NotCVE - vendor:"Wordpress" product:"Wordpress" version:"3.1"

Page 13 of 202 results (0.011 seconds)

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

CVE-2015-5733 – WordPress Core < 4.2.4 - Stored Cross-Site Scripting via accessibility-helper Title

https://notcve.org/view.php?id=CVE-2015-5733

04 Aug 2015 — Cross-site scripting (XSS) vulnerability in the refreshAdvancedAccessibilityOfItem function in wp-admin/js/nav-menu.js in WordPress before 4.2.4 allows remote attackers to inject arbitrary web script or HTML via an accessibility-helper title. Vulnerabilidad de XSS en la función refreshAdvancedAccessibilityOfItem en wp-admin/js/nav-menu.js en WordPress en versiones anteriores a 4.2.4 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de un título de asistente de acces... • http://openwall.com/lists/oss-security/2015/08/04/7 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2015-2213 – WordPress Core < 4.2.4 - SQL Injection

https://notcve.org/view.php?id=CVE-2015-2213

04 Aug 2015 — SQL injection vulnerability in the wp_untrash_post_comments function in wp-includes/post.php in WordPress before 4.2.4 allows remote attackers to execute arbitrary SQL commands via a comment that is mishandled after retrieval from the trash. Vulnerabilidad de inyección SQL en la función wp_untrash_post_comments en wp-includes/post.php en WordPress en versiones anteriores a 4.2.4 permite a atacantes remotos ejecutar comandos SQL arbitrarios a través de un comentario que no es manejado correctamente después d... • http://openwall.com/lists/oss-security/2015/08/04/7 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0

CVE-2015-5730 – WordPress Core < 4.2.4 - Timing Side-Channel Attack

https://notcve.org/view.php?id=CVE-2015-5730

04 Aug 2015 — The sanitize_widget_instance function in wp-includes/class-wp-customize-widgets.php in WordPress before 4.2.4 does not use a constant-time comparison for widgets, which allows remote attackers to conduct a timing side-channel attack by measuring the delay before inequality is calculated. La función sanitize_widget_instance en wp-includes/class-wp-customize-widgets.php en WordPress en versiones anteriores a 4.2.4 no usa una comparación a tiempo constante para los widgets, lo que permite a atacantes remotos l... • http://openwall.com/lists/oss-security/2015/08/04/7 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-208: Observable Timing Discrepancy •

CVSS: 9.6EPSS: 0%CPEs: 1EXPL: 0

CVE-2015-5731 – WordPress Core < 4.2.4 - Cross-Site Request Forgery to Post Lockage

https://notcve.org/view.php?id=CVE-2015-5731

04 Aug 2015 — Cross-site request forgery (CSRF) vulnerability in wp-admin/post.php in WordPress before 4.2.4 allows remote attackers to hijack the authentication of administrators for requests that lock a post, and consequently cause a denial of service (editing blockage), via a get-post-lock action. Vulnerabilidad de CSRF en wp-admin/post.php en WordPress en versiones anteriores a 4.2.4 permite a atacantes remotos secuestrar la autenticación de los administradores para peticiones que bloquean una entrada, y por tanto ca... • http://openwall.com/lists/oss-security/2015/08/04/7 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

CVE-2015-5732 – WordPress Core < 4.2.4 - Cross-Site Scripting via Widget Title

https://notcve.org/view.php?id=CVE-2015-5732

04 Aug 2015 — Cross-site scripting (XSS) vulnerability in the form function in the WP_Nav_Menu_Widget class in wp-includes/default-widgets.php in WordPress before 4.2.4 allows remote attackers to inject arbitrary web script or HTML via a widget title. Vulnerabilidad de XSS en la función form en la clase WP_Nav_Menu_Widget en wp-includes/default-widgets.php en WordPress en versiones anteriores a 4.2.4 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de un título de widget. Severa... • http://openwall.com/lists/oss-security/2015/08/04/7 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

CVE-2015-5734 – WordPress Core < 4.2.4 - Cross-Site Scripting in Theme Preview

https://notcve.org/view.php?id=CVE-2015-5734

04 Aug 2015 — Cross-site scripting (XSS) vulnerability in the legacy theme preview implementation in wp-includes/theme.php in WordPress before 4.2.4 allows remote attackers to inject arbitrary web script or HTML via a crafted string. Vulnerabilidad de XSS en la implementación legacy theme preview en wp-includes/theme.php en WordPress en versiones anteriores a 4.2.4 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de una cadena manipulada. Several vulnerabilities have been fixed ... • http://openwall.com/lists/oss-security/2015/08/04/7 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.4EPSS: 0%CPEs: 2EXPL: 0

CVE-2015-5622 – WordPress Core < 4.2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

https://notcve.org/view.php?id=CVE-2015-5622

23 Jul 2015 — Cross-site scripting (XSS) vulnerability in WordPress before 4.2.3 allows remote authenticated users to inject arbitrary web script or HTML by leveraging the Author or Contributor role to place a crafted shortcode inside an HTML element, related to wp-includes/kses.php and wp-includes/shortcodes.php. Vulnerabilidad de XSS en WordPress en versiones anteriores a 4.2.3, permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través del aprovechamiento del rol de Author ... • http://codex.wordpress.org/Version_4.2.3 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0

CVE-2015-5623 – WordPress Core < 4.2.3 - Authorization Bypass

https://notcve.org/view.php?id=CVE-2015-5623

23 Jul 2015 — WordPress before 4.2.3 does not properly verify the edit_posts capability, which allows remote authenticated users to bypass intended access restrictions and create drafts by leveraging the Subscriber role, as demonstrated by a post-quickdraft-save action to wp-admin/post.php. Vulnerabilidad en WordPress en versiones anteriores a 4.2.3, no verifica adecuadamente la capacidad de edit_posts, lo que permite a usuarios remotos autenticados eludir las restricciones destinadas al acceso y crear borradores mediant... • http://codex.wordpress.org/Version_4.2.3 • CWE-284: Improper Access Control CWE-862: Missing Authorization •

CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0

CVE-2015-8834 – WordPress Core < 4.2.2 - Cross-Site Scripting via Comments

https://notcve.org/view.php?id=CVE-2015-8834

07 May 2015 — Cross-site scripting (XSS) vulnerability in wp-includes/wp-db.php in WordPress before 4.2.2 allows remote attackers to inject arbitrary web script or HTML via a long comment that is improperly stored because of limitations on the MySQL TEXT data type. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-3440. Vulnerabilidad de XSS en wp-includes/wp-db.php en WordPress en versiones anteriores a 4.2.2 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a tra... • http://www.debian.org/security/2016/dsa-3639 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.2EPSS: 64%CPEs: 3EXPL: 4

CVE-2015-3440 – WordPress Core < 4.2.1 - Cross-Site Scripting via Comments

https://notcve.org/view.php?id=CVE-2015-3440

27 Apr 2015 — Cross-site scripting (XSS) vulnerability in wp-includes/wp-db.php in WordPress before 4.2.1 allows remote attackers to inject arbitrary web script or HTML via a long comment that is improperly stored because of limitations on the MySQL TEXT data type. Vulnerabilidad de XSS en wp-includes/wp-db.php en WordPress en versiones anteriores a 4.2.1, permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de un comentario largo que es almacenado indebidamente a causa de las limit... • https://www.exploit-db.com/exploits/36844 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

1...11 12 13 14 15