NotCVE - vendor:"Wordpress" product:"Wordpress" version:"3.9.2"

Page 14 of 157 results (0.003 seconds)

CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0

CVE-2015-7989 – WordPress Core < 4.3.1 - Authenticated Cross-Site Scripting

https://notcve.org/view.php?id=CVE-2015-7989

15 Sep 2015 — Cross-site scripting (XSS) vulnerability in the user list table in WordPress before 4.3.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted e-mail address, a different vulnerability than CVE-2015-5714. Vulnerabilidad de XSS en la tabla de lista de usuarios en WordPress en versiones anteriores a 4.3.1 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través de una dirección de e-mail manipulada, una vulnerabilidad diferente d... • http://www.debian.org/security/2015/dsa-3375 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0

CVE-2015-5714 – WordPress Core < 4.3.1 - Cross-Site Scripting via Shortcodes

https://notcve.org/view.php?id=CVE-2015-5714

15 Sep 2015 — Cross-site scripting (XSS) vulnerability in WordPress before 4.3.1 allows remote attackers to inject arbitrary web script or HTML by leveraging the mishandling of unclosed HTML elements during processing of shortcode tags. Vulnerabilidad de XSS en WordPress en versiones anteriores a 4.3.1 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios aprovechando el manejo incorrecto de elementos HTML no cerrados durante el procesamiento de etiquetas acortadas. Several vulnerabilities ha... • http://www.debian.org/security/2015/dsa-3375 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0

CVE-2015-5715 – WordPress Core < 4.3.1 - Authorization Bypass to Information Disclosure

https://notcve.org/view.php?id=CVE-2015-5715

15 Sep 2015 — The mw_editPost function in wp-includes/class-wp-xmlrpc-server.php in the XMLRPC subsystem in WordPress before 4.3.1 allows remote authenticated users to bypass intended access restrictions, and arrange for a private post to be published and sticky, via unspecified vectors. La función mw_editPost en wp-includes/class-wp-xmlrpc-server.php en el subsistema XMLRPC en WordPress en versiones anteriores a 4.3.1 permite a usuarios remotos autenticados eludir las restricciones destinadas al acceso y disponer para u... • http://www.debian.org/security/2015/dsa-3375 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

CVE-2015-5733 – WordPress Core < 4.2.4 - Stored Cross-Site Scripting via accessibility-helper Title

https://notcve.org/view.php?id=CVE-2015-5733

04 Aug 2015 — Cross-site scripting (XSS) vulnerability in the refreshAdvancedAccessibilityOfItem function in wp-admin/js/nav-menu.js in WordPress before 4.2.4 allows remote attackers to inject arbitrary web script or HTML via an accessibility-helper title. Vulnerabilidad de XSS en la función refreshAdvancedAccessibilityOfItem en wp-admin/js/nav-menu.js en WordPress en versiones anteriores a 4.2.4 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de un título de asistente de acces... • http://openwall.com/lists/oss-security/2015/08/04/7 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2015-2213 – WordPress Core < 4.2.4 - SQL Injection

https://notcve.org/view.php?id=CVE-2015-2213

04 Aug 2015 — SQL injection vulnerability in the wp_untrash_post_comments function in wp-includes/post.php in WordPress before 4.2.4 allows remote attackers to execute arbitrary SQL commands via a comment that is mishandled after retrieval from the trash. Vulnerabilidad de inyección SQL en la función wp_untrash_post_comments en wp-includes/post.php en WordPress en versiones anteriores a 4.2.4 permite a atacantes remotos ejecutar comandos SQL arbitrarios a través de un comentario que no es manejado correctamente después d... • http://openwall.com/lists/oss-security/2015/08/04/7 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0

CVE-2015-5730 – WordPress Core < 4.2.4 - Timing Side-Channel Attack

https://notcve.org/view.php?id=CVE-2015-5730

04 Aug 2015 — The sanitize_widget_instance function in wp-includes/class-wp-customize-widgets.php in WordPress before 4.2.4 does not use a constant-time comparison for widgets, which allows remote attackers to conduct a timing side-channel attack by measuring the delay before inequality is calculated. La función sanitize_widget_instance en wp-includes/class-wp-customize-widgets.php en WordPress en versiones anteriores a 4.2.4 no usa una comparación a tiempo constante para los widgets, lo que permite a atacantes remotos l... • http://openwall.com/lists/oss-security/2015/08/04/7 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-208: Observable Timing Discrepancy •

CVSS: 9.6EPSS: 0%CPEs: 1EXPL: 0

CVE-2015-5731 – WordPress Core < 4.2.4 - Cross-Site Request Forgery to Post Lockage

https://notcve.org/view.php?id=CVE-2015-5731

04 Aug 2015 — Cross-site request forgery (CSRF) vulnerability in wp-admin/post.php in WordPress before 4.2.4 allows remote attackers to hijack the authentication of administrators for requests that lock a post, and consequently cause a denial of service (editing blockage), via a get-post-lock action. Vulnerabilidad de CSRF en wp-admin/post.php en WordPress en versiones anteriores a 4.2.4 permite a atacantes remotos secuestrar la autenticación de los administradores para peticiones que bloquean una entrada, y por tanto ca... • http://openwall.com/lists/oss-security/2015/08/04/7 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

CVE-2015-5732 – WordPress Core < 4.2.4 - Cross-Site Scripting via Widget Title

https://notcve.org/view.php?id=CVE-2015-5732

04 Aug 2015 — Cross-site scripting (XSS) vulnerability in the form function in the WP_Nav_Menu_Widget class in wp-includes/default-widgets.php in WordPress before 4.2.4 allows remote attackers to inject arbitrary web script or HTML via a widget title. Vulnerabilidad de XSS en la función form en la clase WP_Nav_Menu_Widget en wp-includes/default-widgets.php en WordPress en versiones anteriores a 4.2.4 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de un título de widget. Severa... • http://openwall.com/lists/oss-security/2015/08/04/7 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

CVE-2015-5734 – WordPress Core < 4.2.4 - Cross-Site Scripting in Theme Preview

https://notcve.org/view.php?id=CVE-2015-5734

04 Aug 2015 — Cross-site scripting (XSS) vulnerability in the legacy theme preview implementation in wp-includes/theme.php in WordPress before 4.2.4 allows remote attackers to inject arbitrary web script or HTML via a crafted string. Vulnerabilidad de XSS en la implementación legacy theme preview en wp-includes/theme.php en WordPress en versiones anteriores a 4.2.4 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de una cadena manipulada. Several vulnerabilities have been fixed ... • http://openwall.com/lists/oss-security/2015/08/04/7 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.4EPSS: 0%CPEs: 2EXPL: 0

CVE-2015-5622 – WordPress Core < 4.2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

https://notcve.org/view.php?id=CVE-2015-5622

23 Jul 2015 — Cross-site scripting (XSS) vulnerability in WordPress before 4.2.3 allows remote authenticated users to inject arbitrary web script or HTML by leveraging the Author or Contributor role to place a crafted shortcode inside an HTML element, related to wp-includes/kses.php and wp-includes/shortcodes.php. Vulnerabilidad de XSS en WordPress en versiones anteriores a 4.2.3, permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través del aprovechamiento del rol de Author ... • http://codex.wordpress.org/Version_4.2.3 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

1...12 13 14 15 16