CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2010-4277 – Embedded Video <= 4.1 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2010-4277
Cross-site scripting (XSS) vulnerability in lembedded-video.php in the Embedded Video plugin 4.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the content parameter to wp-admin/post.php. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en lembedded-video.php en el plugin Embedded Video v4.1 para WordPress permite a atacantes remotos inyecatar código web o HTML de su elección a través del parámetro content en wp-admin/post.php. Cross-site scripting (XSS) vulnerability in embedded-video.php in the Embedded Video plugin 4.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the content parameter to wp-admin/post.php. Embedded Video WordPress Plugin suffers from a cross site scripting vulnerability. • http://www.securityfocus.com/archive/1/515345/100/0/threaded http://www.securityfocus.com/bid/45486 https://exchange.xforce.ibmcloud.com/vulnerabilities/64214 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 5CVE-2010-4747 – WordPress Processing Embed <= 0.5.1 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2010-4747
Cross-site scripting (XSS) vulnerability in wordpress-processing-embed/data/popup.php in the Processing Embed plugin 0.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the pluginurl parameter. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en wordpress-processing-embed/data/popup.php del plugin Processing Embed 0.5 de WordPress. Permite a usuarios remotos inyectar codigo de script web o código HTML de su elección a través del parámetro pluginurl. Cross-site scripting (XSS) vulnerability in wordpress-processing-embed/data/popup.php in the Processing Embed plugin 0.5.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the pluginurl parameter. • https://www.exploit-db.com/exploits/35066 http://secunia.com/advisories/42545 http://www.johnleitch.net/Vulnerabilities/WordPress.Processing.Embed.0.5.Reflected.Cross-site.Scripting/65 http://www.osvdb.org/69764 http://www.securityfocus.com/bid/45266 https://exchange.xforce.ibmcloud.com/vulnerabilities/63761 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 3CVE-2010-4518 – WP Safe Search <= 0.7 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2010-4518
Cross-site scripting (XSS) vulnerability in wp-safe-search/wp-safe-search-jx.php in the Safe Search plugin 0.7 for WordPress allows remote attackers to inject arbitrary web script or HTML via the v1 parameter. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en wp-safe-search/wp-safe-search-jx.php en el plugin Safe Search v0.7 para WordPress permite a atacantes remotos inyecatr código web o HTML a través del parámetro v1. • https://www.exploit-db.com/exploits/35067 http://osvdb.org/69762 http://secunia.com/advisories/42544 http://www.johnleitch.net/Vulnerabilities/WordPress.Safe.Search.0.7.Reflected.Cross-site.Scripting/66 http://www.securityfocus.com/bid/45267 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 70EXPL: 1CVE-2010-5106 – WordPress Core < 3.0.3 - Access Control Bypass
https://notcve.org/view.php?id=CVE-2010-5106
The XML-RPC remote publishing interface in xmlrpc.php in WordPress before 3.0.3 does not properly check capabilities, which allows remote authenticated users to bypass intended access restrictions, and publish, edit, or delete posts, by leveraging the Author or Contributor role. La interfaz de publicación de XML-RPC remoto en xmlrpc.php en WordPress antes de v3.0.3 no realiza correctamente determinadas comprobaciones, lo que permite a usuarios remotos autenticados eludir restricciones de acceso, y publicar, editar o borrar mensajes, al aprovechar el rol de autor o colaborador. • http://codex.wordpress.org/Version_3.0.3 http://core.trac.wordpress.org/changeset/16803 http://openwall.com/lists/oss-security/2012/09/14/10 • CWE-264: Permissions, Privileges, and Access Controls CWE-284: Improper Access Control •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 3CVE-2010-4825 – Peadig's Twitter Feed: Embedded Timeline WordPress Plugin <= 2.2 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2010-4825
Cross-site scripting (XSS) vulnerability in magpie_debug.php in the Twitter Feed plugin (wp-twitter-feed) 0.3.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the url parameter. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en magpie_debug.php en el complemento Twitter Feed (wp-twitter-feed) v0.3.1 para WordPress, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro url. Cross-site scripting (XSS) vulnerability in magpie_debug.php in the Twitter Feed plugin (wp-twitter-feed) 2.2 and below for WordPress allows remote attackers to inject arbitrary web script or HTML via the url parameter. • http://secunia.com/advisories/42542 http://www.johnleitch.net/Vulnerabilities/WordPress.Twitter.Feed.0.3.1.Reflected.Cross-site.Scripting/68 http://www.osvdb.org/69760 http://www.securityfocus.com/bid/45294 https://exchange.xforce.ibmcloud.com/vulnerabilities/63942 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •