CVSS: 9.8EPSS: 2%CPEs: 1EXPL: 1CVE-2008-0222 – Wp-FileManager <= 1.2 - Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2008-0222
Unrestricted file upload vulnerability in ajaxfilemanager.php in the Wp-FileManager 1.2 plugin for WordPress allows remote attackers to upload and execute arbitrary PHP code via unspecified vectors. Vulnerabilidad de subida de ficheros no restringida en ajaxfilemanager.php de la extensión (plugin) Wp-FileManager 1.2 para WordPress permite a atacantes remotos subir y ejecutar ficheros PHP de su elección mediante vectores no especificados. • https://www.exploit-db.com/exploits/4844 http://www.securityfocus.com/bid/27151 https://exchange.xforce.ibmcloud.com/vulnerabilities/39462 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2008-0204 – Math Comment Spam Protection <= 2.1 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2008-0204
Multiple cross-site scripting (XSS) vulnerabilities in math-comment-spam-protection.php in the Math Comment Spam Protection 2.1 and earlier plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) mcsp_opt_msg_no_answer or (2) mcsp_opt_msg_wrong_answer parameter to wp-admin/options-general.php. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en math-comment-spam-protection.php de la extensión Math Comment Spam Protection 2.1 y anteriores para WordPress permiten a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través de los parámetros (1) mcsp_opt_msg_no_answer o (2) mcsp_opt_msg_wrong_answer de wp-admin/options-general.php. • http://lists.grok.org.uk/pipermail/full-disclosure/2008-January/059439.html http://securityreason.com/securityalert/3539 http://websecurity.com.ua/1576 http://www.securityfocus.com/archive/1/485786/100/0/threaded • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 1%CPEs: 2EXPL: 0CVE-2008-0191 – WordPress Core < 2.5 - Full Path Disclosure
https://notcve.org/view.php?id=CVE-2008-0191
WordPress 2.2.x and 2.3.x allows remote attackers to obtain sensitive information via an invalid p parameter in an rss2 action to the default URI, which reveals the full path and the SQL database structure. WordPress 2.2.x y 2.3.x permite a atacantes remotos obtener información sensible mediante un parámetro p inválido en una acción rss2 al URI por defecto, lo cual revela la ruta completa y la estructura de base de datos SQL. • http://lists.grok.org.uk/pipermail/full-disclosure/2008-January/059439.html http://securityreason.com/securityalert/3539 http://securityvulns.ru/Sdocument663.html http://websecurity.com.ua/1634 http://www.securityfocus.com/archive/1/485786/100/0/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/39423 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 1CVE-2007-6369 – PictPress <= 0.91 - Directory Traversal
https://notcve.org/view.php?id=CVE-2007-6369
Multiple directory traversal vulnerabilities in resize.php in the PictPress 0.91 and earlier plugin for WordPress allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) size or (2) path parameter. Múltiples vulnerablidades de cruce de directorios en resize.php del plugin PictPress (0.91 y anteriores) para WordPress. Permite que atacantes remotos lean archivos a su elección, usando .. (punto punto) en los parámetros (1) size o (2) path. • https://www.exploit-db.com/exploits/4695 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2008-0203 – Cryptographp <= 1.2 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2008-0203
Multiple cross-site scripting (XSS) vulnerabilities in cryptographp/admin.php in the Cryptographp 1.2 and earlier plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) cryptwidth, (2) cryptheight, (3) bgimg, (4) charR, (5) charG, (6) charB, (7) charclear, (8) tfont, (9) charel, (10) charelc, (11) charelv, (12) charnbmin, (13) charnbmax, (14) charspace, (15) charsizemin, (16) charsizemax, (17) charanglemax, (18) noisepxmin, (19) noisepxmax, (20) noiselinemin, (21) noiselinemax, (22) nbcirclemin, (23) nbcirclemax, or (24) brushsize parameter to wp-admin/options-general.php. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en cryptographp/admin.php en la extensión (plugin) Cryptographp 1.2 y anteriores para WordPress permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección mediante los parámetros (1) cryptwidth, (2) cryptheight, (3) bgimg, (4) charR, (5) charG, (6) charB, (7) charclear, (8) tfont, (9) charel, (10) charelc, (11) charelv, (12) charnbmin, (13) charnbmax, (14) charspace, (15) charsizemin, (16) charsizemax, (17) charanglemax, (18) noisepxmin, (19) noisepxmax, (20) noiselinemin, (21) noiselinemax, (22) nbcirclemin, (23) nbcirclemax, o (24) brushsize a wp-admin/options-general.php. • http://lists.grok.org.uk/pipermail/full-disclosure/2008-January/059439.html http://securityreason.com/securityalert/3539 http://websecurity.com.ua/1596 http://www.securityfocus.com/archive/1/485786/100/0/threaded • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •