CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2012-6707 – WordPress Core - Informational - All known Versions - Weak Hashing Algorithm
https://notcve.org/view.php?id=CVE-2012-6707
20 Jun 2012 — WordPress through 4.8.2 uses a weak MD5-based password hashing algorithm, which makes it easier for attackers to determine cleartext values by leveraging access to the hash values. NOTE: the approach to changing this may not be fully compatible with certain use cases, such as migration of a WordPress site from a web host that uses a recent PHP version to a different web host that uses PHP 5.2. These use cases are plausible (but very unlikely) based on statistics showing widespread deployment of WordPress wi... • https://core.trac.wordpress.org/ticket/21022 • CWE-261: Weak Encoding for Password CWE-326: Inadequate Encryption Strength •
CVSS: 6.1EPSS: 0%CPEs: 63EXPL: 1CVE-2011-5104 – WP eCommerce < 3.8.7.2 - Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2011-5104
21 Nov 2011 — Cross-site scripting (XSS) vulnerability in wpsc-admin/display-sales-logs.php in WP e-Commerce plugin 3.8.7.1 and possibly earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the custom_text parameter. NOTE: some of these details are obtained from third party information. Vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en wpsc-admin/display-sales-logs.php en el plugin para Wordpress e-Commerce v3.8.7.1 y posiblemente anteriores que permite a atacantes re... • http://osvdb.org/77249 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •