CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2007-3241 – Cordobo Green Park (All Versions) - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2007-3241
Cross-site scripting (XSS) vulnerability in blogroll.php in the cordobo-green-park theme for WordPress allows remote attackers to inject arbitrary web script or HTML via the PHP_SELF portion of a URI. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en blogroll.php en el tema cordobo-green-park para WordPress permite a atacantes remotos inyectar scripts web o HTML de su elección mediante la porción PHP_SELF de un URI. • http://osvdb.org/36817 http://securityreason.com/securityalert/2807 http://www.securityfocus.com/archive/1/470837/100/0/threaded http://www.xssnews.com • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2007-3240 – Vistered Little (Unspecified Version) - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2007-3240
Cross-site scripting (XSS) vulnerability in 404.php in the Vistered-Little theme for WordPress allows remote attackers to inject arbitrary web script or HTML via the URI (REQUEST_URI) that accesses index.php. NOTE: this can be leveraged for PHP code execution in an administrative session. Vulnerabilidad de secuencia de comandos en sitios cruzados (XSS) en 404.php en el tema Vistered-Little para WordPress permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del URI(REQUEST_URI) que accede a index.php. NOTA: Esto puede ser aprovechado para ejecutar código PHP en una sesión administrativa. The Vistered Little theme for WordPress is vulnerable to Reflected Cross-Site Scripting via the the URI (REQUEST_URI) that accesses index.php in all known versions due to insufficient input sanitization and output escaping. • http://osvdb.org/37441 http://securityreason.com/securityalert/2807 http://www.securityfocus.com/archive/1/470837/100/0/threaded http://www.xssnews.com • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 9%CPEs: 1EXPL: 1CVE-2007-3140 – WordPress Core <= 2.2 - SQL Injection
https://notcve.org/view.php?id=CVE-2007-3140
SQL injection vulnerability in xmlrpc.php in WordPress 2.2 allows remote authenticated users to execute arbitrary SQL commands via a parameter value in an XML RPC wp.suggestCategories methodCall, a different vector than CVE-2007-1897. Vulnerabilidad de inyección SQL en xmlrpc.php de WordPress 2.2 permite a usuarios remotos autenticados ejecutar comandos SQL de su elección a través de un valor de parámetro en una llamada de método XML RPC wp.suggestCategories, vector distinto de CVE-2007-1897. • https://www.exploit-db.com/exploits/4039 http://osvdb.org/36321 http://secunia.com/advisories/25552 http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.021.html http://www.securityfocus.com/bid/24344 http://www.vupen.com/english/advisories/2007/2099 https://exchange.xforce.ibmcloud.com/vulnerabilities/34746 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 3%CPEs: 1EXPL: 0CVE-2007-3239 – AndyBlue Theme < 1.5 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2007-3239
Cross-site scripting (XSS) vulnerability in searchform.php in the AndyBlue theme before 20070607 for WordPress allows remote attackers to inject arbitrary web script or HTML via the PHP_SELF portion of a URI to index.php. NOTE: this can be leveraged for PHP code execution in an administrative session. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en searchform.php en el tema AndyBlue versiones anteriores a 20070607 para WordPress permite a atacantes remotos inyectar scripts web o HTML de su elección mediante la porción de un URI, PHP_SELF en idex.php. NOTA. Esto puede ser aprovechado para ejecutar código PHP en una sesión administrativa. Cross-site scripting (XSS) vulnerability in searchform.php in the AndyBlue theme before 1.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the PHP_SELF portion of a URI to index.php. • http://osvdb.org/36379 http://secunia.com/advisories/25659 http://securityreason.com/securityalert/2807 http://www.securityfocus.com/archive/1/470837/100/0/threaded http://www.securityfocus.com/bid/24490 http://www.xssnews.com • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2007-4166 – Unnamed < 1.2.17.1 and Unnamed SE < 1.0.3 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2007-4166
Cross-site scripting (XSS) vulnerability in index.php in the Unnamed theme 1.217, and Special Edition (SE) 1.02, before 20070804 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter, possibly a related issue to CVE-2007-2757, CVE-2007-4014, and CVE-2007-4165. NOTE: some of these details are obtained from third party information. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en index.php en el tema Unnamed 1.217, y Special Edition (SE) 1.02, anterior al 4/08/2007 para WordPress permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través del parámetro s, posiblemente un problema relacionado con CVE-2007-2757, CVE-2007-4014, Y CVE-2007-4165. NOTA: algunos de estos detalles se han obtenido de información de terceros. Cross-site scripting (XSS) vulnerability in index.php in the Unnamed theme before 1.2.17.1, and Special Edition (SE) 1.02, before 20070804 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter, possibly a related issue to CVE-2007-2757, CVE-2007-4014, and CVE-2007-4165. • http://osvdb.org/36604 http://secunia.com/advisories/26321 http://www.securityfocus.com/bid/25215 http://xuyiyang.com/2007/06/29/unnamed-1-217 https://exchange.xforce.ibmcloud.com/vulnerabilities/35821 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •