CVE-2018-10100 – WordPress Core < 4.9.5 - Open Redirect
https://notcve.org/view.php?id=CVE-2018-10100
Before WordPress 4.9.5, the redirection URL for the login page was not validated or sanitized if forced to use HTTPS. En versiones anteriores a la 4.9.5 de WordPress, la URL de redirección para la página de inicio de sesión no se validó o saneó si se forzó el uso de HTTPS. • http://www.securitytracker.com/id/1040836 https://codex.wordpress.org/Version_4.9.5 https://core.trac.wordpress.org/changeset/42892 https://github.com/WordPress/WordPress/commit/14bc2c0a6fde0da04b47130707e01df850eedc7e https://lists.debian.org/debian-lts-announce/2018/04/msg00031.html https://wordpress.org/news/2018/04/wordpress-4-9-5-security-and-maintenance-release https://wpvulndb.com/vulnerabilities/9054 https://www.debian.org/security/2018/dsa-4193 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVE-2018-6389 – WordPress Core < 5.0 - Denial of Service
https://notcve.org/view.php?id=CVE-2018-6389
In WordPress through 4.9.2, unauthenticated attackers can cause a denial of service (resource consumption) by using the large list of registered .js files (from wp-includes/script-loader.php) to construct a series of requests to load every file many times. En WordPress hasta la versión 4.9.2, los atacantes no autenticados puede provocar una denegación de servicio (consumo de recursos) utilizando una lista grande de archivos .js registrados (de wp-includes/script-loader.php) para construir una serie de peticiones para cargar cada archivo muchas veces. In WordPress before 5.0, unauthenticated attackers can cause a denial of service (resource consumption) by using the large list of registered .js files (from wp-includes/script-loader.php) to construct a series of requests to load every file many times. It looks like most of the slowness was due to forcing PHP to repeatedly compress the output scripts, which was addressed in 5.0. WordPress Core suffers from a load-scripts.php denial of service vulnerability. • https://www.exploit-db.com/exploits/43968 https://github.com/safebuffer/CVE-2018-6389 https://github.com/knqyf263/CVE-2018-6389 https://github.com/armaanpathan12345/WP-DOS-Exploit-CVE-2018-6389 https://github.com/thechrono13/PoC---CVE-2018-6389 https://github.com/ianxtianxt/CVE-2018-6389 https://github.com/dsfau/wordpress-CVE-2018-6389 https://github.com/amit-pathak009/CVE-2018-6389-FIX https://github.com/Jetserver/CVE-2018-6389-FIX https://github.com/mudhappy/Wordpre • CWE-400: Uncontrolled Resource Consumption •
CVE-2018-5776 – WordPress Core < 4.9.2 - Authenticated Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2018-5776
WordPress before 4.9.2 has XSS in the Flash fallback files in MediaElement (under wp-includes/js/mediaelement). WordPress en versiones anteriores a la 4.9.2 tiene XSS en los archivos Flash de reserva en MediaElement (en wp-includes/js/mediaelement). • https://codex.wordpress.org/Version_4.9.2 https://github.com/WordPress/WordPress/commit/3fe9cb61ee71fcfadb5e002399296fcc1198d850 https://wordpress.org/news/2018/01/wordpress-4-9-2-security-and-maintenance-release https://wpvulndb.com/vulnerabilities/9006 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2017-17092 – WordPress Core < 4.9.1 - Authenticated Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2017-17092
wp-includes/functions.php in WordPress before 4.9.1 does not require the unfiltered_html capability for upload of .js files, which might allow remote attackers to conduct XSS attacks via a crafted file. wp-includes/functions.php en WordPress en versiones anteriores a la 4.9.1 no necesita la capacidad de unfiltered_html para subir archivos .js, lo que puede permitir que los atacantes remotos realicen ataques Cross-Site Scripting (XSS) mediante un archivo manipulado. • http://www.securityfocus.com/bid/102024 https://codex.wordpress.org/Version_4.9.1 https://github.com/WordPress/WordPress/commit/67d03a98c2cae5f41843c897f206adde299b0509 https://lists.debian.org/debian-lts-announce/2017/12/msg00019.html https://wordpress.org/news/2017/11/wordpress-4-9-1-security-and-maintenance-release https://wpvulndb.com/vulnerabilities/8966 https://www.debian.org/security/2018/dsa-4090 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2017-17094 – WordPress Core < 4.9.1 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2017-17094
wp-includes/feed.php in WordPress before 4.9.1 does not properly restrict enclosures in RSS and Atom fields, which might allow attackers to conduct XSS attacks via a crafted URL. wp-includes/feed.php en WordPress en versiones anteriores a la 4.9.1 no restringe contenedores en los campos RSS y Atom, lo que puede permitir que los atacantes realicen ataques Cross-Site Scripting (XSS) mediante una URL manipulada. • http://www.securityfocus.com/bid/102024 https://codex.wordpress.org/Version_4.9.1 https://github.com/WordPress/WordPress/commit/f1de7e42df29395c3314bf85bff3d1f4f90541de https://lists.debian.org/debian-lts-announce/2017/12/msg00019.html https://wordpress.org/news/2017/11/wordpress-4-9-1-security-and-maintenance-release https://wpvulndb.com/vulnerabilities/8967 https://www.debian.org/security/2018/dsa-4090 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •