CVSS: 5.3EPSS: 0%CPEs: 23EXPL: 2CVE-2010-4403 – Register Plus <= 3.5.11 - Sensitive Information Disclosure
https://notcve.org/view.php?id=CVE-2010-4403
The Register Plus plugin 3.5.1 and earlier for WordPress allows remote attackers to obtain sensitive information via a direct request to (1) dash_widget.php and (2) register-plus.php, which reveals the installation path in an error message. El complemento Register Plus 3.5.1 y versiones anteriores de WordPress permite a atacantes remotos obtener información confidencial a través de peticiones directas a (1) dash_widget.php y (2) register-plus.php, lo que revela la ruta de instalación en el mensaje de error. The Register Plus plugin 3.5.11 and earlier for WordPress allows remote attackers to obtain sensitive information via a direct request to (1) dash_widget.php and (2) register-plus.php, which reveals the installation path in an error message. • http://packetstormsecurity.org/files/view/96143/registerplus-xss.txt http://websecurity.com.ua/4539 http://www.securityfocus.com/archive/1/514903/100/0/threaded • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.2EPSS: 0%CPEs: 23EXPL: 2CVE-2010-4402 – Register Plus <= 3.5.11 - Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2010-4402
Multiple cross-site scripting (XSS) vulnerabilities in wp-login.php in the Register Plus plugin 3.5.1 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) firstname, (2) lastname, (3) website, (4) aim, (5) yahoo, (6) jabber, (7) about, (8) pass1, and (9) pass2 parameters in a register action. Multiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en wp-login.php del complemento Register Plus 3.5.1 y versiones anteriores de WordPress. Permiten a usuarios remotos inyectar codigo de script web o código HTML de su elección a través de los parámetros (1) firstname, (2) lastname, (3) website, (4) aim, (5) yahoo, (6) jabber, (7) about, (8) pass1 y (9) pass2 de una acción de registro. Multiple cross-site scripting (XSS) vulnerabilities in wp-login.php in the Register Plus plugin 3.5.11 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) firstname, (2) lastname, (3) website, (4) aim, (5) yahoo, (6) jabber, (7) about, (8) pass1, and (9) pass2 parameters in a register action. • http://osvdb.org/69491 http://packetstormsecurity.org/files/view/96143/registerplus-xss.txt http://secunia.com/advisories/42360 http://websecurity.com.ua/4539 http://www.securityfocus.com/archive/1/514903/100/0/threaded http://www.securityfocus.com/bid/45057 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 3CVE-2010-4839 – Event Registration < 6.00.03 - SQL Injection
https://notcve.org/view.php?id=CVE-2010-4839
SQL injection vulnerability in the Event Registration plugin 5.32 and earlier for WordPress allows remote attackers to execute arbitrary SQL commands via the event_id parameter in a register action. Una vulnerabilidad de inyección SQL en el plugin de registro de eventos ('Event Registration')para Wordpress v5.32 y anteriores permite a atacantes remotos ejecutar comandos SQL a través del parámetro event_id en una acción de registro. • https://www.exploit-db.com/exploits/17814 https://www.exploit-db.com/exploits/15513 http://secunia.com/advisories/42265 http://www.exploit-db.com/exploits/15513 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 1CVE-2010-4630 – WP Survey And Quiz Tool < 1.3 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2010-4630
Cross-site scripting (XSS) vulnerability in pages/admin/surveys/create.php in the WP Survey And Quiz Tool plugin 1.2.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the action parameter. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en pages/admin/surveys/create.php del complemento WP Survey And Quiz Tool 1.2.1 de WordPress. Permite a usuarios remotos inyectar codigo de script web o código HTML de su elección a través del parámetro action. • http://osvdb.org/69074 http://packetstormsecurity.org/1011-exploits/wpsurvey-xss.txt http://secunia.com/advisories/42196 http://www.johnleitch.net/Vulnerabilities/WordPress.Survery.And.Quiz.Tool.1.2.1.Reflected.Cross-site.Scripting/57 https://exchange.xforce.ibmcloud.com/vulnerabilities/63056 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 2CVE-2010-4637 – FeedList <= 2.61.03 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2010-4637
Cross-site scripting (XSS) vulnerability in feedlist/handler_image.php in the FeedList plugin 2.61.01 for WordPress allows remote attackers to inject arbitrary web script or HTML via the i parameter. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en feedlist/handler_image.php del complemento FeedList 2.61.01 de WordPress. Permite a usuarios remotos inyectar codigo de script web o código HTML de su elección a través del parámetro i. • http://osvdb.org/69071 http://packetstormsecurity.org/1011-exploits/wpfeedlist-xss.txt http://secunia.com/advisories/42197 http://www.johnleitch.net/Vulnerabilities/WordPress.Feed.List.2.61.01.Reflected.Cross-site.Scripting/56 https://exchange.xforce.ibmcloud.com/vulnerabilities/63055 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •