CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2016-10706 – Jetpack <= 4.0.2 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2016-10706
The Jetpack plugin before 4.0.3 for WordPress has XSS via a crafted Vimeo link. El plugin Jetpack en versiones anteriores a la 4.0.3 para WordPress tiene XSS mediante un enlace Vimeo manipulado. • https://jetpack.com/2016/05/27/jetpack-4-0-3-critical-security-update https://www.wordfence.com/blog/2016/05/jetpack-vulnerability • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2016-10763 – CampTix Event Ticketing < 1.5 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2016-10763
The CampTix Event Ticketing plugin before 1.5 for WordPress allows XSS in the admin section via a ticket title or body. El complemento Campeting Event Ticketing antes de 1.5 para WordPress permite XSS en la sección de administración a través de un título o cuerpo del ticket. • https://hackerone.com/reports/152958 https://wordpress.org/plugins/camptix/#developers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2016-10762 – CampTix Event Ticketing <= 1.4.2 - CSV Injection
https://notcve.org/view.php?id=CVE-2016-10762
The CampTix Event Ticketing plugin before 1.5 for WordPress allows CSV injection when the export tool is used. El complemento CampTix Event Ticketing antes de 1.5 para WordPress permite la inyección de CSV cuando se utiliza la herramienta de exportación. The CampTix Event Ticketing plugin for WordPress is vulnerable to CSV Injection in versions up to, and including, 1.4.2. This allows attackers to embed untrusted input into exported CSV files, which can result in code execution when these files are downloaded and opened on a local system with a vulnerable configuration. • https://hackerone.com/reports/151516 https://wordpress.org/plugins/camptix/#developers • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2016-10705 – Jetpack <= 4.0.3 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2016-10705
The Jetpack plugin before 4.0.4 for WordPress has XSS via the Likes module. El plugin Jetpack en versiones anteriores a la 4.0.4 para WordPress tiene XSS mediante el módulo Likes. • https://jetpack.com/2016/06/20/jetpack-4-0-4-bug-fixes https://wpvulndb.com/vulnerabilities/8517 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2015-9357 – Akismet <= 3.1.4 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2015-9357
The akismet plugin before 3.1.5 for WordPress has XSS. El plugin akismet antes de 3.1.5 para WordPress tiene XSS. • https://wordpress.org/plugins/akismet/#developers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •