CVSS: 9.1EPSS: 34%CPEs: 98EXPL: 1CVE-2014-0166 – WordPress Core < 3.8.2 - Authentication Cookie Forgery
https://notcve.org/view.php?id=CVE-2014-0166
08 Apr 2014 — The wp_validate_auth_cookie function in wp-includes/pluggable.php in WordPress before 3.7.2 and 3.8.x before 3.8.2 does not properly determine the validity of authentication cookies, which makes it easier for remote attackers to obtain access via a forged cookie. La función wp_validate_auth_cookie en wp-includes/pluggable.php en WordPress anterior a 3.7.2 y 3.8.x anterior a 3.8.2 no determina debidamente la validez de cookies de autenticación, lo que facilita a atacantes remotos obtener acceso a través de u... • https://github.com/Ettack/POC-CVE-2014-0166 • CWE-287: Improper Authentication •
CVSS: 9.8EPSS: 0%CPEs: 68EXPL: 0CVE-2012-5310 – WP eCommerce < 3.8.7.6 - SQL Injection
https://notcve.org/view.php?id=CVE-2012-5310
08 Oct 2012 — SQL injection vulnerability in the WP e-Commerce plugin before 3.8.7.6 for WordPress allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Vulnerabilidad de inyección SQL en el plugin WP e-Commerce anterior a v3.8.7.6 para WordPress, permite a atacantes remotos ejecutar comandos SQL de su elección a través de vectores desconocidos • http://secunia.com/advisories/47627 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2012-6707 – WordPress Core - Informational < 6.8 - Weak Hashing Algorithm
https://notcve.org/view.php?id=CVE-2012-6707
20 Jun 2012 — WordPress through 4.8.2 uses a weak MD5-based password hashing algorithm, which makes it easier for attackers to determine cleartext values by leveraging access to the hash values. NOTE: the approach to changing this may not be fully compatible with certain use cases, such as migration of a WordPress site from a web host that uses a recent PHP version to a different web host that uses PHP 5.2. These use cases are plausible (but very unlikely) based on statistics showing widespread deployment of WordPress wi... • https://core.trac.wordpress.org/ticket/21022 • CWE-261: Weak Encoding for Password CWE-326: Inadequate Encryption Strength •
CVSS: 6.1EPSS: 0%CPEs: 63EXPL: 1CVE-2011-5104 – WP eCommerce < 3.8.7.2 - Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2011-5104
21 Nov 2011 — Cross-site scripting (XSS) vulnerability in wpsc-admin/display-sales-logs.php in WP e-Commerce plugin 3.8.7.1 and possibly earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the custom_text parameter. NOTE: some of these details are obtained from third party information. Vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en wpsc-admin/display-sales-logs.php en el plugin para Wordpress e-Commerce v3.8.7.1 y posiblemente anteriores que permite a atacantes re... • http://osvdb.org/77249 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •