CVSS: 10.0EPSS: 9%CPEs: 99EXPL: 2CVE-2012-3576 – IDB Ecommerce (wpStoreCart 5) < 2.5.30 - Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2012-3576
06 Mar 2012 — Unrestricted file upload vulnerability in php/upload.php in the wpStoreCart plugin before 2.5.30 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in uploads/wpstorecart. Vulnerabilidad de subida de fichero sin restricción en php/upload.php del plugin wpStoreCart en versiones anteriores a la 2.5.30 de WordPress. • http://wordpress.org/extend/plugins/wpstorecart/changelog • CWE-264: Permissions, Privileges, and Access Controls CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2012-10009 – 404like Plugin 404Like.php checkPage sql injection
https://notcve.org/view.php?id=CVE-2012-10009
11 Feb 2012 — A vulnerability was found in 404like Plugin up to 1.0.2 on WordPress. ... Es wurde eine kritische Schwachstelle in 404like Plugin bis 1.0.2 für WordPress ausgemacht. ... The 404Like plugin for WordPress is vulnerable to SQL Injection via the searchWord parameter in all versions up to, and including, 1.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. • https://github.com/wp-plugins/404like/commit/2c4b589d27554910ab1fd104ddbec9331b540f7f • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 0%CPEs: 31EXPL: 0CVE-2011-5254 – Connections Business Directory < 0.7.1.6 - Authorization Bypass
https://notcve.org/view.php?id=CVE-2011-5254
29 Dec 2011 — Unspecified vulnerability in the Connections plugin before 0.7.1.6 for WordPress has unknown impact and attack vectors. Vulnerabilidad sin especificar en el plugin Connections anterior a v0.7.1.6 para WordPress tiene un impacto y vectores de ataque desconocidos. The Connections plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 0.7.1.5 due to insufficient authorization checks. • http://wordpress.org/extend/plugins/connections/changelog • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 0CVE-2011-3122 – WordPress Core < 3.1.3 - Media Related Security Issue
https://notcve.org/view.php?id=CVE-2011-3122
25 May 2011 — Unspecified vulnerability in WordPress 3.1 before 3.1.3 and 3.2 before Beta 2 has unknown impact and attack vectors related to "Media security." Vulnerabilidad sin especificar en WordPress 3.1 anteriores a 3.1.3 y 3.2 anteriores a Beta 2 tiene un impacto sin especificar y vectores de ataque relacionados con "Media security". • http://wordpress.org/news/2011/05/wordpress-3-1-3 • CWE-862: Missing Authorization •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 0CVE-2011-3125 – WordPress Core < 3.1.3 - Security Hardening
https://notcve.org/view.php?id=CVE-2011-3125
25 May 2011 — Unspecified vulnerability in WordPress 3.1 before 3.1.3 and 3.2 before Beta 2 has unknown impact and attack vectors related to "Various security hardening." Vulnerabilidad no especificada en WordPress v3.1 anterior a v3.1.3 y 3.2 anterior a Beta 2 tiene un impacto y vectores de ataque desconocidos relacionados con "Varios robustecimientos de la seguridad". • http://wordpress.org/news/2011/05/wordpress-3-1-3 • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 2%CPEs: 57EXPL: 2CVE-2009-2853 – WordPress Core < 2.8.3 - Authorization Bypass
https://notcve.org/view.php?id=CVE-2009-2853
03 Aug 2009 — Wordpress before 2.8.3 allows remote attackers to gain privileges via a direct request to (1) admin-footer.php, (2) edit-category-form.php, (3) edit-form-advanced.php, (4) edit-form-comment.php, (5) edit-link-category-form.php, (6) edit-link-form.php, (7) edit-page-form.php, and (8) edit-tag-form.php in wp-admin/. Wordpress anterior a v2.8.3 permite a atacantes remotos conseguir privilegios a traves de una peticion directa a (1) admin-footer.php, (2) edit-category-form.php, (3) edit-form-advan... • http://wordpress.org/development/2009/08/wordpress-2-8-3-security-release • CWE-264: Permissions, Privileges, and Access Controls CWE-862: Missing Authorization •
CVSS: 10.0EPSS: 0%CPEs: 66EXPL: 0CVE-2009-2144 – FireStats <1.6.2 - SQL Injection
https://notcve.org/view.php?id=CVE-2009-2144
22 Jun 2009 — SQL injection vulnerability in the FireStats plugin before 1.6.2-stable for WordPress allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Vulnerabilidad de inyección SQL en el plugin FireStats en sus versiones anteriores a 1.6.2-stable de WordPress permite a usuarios remotos ejecutar comandos SQL de su elección a través de vectores de ataque desconocidos. • http://firestats.cc/wiki/ChangeLog#a1.6.2-stable13062009 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2008-6767 – WordPress Core < 2.7 - Denial of Service
https://notcve.org/view.php?id=CVE-2008-6767
22 Dec 2008 — wp-admin/upgrade.php in WordPress, probably 2.6.x, allows remote attackers to upgrade the application, and possibly cause a denial of service (application outage), via a direct request. wp-admin/upgrade.php en WordPress, probablemente v2.6.x, permite a atacantes remotos actualizar la aplicación, y posiblemente causar una denegación de servicio (caída de la aplicación), a través de una solicitud directa. wp-admin/upgrade.php in WordPress up to and including 2.6.1, allows remote attackers... • http://archives.neohapsis.com/archives/bugtraq/2008-12/0226.html • CWE-400: Uncontrolled Resource Consumption •
CVSS: 10.0EPSS: 0%CPEs: 5EXPL: 1CVE-2008-4796 – Feed2JS File Disclosure
https://notcve.org/view.php?id=CVE-2008-4796
30 Oct 2008 — The _httpsrequest function (Snoopy/Snoopy.class.php) in Snoopy 1.2.3 and earlier, as used in (1) ampache, (2) libphp-snoopy, (3) mahara, (4) mediamate, (5) opendb, (6) pixelpost, and possibly other products, allows remote attackers to execute arbitrary commands via shell metacharacters in https URLs. La función _httpsrequest function (Snoopy/Snoopy.class.php) en Snoopy 1.2.3 y versiones anteriores, cuando es usada en (1) ampache, (2) libphp-snoopy, (3) mahara, (4) mediamate, (5) opendb, (6) pixelpost y posi... • https://packetstorm.news/files/id/127352 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 2%CPEs: 2EXPL: 2CVE-2008-3362 – Downloads Manager <= 0.2 - Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2008-3362
24 Jul 2008 — Unrestricted file upload vulnerability in upload.php in the Giulio Ganci Wp Downloads Manager module 0.2 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension via the upfile parameter, then accessing it via a direct request to the file in wp-content/plugins/downloads-manager/upload/. Vulnerabilidad de subida de ficheros sin restricción en upload.php en el módulo Giulio Ganci Wp Downloads Manager 0.2 para WordPress, permite a atacantes ... • https://www.exploit-db.com/exploits/6127 • CWE-20: Improper Input Validation CWE-434: Unrestricted Upload of File with Dangerous Type •