CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2008-0837 – Search Unleashed <= 0.2.10 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2008-0837
Cross-site scripting (XSS) vulnerability in the log feature in the John Godley Search Unleashed 0.2.10 plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter, which is not properly handled when the administrator views the log file. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Plugin John Godley Search Unleashed 0.2.10 para WordPress, que permite a atacantes remotos inyectar secuencias de comandos web o html de su elección a través del parámetro "s", que no se encuentra manejado adecuadamente cuando el administrador revisa el fichero de logs. • http://secunia.com/advisories/28968 http://securityreason.com/securityalert/3674 http://urbangiraffe.com/tracker/issues/show/60 http://www.securityfocus.com/archive/1/488109/100/0/threaded http://www.securityfocus.com/bid/27791 https://exchange.xforce.ibmcloud.com/vulnerabilities/40513 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 2CVE-2008-1304 – WordPress Core <= 2.3.2 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2008-1304
Multiple cross-site scripting (XSS) vulnerabilities in WordPress 2.3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) inviteemail parameter in an invite action to wp-admin/users.php and the (2) to parameter in a sent action to wp-admin/invites.php. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en WordPress 2.3.2 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de los parámetros (1) inviteemail en una acción invite a wp-admin/users.php y (2) to en una acción sent a wp-admin/invites.php. • https://www.exploit-db.com/exploits/31356 https://www.exploit-db.com/exploits/31357 http://securityreason.com/securityalert/3732 http://securitytracker.com/id?1019564 http://www.hackerscenter.com/index.php?/Latest-posts/114-WordPress-Multiple-Cross-Site-Scripting-Vulnerabilities.html?id=114 http://www.securityfocus.com/archive/1/489241/100/0/threaded http://www.securityfocus.com/bid/28139 https://exchange.xforce.ibmcloud.com/vulnerabilities/41055 https://exchange.xforce.ibmcloud.com/vulnerabilities&# • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 2CVE-2008-0683 – ShiftThis (Unspecified Version) - SQL Injection
https://notcve.org/view.php?id=CVE-2008-0683
SQL injection vulnerability in shiftthis-preview.php in the ShiftThis Newsletter (st_newsletter) plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the newsletter parameter. Una vulnerabilidad de inyección SQL en el archivo shiftthis-preview.php en el plugin ShiftThis Newsletter (st_newsletter) para WordPress, permite a los atacantes remotos ejecutar comandos SQL arbitrarios por medio del parámetro newsletter. • https://www.exploit-db.com/exploits/5053 http://www.securityfocus.com/bid/27586 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 39EXPL: 1CVE-2008-0682 – WordSpew <= 3.71 - SQL Injection
https://notcve.org/view.php?id=CVE-2008-0682
SQL injection vulnerability in wordspew-rss.php in the Wordspew plugin before 3.72 for Wordpress allows remote attackers to execute arbitrary SQL commands via the id parameter. Una vulnerabilidad de inyección SQL en el archivo wordspew-rss.php en el plugin Wordspew versiones anteriores a 3.72 para Wordpress, permite a los atacantes remotos ejecutar comandos SQL arbitrarios por medio del parámetro id. • https://www.exploit-db.com/exploits/5039 http://pierre.sudarovich.free.fr/index.php/2006/02/28/ajax-shoutbox http://secunia.com/advisories/28767 http://www.securityfocus.com/bid/27583 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 1CVE-2008-0691 – WP-Footnotes <= 2.2 - Multiple Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2008-0691
Multiple cross-site scripting (XSS) vulnerabilities in admin_panel.php in the Simon Elvery WP-Footnotes 2.2 plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) wp_footnotes_current_settings[priority], (2) wp_footnotes_current_settings[style_rules], (3) wp_footnotes_current_settings[pre_footnotes], and (4) wp_footnotes_current_settings[post_footnotes] parameters. Múltiples vulnerabilidades de secuencias de sitios cruzados (XSS) en admin_panel.php de la extensión Simon Elvery WP-Footnotes 2.2 para WordPress permiten a atacantes remoros inyectar web script o HTML de su elección a través de los parámetros (1) wp_footnotes_current_settings[priority], (2) wp_footnotes_current_settings[style_rules], (3) wp_footnotes_current_settings[pre_footnotes], y (4) wp_footnotes_current_settings[post_footnotes]. • https://www.exploit-db.com/exploits/31092 http://secunia.com/advisories/28772 http://securityreason.com/securityalert/3634 http://www.securityfocus.com/archive/1/487430/100/0/threaded http://www.securityfocus.com/bid/27572 https://exchange.xforce.ibmcloud.com/vulnerabilities/40218 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •