CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2018-10100 – WordPress Core < 4.9.5 - Open Redirect
https://notcve.org/view.php?id=CVE-2018-10100
Before WordPress 4.9.5, the redirection URL for the login page was not validated or sanitized if forced to use HTTPS. En versiones anteriores a la 4.9.5 de WordPress, la URL de redirección para la página de inicio de sesión no se validó o saneó si se forzó el uso de HTTPS. • http://www.securitytracker.com/id/1040836 https://codex.wordpress.org/Version_4.9.5 https://core.trac.wordpress.org/changeset/42892 https://github.com/WordPress/WordPress/commit/14bc2c0a6fde0da04b47130707e01df850eedc7e https://lists.debian.org/debian-lts-announce/2018/04/msg00031.html https://wordpress.org/news/2018/04/wordpress-4-9-5-security-and-maintenance-release https://wpvulndb.com/vulnerabilities/9054 https://www.debian.org/security/2018/dsa-4193 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2018-10101 – WordPress Core < 4.9.5 - Security Misconfiguration with URL Hostnames
https://notcve.org/view.php?id=CVE-2018-10101
Before WordPress 4.9.5, the URL validator assumed URLs with the hostname localhost were on the same host as the WordPress server. En versiones anteriores a la 4.9.5 de WordPress, el validador de URL asumía URL con el nombre de host del localhost en el mismo host que el servidor de WordPress. • http://www.securityfocus.com/bid/104350 http://www.securitytracker.com/id/1040836 https://codex.wordpress.org/Version_4.9.5 https://core.trac.wordpress.org/changeset/42894 https://github.com/WordPress/WordPress/commit/804363859602d4050d9a38a21f5a65d9aec18216 https://wordpress.org/news/2018/04/wordpress-4-9-5-security-and-maintenance-release https://wpvulndb.com/vulnerabilities/9053 https://www.debian.org/security/2018/dsa-4193 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 6.4EPSS: 0%CPEs: 3EXPL: 0CVE-2018-10102 – WordPress Core < 4.9.5 - Authenticated Stored Cross-Site Scripting via Generator Tag
https://notcve.org/view.php?id=CVE-2018-10102
Before WordPress 4.9.5, the version string was not escaped in the get_the_generator function, and could lead to XSS in a generator tag. En versiones anteriores a la 4.9.5 de WordPress, la cadena de versión no se escapó en la función get_the_generator, lo que podría conducir a Cross-Site Scripting (XSS) en una etiqueta generator. • http://www.securityfocus.com/bid/103775 http://www.securitytracker.com/id/1040836 https://codex.wordpress.org/Version_4.9.5 https://core.trac.wordpress.org/changeset/42893 https://github.com/WordPress/WordPress/commit/31a4369366d6b8ce30045d4c838de2412c77850d https://lists.debian.org/debian-lts-announce/2018/04/msg00031.html https://wordpress.org/news/2018/04/wordpress-4-9-5-security-and-maintenance-release https://wpvulndb.com/vulnerabilities/9055 https://www.debian.org/security/2018/dsa-4193 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 29%CPEs: 1EXPL: 15CVE-2018-6389 – WordPress Core < 5.0 - Denial of Service
https://notcve.org/view.php?id=CVE-2018-6389
In WordPress through 4.9.2, unauthenticated attackers can cause a denial of service (resource consumption) by using the large list of registered .js files (from wp-includes/script-loader.php) to construct a series of requests to load every file many times. En WordPress hasta la versión 4.9.2, los atacantes no autenticados puede provocar una denegación de servicio (consumo de recursos) utilizando una lista grande de archivos .js registrados (de wp-includes/script-loader.php) para construir una serie de peticiones para cargar cada archivo muchas veces. In WordPress before 5.0, unauthenticated attackers can cause a denial of service (resource consumption) by using the large list of registered .js files (from wp-includes/script-loader.php) to construct a series of requests to load every file many times. It looks like most of the slowness was due to forcing PHP to repeatedly compress the output scripts, which was addressed in 5.0. WordPress Core suffers from a load-scripts.php denial of service vulnerability. • https://www.exploit-db.com/exploits/43968 https://github.com/safebuffer/CVE-2018-6389 https://github.com/knqyf263/CVE-2018-6389 https://github.com/armaanpathan12345/WP-DOS-Exploit-CVE-2018-6389 https://github.com/thechrono13/PoC---CVE-2018-6389 https://github.com/ianxtianxt/CVE-2018-6389 https://github.com/dsfau/wordpress-CVE-2018-6389 https://github.com/amit-pathak009/CVE-2018-6389-FIX https://github.com/Jetserver/CVE-2018-6389-FIX https://github.com/mudhappy/Wordpre • CWE-400: Uncontrolled Resource Consumption •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2018-5776 – WordPress Core < 4.9.2 - Authenticated Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2018-5776
WordPress before 4.9.2 has XSS in the Flash fallback files in MediaElement (under wp-includes/js/mediaelement). WordPress en versiones anteriores a la 4.9.2 tiene XSS en los archivos Flash de reserva en MediaElement (en wp-includes/js/mediaelement). • https://codex.wordpress.org/Version_4.9.2 https://github.com/WordPress/WordPress/commit/3fe9cb61ee71fcfadb5e002399296fcc1198d850 https://wordpress.org/news/2018/01/wordpress-4-9-2-security-and-maintenance-release https://wpvulndb.com/vulnerabilities/9006 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •