CVSS: 7.2EPSS: 0%CPEs: 78EXPL: 2CVE-2012-4263 – iThemes Security < 3.2.5 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2012-4263
Cross-site scripting (XSS) vulnerability in inc/admin/content.php in the Better WP Security (better_wp_security) plugin before 3.2.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the HTTP_USER_AGENT header. Una vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en inc/admin/content.php en el plugin 'Better WP Security' (better_wp_security) para WordPress antes de v3.2.5 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de la cabecera HTTP_USER_AGENT. Cross-site scripting (XSS) vulnerability in inc/admin/content.php in the Better WP Security (iThemes) plugin before 3.2.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the HTTP_USER_AGENT header. • http://bit51.com/software/better-wp-security/changelog http://packetstormsecurity.org/files/112617/WordPress-Better-WP-Security-Cross-Site-Scripting.html http://plugins.trac.wordpress.org/changeset?old_path=%2Fbetter-wp-security&old=542852&new_path=%2Fbetter-wp-security&new=542852 http://www.securityfocus.com/bid/53480 https://exchange.xforce.ibmcloud.com/vulnerabilities/75523 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 78EXPL: 1CVE-2012-4264 – Better WP Security <= 3.2.4 - Multiple Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2012-4264
Multiple cross-site scripting (XSS) vulnerabilities in the Better WP Security (better_wp_security) plugin before 3.2.5 for WordPress allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "server variables," a different vulnerability than CVE-2012-4263. Múltiples vulnerabilidades de ejecución de comandos en sitios cruzados (XSS) en el plugin 'Better WP Security' (better_wp_security) para WordPress antes de v3.2.5 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores no especificados relacionados con "variables de servidor". Se trata una vulnerabilidad diferente a CVE-2012-4263. • http://bit51.com/software/better-wp-security/changelog http://plugins.trac.wordpress.org/changeset?old_path=%2Fbetter-wp-security&old=542852&new_path=%2Fbetter-wp-security&new=542852 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •