CVSS: 9.8EPSS: 2%CPEs: 2EXPL: 2CVE-2008-6811 – Instinct WP e-Commerce <= 3.4 - Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2008-6811
Unrestricted file upload vulnerability in image_processing.php in the e-Commerce Plugin 3.4 and earlier for Wordpress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in wp-content/plugins/wp-shopping-cart/. Vulnerabilidad de carga de archivos sin restricciones en image_processing.php en e-Commerce Plugin v3.4 y anteriores para Wordpress, permite a atacantes remotos ejecutar código de su elección subiendo un fichero con extensión ejecutable, y luego accediendo a él mediante una petición directa al fichero en wp-content/plugins/wp-shopping-cart/. • https://www.exploit-db.com/exploits/6867 http://www.securityfocus.com/bid/31982 https://exchange.xforce.ibmcloud.com/vulnerabilities/46224 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 2CVE-2008-4625 – ShiftThis Newsletter <= 2.3.1 - SQL Injection
https://notcve.org/view.php?id=CVE-2008-4625
SQL injection vulnerability in stnl_iframe.php in the ShiftThis Newsletter (st_newsletter) plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the newsletter parameter, a different vector than CVE-2008-0683. Vulnerabilidad de inyección SQL en stnl_iframe.php en el plugin ShiftThis Newsletter (st_newsletter) para WordPress permite a atacantes remotos ejecutar comandos SQL de su elección mediante el parámetro "newsletter", siendo un vector diferente que CVE-2008-0683. • https://www.exploit-db.com/exploits/6777 http://secunia.com/advisories/32336 http://securityreason.com/securityalert/4446 http://www.securityfocus.com/bid/31806 https://exchange.xforce.ibmcloud.com/vulnerabilities/45981 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.2EPSS: 0%CPEs: 3EXPL: 1CVE-2008-4733 – WP Comment Remix <= 1.4.3 - SQL Injection
https://notcve.org/view.php?id=CVE-2008-4733
Cross-site scripting (XSS) vulnerability in wpcommentremix.php in WP Comment Remix plugin before 1.4.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the (1) replytotext, (2) quotetext, (3) originallypostedby, (4) sep, (5) maxtags, (6) tagsep, (7) tagheadersep, (8) taglabel, and (9) tagheaderlabel parameters. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en wpcommentremix.php en el plugin WP Comment Remix versiones anteriores a v1.4.4 para WordPress permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección mediante los parámetros (1) "replytotext", (2) "quotetext", (3) "originallypostedby", (4) sep, (5) "maxtags", (6) "tagsep", (7) tagheadersep, (8) "taglabel", y (9) "tagheaderlabel". • http://chxsecurity.org/advisories/adv-3-full.txt http://secunia.com/advisories/32253 http://securityreason.com/securityalert/4492 http://www.securityfocus.com/archive/1/497313/100/0/threaded http://www.securityfocus.com/bid/31750 https://exchange.xforce.ibmcloud.com/vulnerabilities/45861 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 3CVE-2008-4732 – WP Comment Remix < 1.4.4 - SQL Injection
https://notcve.org/view.php?id=CVE-2008-4732
SQL injection vulnerability in ajax_comments.php in the WP Comment Remix plugin before 1.4.4 for WordPress allows remote attackers to execute arbitrary SQL commands via the p parameter. Vulnerabilidad de inyección SQL en ajax_comments.php en el plugin WP Comment Remix versiones anteriores a v1.4.4 para WordPress permite a atacantes remotos ejecutar comandos SQL de su elección mediante el parámetro "q". • https://www.exploit-db.com/exploits/6747 http://chxsecurity.org/advisories/adv-3-full.txt http://secunia.com/advisories/32253 http://securityreason.com/securityalert/4492 http://www.securityfocus.com/archive/1/497313/100/0/threaded http://www.securityfocus.com/bid/31750 https://exchange.xforce.ibmcloud.com/vulnerabilities/45860 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2008-4734 – WP Comment Remix < 1.4.4 - Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-2008-4734
Cross-site request forgery (CSRF) vulnerability in the wpcr_do_options_page function in WP Comment Remix plugin before 1.4.4 for WordPress allows remote attackers to perform unauthorized actions as administrators via a request that sets the wpcr_hidden_form_input parameter. Vulnerabilidad de falsificación de petición en sitios cruzados (CSRF) en la función wpcr_do_options_page en WP Comment Remix versiones anteriores a v1.4.4 plugin para WordPress permite a atacantes remotos realizar acciones no autorizadas como si fueran administradores mediante una petición para fijar el parámetro "wpcr_hidden_form_input". • http://chxsecurity.org/advisories/adv-3-full.txt http://secunia.com/advisories/32253 http://securityreason.com/securityalert/4492 http://www.securityfocus.com/archive/1/497313/100/0/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/45862 • CWE-352: Cross-Site Request Forgery (CSRF) •