Page 102 of 701 results (0.006 seconds)

CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0

CVE-2011-0759 – WP-reCAPTCHA <= 2.9.8.2 - Multiple Cross-Site Request Forgery

https://notcve.org/view.php?id=CVE-2011-0759

Multiple cross-site request forgery (CSRF) vulnerabilities in the configuration page in the Recaptcha (aka WP-reCAPTCHA) plugin 2.9.8.2 for WordPress allow remote attackers to hijack the authentication of administrators for requests that disable the CAPTCHA requirement or insert cross-site scripting (XSS) sequences via the (1) recaptcha_opt_pubkey, (2) recaptcha_opt_privkey, (3) re_tabindex, (4) error_blank, (5) error_incorrect, (6) mailhide_pub, (7) mailhide_priv, (8) mh_replace_link, or (9) mh_replace_title parameter. Múltiples vulnerabilidades de falsificación de petición en sitios cruzados en la página de configuración en el complemento Recaptcha (también conocido como WP-reCAPTCHA) v2.9.8.2 para WordPress, permite a atacantes remotos secuestrar la autenticación de los administradores para solicitar que se se active el CAPTCHA o insertar secuencias de comandos en sitios cruzados mediante los parámetros (1) recaptcha_opt_pubkey, (2) recaptcha_opt_privkey, (3) re_tabindex, (4) error_blank, (5) error_incorrect, (6) mailhide_pub, (7) mailhide_priv, (8) mh_replace_link, or (9) mh_replace_title. • http://archives.neohapsis.com/archives/fulldisclosure/2011-03/0206.html http://secunia.com/advisories/43771 http://www.securityfocus.com/bid/46909 https://exchange.xforce.ibmcloud.com/vulnerabilities/66167 https://exchange.xforce.ibmcloud.com/vulnerabilities/66169 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0

CVE-2011-0760 – WP Related Posts <= 1.0 - Cross-Site Request Forgery

https://notcve.org/view.php?id=CVE-2011-0760

Multiple cross-site request forgery (CSRF) vulnerabilities in the configuration screen in wp-relatedposts.php in the WP Related Posts plugin 1.0 for WordPress allow remote attackers to hijack the authentication of administrators for requests that insert cross-site scripting (XSS) sequences via the (1) wp_relatedposts_title, (2) wp_relatedposts_num, or (3) wp_relatedposts_type parameter. Múltiples vulnerabilidades de falsificación de petición en sitios cruzados (CSRF) en la pantalla de configuración en wp-relatedposts.php del plugin WP Related Posts v1.0 de WordPress, permite a atacantes remotos secuestrar la autenticación de los administradores en peticiones que insertan secuencias de comandos en sitios cruzados(XSS) en los parámetros(1) wp_relatedposts_title, (2)wp_relatedposts_num, o (3)wp_relatedposts_type. • http://archives.neohapsis.com/archives/fulldisclosure/2011-03/0205.html http://secunia.com/advisories/43777 http://www.securityfocus.com/bid/46908 https://exchange.xforce.ibmcloud.com/vulnerabilities/66166 https://exchange.xforce.ibmcloud.com/vulnerabilities/66168 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1

CVE-2011-5208 – BackWPup – WordPress Backup Plugin < 1.4.1 - Directory Traversal

https://notcve.org/view.php?id=CVE-2011-5208

Multiple directory traversal vulnerabilities in the BackWPup plugin before 1.4.1 for WordPress allow remote attackers to read arbitrary files via a .. (dot dot) in the wpabs parameter to (1) app/options-view_log-iframe.php or (2) app/options-runnow-iframe.php. Múltiples vulnerabilidades de salto de directorio en el plugin BackWPup anterior a v1.4.1 para WordPress permite a atacantes remotos leer ficheros arbitrarios mediante un .. (punto punto) en el parámetro wpabs para (1) app/options-view_log-iframe.php o (2) app/options-runnow-iframe.php. • http://archives.neohapsis.com/archives/fulldisclosure/2011-02/0663.html http://secunia.com/advisories/43565 http://wordpress.org/extend/plugins/backwpup/changelog http://www.osvdb.org/71242 http://www.osvdb.org/71243 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 3

CVE-2011-1047 – WP Forum Server <= 1.6.5 - SQL Injection

https://notcve.org/view.php?id=CVE-2011-1047

Multiple SQL injection vulnerabilities in VastHTML Forum Server (aka ForumPress) plugin 1.6.1 and 1.6.5 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) search_max parameter in a search action to index.php, which is not properly handled by wpf.class.php, (2) id parameter in an editpost action to index.php, which is not properly handled by wpf-post.php, or (3) topic parameter to feed.php. Múltiples vulnerabilidades de inyección SQL en el plugin Forum Server (también se conoce como ForumPress) versiones 1.6.1 y 1.6.5 de VastHTML para WordPress, permiten a los atacantes remotos ejecutar comandos SQL arbitrarios por medio del (1) parámetro search_max en una acción search en el archivo index.php, que no es manejado apropiadamente por el archivo wpf.class.php, (2) parámetro id en una acción editpost en archivo index.php, que no es manejado apropiadamente por archivo wpf-post.php, o (3) topic a feed.php. • https://www.exploit-db.com/exploits/16235 http://osvdb.org/70993 http://osvdb.org/70994 http://secunia.com/advisories/43306 http://securityreason.com/securityalert/8099 http://www.htbridge.ch/advisory/sql_injection_in_wp_forum_server_wordpress_plugin.html http://www.htbridge.ch/advisory/sql_injection_in_wp_forum_server_wordpress_plugin_1.html http://www.htbridge.ch/advisory/sql_injection_in_wp_forum_server_wordpress_plugin_2.html http://www.securityfocus.com/archive/1/516400/100/ • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

CVE-2011-0701 – WordPress Core < 3.0.5 - Improper Authorization to Information Disclosure

https://notcve.org/view.php?id=CVE-2011-0701

wp-admin/async-upload.php in the media uploader in WordPress before 3.0.5 allows remote authenticated users to read (1) draft posts or (2) private posts via a modified attachment_id parameter. wp-admin/async-upload.php en media uploader en WordPress anterior a v3.0.5 permite a usuarios remotos autenticados leer (1) posts borradores o (2) posts privados a través del parámetro modificado attachment_id. • http://codex.wordpress.org/Version_3.0.5 http://core.trac.wordpress.org/changeset/17393 http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056412.html http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056998.html http://lists.fedoraproject.org/pipermail/package-announce/2011-March/057003.html http://openwall.com/lists/oss-security/2011/02/08/7 http://openwall.com/lists/oss-security/2011/02/09/13 http://secunia.com/advisories/43729 http://www • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-285: Improper Authorization •