NotCVE - vendor:"Automattic"

Page 11 of 58 results (0.003 seconds)

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

CVE-2015-9359 – Jetpack <= 3.4.2 - Reflected Cross-Site Scripting

https://notcve.org/view.php?id=CVE-2015-9359

The Jetpack plugin before 3.4.3 for WordPress has XSS via add_query_arg() and remove_query_arg(). El plugin Jetpack anterior a 3.4.3 para WordPress tiene una vulnerabilidad XSS a través de add_query_arg () y remove_query_arg (). • https://blog.sucuri.net/2015/04/security-advisory-xss-vulnerability-affecting-multiple-wordpress-plugins.html https://jetpack.com/2015/04/20/jetpack-3-4-3-coordinated-security-update • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.4EPSS: 0%CPEs: 3EXPL: 3

CVE-2015-3429 – Twenty Fifteen Theme <= 1.1 & WordPress Core < 4.2.2 - Cross-Site Scripting via example.html

https://notcve.org/view.php?id=CVE-2015-3429

Cross-site scripting (XSS) vulnerability in example.html in Genericons before 3.3.1, as used in WordPress before 4.2.2, allows remote attackers to inject arbitrary web script or HTML via a fragment identifier. Vulnerabilidad de XSS en example.html en Genericons anterior a 3.3.1, utilizado en WordPress anterior a 4.2.2, permite a atacantes remotos inyectar secuencias de comandos web arbitrarios o HTML a través de un identificador de fragmentos. WordPress Twenty Fifteen theme version 4.2.1 suffers from a cross site scripting vulnerability. • http://lists.fedoraproject.org/pipermail/package-announce/2015-May/158271.html http://lists.fedoraproject.org/pipermail/package-announce/2015-May/158278.html http://packetstormsecurity.com/files/131802/WordPress-Twenty-Fifteen-4.2.1-Cross-Site-Scripting.html http://seclists.org/fulldisclosure/2015/May/41 http://www.debian.org/security/2015/dsa-3328 http://www.securityfocus.com/archive/1/535486/100/1000/threaded http://www.securityfocus.com/bid/74534 https://github.com/Automattic/Genericons/comm • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

CVE-2013-2008 – WP Super Cache Plugin <= 1.3 - Multiple Cross-Site Scripting

https://notcve.org/view.php?id=CVE-2013-2008

WordPress Super Cache Plugin 1.3 has XSS. WordPress Super Cache Plugin versión 1.3, presenta una vulnerabilidad de tipo XSS. The WordPress Super Cache Plugin 1.3 has XSS via several vulnerable parameters. • http://www.openwall.com/lists/oss-security/2013/04/24/10 http://www.openwall.com/lists/oss-security/2013/04/24/8 https://exchange.xforce.ibmcloud.com/vulnerabilities/83798 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 1

CVE-2013-2011 – WP Super Cache < 1.3.2 - Remote Code Execution

https://notcve.org/view.php?id=CVE-2013-2011

WordPress W3 Super Cache Plugin before 1.3.2 contains a PHP code-execution vulnerability which could allow remote attackers to inject arbitrary code. This issue exists because of an incomplete fix for CVE-2013-2009. WordPress W3 Super Cache Plugin versiones anteriores a 1.3.2, contiene una vulnerabilidad de ejecución de código PHP que podría permitir a atacantes remotos inyectar código arbitrario. Este problema se presenta debido a una corrección incompleta para CVE-2013-2009. • http://www.openwall.com/lists/oss-security/2013/04/25/4 http://www.securityfocus.com/bid/59473 https://exchange.xforce.ibmcloud.com/vulnerabilities/83800 https://security-tracker.debian.org/tracker/CVE-2013-2011 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-116: Improper Encoding or Escaping of Output •

CVSS: 8.8EPSS: 4%CPEs: 1EXPL: 3

CVE-2013-2009 – WP Super Cache <= 1.2 - Remote Code Execution

https://notcve.org/view.php?id=CVE-2013-2009

WordPress WP Super Cache Plugin 1.2 has Remote PHP Code Execution WordPress WP Super Cache Plugin versión 1.2, presenta una Ejecución de Código PHP Remota. The WP Super Cache plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 1.2. This allows unauthenticated attackers to execute code on the server. • https://www.exploit-db.com/exploits/38494 http://www.openwall.com/lists/oss-security/2013/04/24/10 http://www.openwall.com/lists/oss-security/2013/04/24/12 http://www.openwall.com/lists/oss-security/2013/04/24/8 http://www.securityfocus.com/bid/59470 https://exchange.xforce.ibmcloud.com/vulnerabilities/83799 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

1...9 10 11 12