Page 18 of 165 results (0.007 seconds)

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0

Before version 4.8.2, WordPress was susceptible to an open redirect attack in wp-admin/edit-tag-form.php and wp-admin/user-edit.php. Antes de la versión 4.8.2, WordPress era susceptible a un ataque de redirección abierta en wp-admin/edit-tag-form.php y wp-admin/user-edit.php. • http://www.securityfocus.com/bid/100912 http://www.securitytracker.com/id/1039553 https://core.trac.wordpress.org/changeset/41398 https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release https://wpvulndb.com/vulnerabilities/8910 https://www.debian.org/security/2017/dsa-3997 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •

CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0

In WordPress before 4.7.5, a cross-site scripting (XSS) vulnerability related to the Customizer exists, involving an invalid customization session. En WordPress anteriores a 4.7.5, existe una vulnerabilidad de XSS (cross-site scripting) relacionada con la salida del personalizador, en una sesión de personalización no válida. • http://www.debian.org/security/2017/dsa-3870 http://www.securityfocus.com/bid/98509 http://www.securitytracker.com/id/1038520 https://codex.wordpress.org/Version_4.7.5 https://github.com/WordPress/WordPress/commit/3d10fef22d788f29aed745b0f5ff6f6baea69af3 https://wordpress.org/news/2017/05/wordpress-4-7-5 https://wpvulndb.com/vulnerabilities/8820 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0

In WordPress before 4.7.5, a Cross Site Request Forgery (CSRF) vulnerability exists in the filesystem credentials dialog because a nonce is not required for updating credentials. En WordPress antes de 4.7.5, existe una vulnerabilidad de Cross Site Request Forgery (CSRF) en el diálogo de credenciales del sistema de archivos porque no se requiere un nonce para actualizar las credenciales. • http://www.debian.org/security/2017/dsa-3870 http://www.securityfocus.com/bid/98509 http://www.securitytracker.com/id/1038520 https://codex.wordpress.org/Version_4.7.5 https://github.com/WordPress/WordPress/commit/38347d7c580be4cdd8476e4bbc653d5c79ed9b67 https://wordpress.org/news/2017/05/wordpress-4-7-5 https://wpvulndb.com/vulnerabilities/8818 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 6.4EPSS: 0%CPEs: 3EXPL: 0

In WordPress before 4.7.5, a cross-site scripting (XSS) vulnerability exists when attempting to upload very large files, because the error message does not properly restrict presentation of the filename. En WordPress anteriores a 4.7.5, existe una vulnerabilidad XSS (cross-site scripting) al intentar cargar archivos muy grandes, porque el mensaje de error no restringe adecuadamente la presentación del nombre de archivo. • http://www.debian.org/security/2017/dsa-3870 http://www.securityfocus.com/bid/98509 http://www.securitytracker.com/id/1038520 https://codex.wordpress.org/Version_4.7.5 https://github.com/WordPress/WordPress/commit/8c7ea71edbbffca5d9766b7bea7c7f3722ffafa6 https://wordpress.org/news/2017/05/wordpress-4-7-5 https://wpvulndb.com/vulnerabilities/8819 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0

In WordPress before 4.7.5, there is a lack of capability checks for post meta data in the XML-RPC API. En WordPress anteriores a 4.7.5, hay una falta de verificaciones de capacidad para el envío de metadatos en la API XML-RPC. • http://www.debian.org/security/2017/dsa-3870 http://www.securityfocus.com/bid/98509 http://www.securitytracker.com/id/1038520 https://codex.wordpress.org/Version_4.7.5 https://github.com/WordPress/WordPress/commit/e88a48a066ab2200ce3091b131d43e2fab2460a4 https://wordpress.org/news/2017/05/wordpress-4-7-5 https://wpvulndb.com/vulnerabilities/8817 • CWE-20: Improper Input Validation CWE-285: Improper Authorization •