CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2016-5836 – WordPress Core < 4.5.3 - Denial of Service via oEmbed Protocol
https://notcve.org/view.php?id=CVE-2016-5836
18 Jun 2016 — The oEmbed protocol implementation in WordPress before 4.5.3 allows remote attackers to cause a denial of service via unspecified vectors. El protocolo de implementación de oEmbed en WordPress en versiones anteriores a 4.5.3 permite a atacantes remotos provocar una denegación de servicio a través de vectores no especificados. • http://www.securityfocus.com/bid/91363 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 6.4EPSS: 0%CPEs: 2EXPL: 0CVE-2016-4567 – WordPress Core < 4.5.2 - Cross-Site Scripting via MediaElement.js
https://notcve.org/view.php?id=CVE-2016-4567
06 May 2016 — Cross-site scripting (XSS) vulnerability in flash/FlashMediaElement.as in MediaElement.js before 2.21.0, as used in WordPress before 4.5.2, allows remote attackers to inject arbitrary web script or HTML via an obfuscated form of the jsinitfunction parameter, as demonstrated by "jsinitfunctio%gn." Vulnerabilidad de XSS en flash/FlashMediaElement.as en MediaElement.js en versiones anteriores a 2.21.0, como se utiliza en WordPress en versiones anteriores a 4.5.2, permite a atacantes remotos inyectar secuencias... • http://www.openwall.com/lists/oss-security/2016/05/07/2 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 1%CPEs: 2EXPL: 0CVE-2016-4566 – WordPress Core < 4.5.2 - Cross-Site Scripting via plupload.flash.swf
https://notcve.org/view.php?id=CVE-2016-4566
06 May 2016 — Cross-site scripting (XSS) vulnerability in plupload.flash.swf in Plupload before 2.1.9, as used in WordPress before 4.5.2, allows remote attackers to inject arbitrary web script or HTML via a Same-Origin Method Execution (SOME) attack. Vulnerabilidad de XSS en plupload.flash.swf en Plupload en versiones anteriores a 2.1.9, como se utiliza en WordPress en versiones anteriores a 4.5.2, permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de un ataque Same-Origin Method ... • http://www.openwall.com/lists/oss-security/2016/05/07/2 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2016-6634 – WordPress Core < 4.5 - Cross-Site Scripting via Network Settings Page
https://notcve.org/view.php?id=CVE-2016-6634
12 Apr 2016 — Cross-site scripting (XSS) vulnerability in the network settings page in WordPress before 4.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en la página de configuración de red en WordPress en versiones anteriores a 4.5 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados. • http://codex.wordpress.org/Version_4.5 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2016-6635 – WordPress Core < 4.5 - Cross-Site Request Forgery via wp_ajax_wp_compression_test
https://notcve.org/view.php?id=CVE-2016-6635
12 Mar 2016 — Cross-site request forgery (CSRF) vulnerability in the wp_ajax_wp_compression_test function in wp-admin/includes/ajax-actions.php in WordPress before 4.5 allows remote attackers to hijack the authentication of administrators for requests that change the script compression option. Vulnerabilidad de CSRF en la función wp_ajax_wp_compression_test en wp-admin/includes/ajax-actions.php en WordPress en versiones anteriores a 4.5 permite a atacantes remotos secuestrar la autenticación de administradores para petic... • http://codex.wordpress.org/Version_4.5 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.4EPSS: 0%CPEs: 1EXPL: 0CVE-2016-2221 – WordPress Core < 4.4.2 - Open Redirect via wp_validate_redirect
https://notcve.org/view.php?id=CVE-2016-2221
02 Feb 2016 — Open redirect vulnerability in the wp_validate_redirect function in wp-includes/pluggable.php in WordPress before 4.4.2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a malformed URL that triggers incorrect hostname parsing, as demonstrated by an https:example.com URL. Vulnerabilidad de redirección abierta en la función wp_validate_redirect en wp-includes/pluggable.php en WordPress en versiones anteriores a 4.4.2 permite a atacantes remotos redirigir a los ... • http://www.debian.org/security/2016/dsa-3472 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2016-1564 – WordPress Core < 4.4.1 - Cross-Site Scripting via Theme Names
https://notcve.org/view.php?id=CVE-2016-1564
14 Jan 2016 — Multiple cross-site scripting (XSS) vulnerabilities in wp-includes/class-wp-theme.php in WordPress before 4.4.1 allow remote attackers to inject arbitrary web script or HTML via a (1) stylesheet name or (2) template name to wp-admin/customize.php. Múltiples vulnerabilidades de XSS en wp-includes/class-wp-theme.php en WordPress en versiones anteriores a 4.4.1 permiten a atacantes remotos inyectar comandos de web o HTML arbitrarios a través de (1) nombre de hoja de estilo o (2) nombre de plantilla para wp-adm... • http://twitter.com/brutelogic/statuses/685105483397619713 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2015-7989 – WordPress Core < 4.3.1 - Authenticated Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2015-7989
15 Sep 2015 — Cross-site scripting (XSS) vulnerability in the user list table in WordPress before 4.3.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted e-mail address, a different vulnerability than CVE-2015-5714. Vulnerabilidad de XSS en la tabla de lista de usuarios en WordPress en versiones anteriores a 4.3.1 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través de una dirección de e-mail manipulada, una vulnerabilidad diferente d... • http://www.debian.org/security/2015/dsa-3375 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2015-5714 – WordPress Core < 4.3.1 - Cross-Site Scripting via Shortcodes
https://notcve.org/view.php?id=CVE-2015-5714
15 Sep 2015 — Cross-site scripting (XSS) vulnerability in WordPress before 4.3.1 allows remote attackers to inject arbitrary web script or HTML by leveraging the mishandling of unclosed HTML elements during processing of shortcode tags. Vulnerabilidad de XSS en WordPress en versiones anteriores a 4.3.1 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios aprovechando el manejo incorrecto de elementos HTML no cerrados durante el procesamiento de etiquetas acortadas. Several vulnerabilities ha... • http://www.debian.org/security/2015/dsa-3375 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2015-5715 – WordPress Core < 4.3.1 - Authorization Bypass to Information Disclosure
https://notcve.org/view.php?id=CVE-2015-5715
15 Sep 2015 — The mw_editPost function in wp-includes/class-wp-xmlrpc-server.php in the XMLRPC subsystem in WordPress before 4.3.1 allows remote authenticated users to bypass intended access restrictions, and arrange for a private post to be published and sticky, via unspecified vectors. La función mw_editPost en wp-includes/class-wp-xmlrpc-server.php en el subsistema XMLRPC en WordPress en versiones anteriores a 4.3.1 permite a usuarios remotos autenticados eludir las restricciones destinadas al acceso y disponer para u... • http://www.debian.org/security/2015/dsa-3375 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-264: Permissions, Privileges, and Access Controls •