WordPress Symposium Plugin <= 11.12.07 - XSS

Because of this vulnerability in uploadify/get_profile_avatar.php, the attackers can inject arbitrary web script or HTML via the “uid” parameter.

Solution

           Update the plugin.