities to English to the Full-Disclosure mailing list. All these projects lead to improving security of web applications and to increasing awareness of web developers. Best wishes & regards, MustLive Administrator of Websecurity web site http://websecurity.com.ua