CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 4CVE-2010-4875 – Vodpod Video Gallery <= 3.1.7 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2010-4875
Cross-site scripting (XSS) vulnerability in vodpod-video-gallery/vodpod_gallery_thumbs.php in the Vodpod Video Gallery Plugin 3.1.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the gid parameter. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en vodpod-video-gallery/vodpod_gallery_thumbs.php en el Plugin Vodpod Video Gallery v3.1.5 para WordPress, permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través del parámetro gid. Cross-site scripting (XSS) vulnerability in vodpod-video-gallery/vodpod_gallery_thumbs.php in the Vodpod Video Gallery Plugin 3.1.7 for WordPress allows remote attackers to inject arbitrary web script or HTML via the gid parameter. • https://www.exploit-db.com/exploits/34976 http://osvdb.org/69084 http://packetstormsecurity.org/1011-exploits/wpvodpod-xss.txt http://secunia.com/advisories/42195 http://securityreason.com/securityalert/8431 http://www.johnleitch.net/Vulnerabilities/WordPress.Vodpod.Video.Gallery.3.1.5.Reflected.Cross-site.Scripting/58 https://exchange.xforce.ibmcloud.com/vulnerabilities/63057 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 2CVE-2010-3977 – CformsII <=11.5 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2010-3977
Multiple cross-site scripting (XSS) vulnerabilities in wp-content/plugins/cforms/lib_ajax.php in cforms WordPress plugin 11.5 allow remote attackers to inject arbitrary web script or HTML via the (1) rs and (2) rsargs[] parameters. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados en wp-content/plugins/cforms/lib_ajax.php en el plugin cforms WordPress v11.5, permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través de los parámetros (1) rs y (2) rsargs[]. Multiple cross-site scripting (XSS) vulnerabilities in wp-content/plugins/cforms/lib_ajax.php in cformsII(cforms 2) WordPress plugin 11.5 allow remote attackers to inject arbitrary web script or HTML via the (1) rs and (2) rsargs[] parameters. The cforms WordPress plugin suffers from a cross site scripting vulnerability. Version 11.5 is affected. • https://www.exploit-db.com/exploits/34946 http://secunia.com/advisories/42006 http://www.conviso.com.br/security-advisory-cform-wordpress-plugin-v-11-cve-2010-3977 http://www.securityfocus.com/archive/1/514579/100/0/threaded http://www.securityfocus.com/bid/44587 https://exchange.xforce.ibmcloud.com/vulnerabilities/62938 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.7EPSS: 0%CPEs: 47EXPL: 2CVE-2010-5297 – WordPress Core < 3.0.1 - Missing Authorization
https://notcve.org/view.php?id=CVE-2010-5297
WordPress before 3.0.1, when a Multisite installation is used, permanently retains the "site administrators can add users" option once changed, which might allow remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances via an add action after a temporary change. WordPress anterior a la versión 3.0.1, cuando se usa una instalación Multisite, conserva permanentemente la opción "los usuarios pueden añadir administradores al sitio" una vez cambiada, lo que podría permitir a administradores remotos autenticados evadir restricciones de acceso intencionadas en circunstancias oportunistas a través de una acción de añadido después de un cambio temporal. • http://codex.wordpress.org/Changelog/3.0.1 http://core.trac.wordpress.org/query?status=closed&group=resolution&order=priority&milestone=3.0.1&resolution=fixed https://core.trac.wordpress.org/changeset/15342 https://core.trac.wordpress.org/ticket/14119 • CWE-264: Permissions, Privileges, and Access Controls CWE-862: Missing Authorization •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 2CVE-2010-2924 – myLinksDump <= 1.2 - SQL Injection
https://notcve.org/view.php?id=CVE-2010-2924
SQL injection vulnerability in myLDlinker.php in the myLinksDump Plugin 1.2 for WordPress allows remote attackers to execute arbitrary SQL commands via the url parameter. NOTE: some of these details are obtained from third party information. Vulnerabilidad de inyección SQL en myLDlinker.php del complemento myLinksDump v1.2 de WordPress permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro url. NOTA: algunos de estos detalles han sido obtenidos de información de terceras partes. • https://www.exploit-db.com/exploits/14441 http://osvdb.org/66566 http://secunia.com/advisories/40692 http://www.exploit-db.com/exploits/14441 https://exchange.xforce.ibmcloud.com/vulnerabilities/60591 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 1%CPEs: 57EXPL: 4CVE-2010-1186 – WordPress Gallery Plugin – NextGEN Gallery <= 1.5.1 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2010-1186
Cross-site scripting (XSS) vulnerability in xml/media-rss.php in the NextGEN Gallery plugin before 1.5.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the mode parameter. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en xml/media-rss.php del complemento NextGEN Gallery anterior a v1.5.2 para WordPress, permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través del parámetro "mode". • https://www.exploit-db.com/exploits/12098 http://secunia.com/advisories/39341 http://wordpress.org/extend/plugins/nextgen-gallery/changelog http://www.coresecurity.com/content/nextgen-gallery-xss-vulnerability http://www.exploit-db.com/exploits/12098 http://www.securityfocus.com/bid/39250 http://www.vupen.com/english/advisories/2010/0821 https://exchange.xforce.ibmcloud.com/vulnerabilities/57562 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •