CVSS: 6.1EPSS: 0%CPEs: 73EXPL: 4CVE-2012-0782 – WordPress Core 3.3.1 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2012-0782
30 Jan 2012 — Multiple cross-site scripting (XSS) vulnerabilities in wp-admin/setup-config.php in the installation component in WordPress 3.3.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) dbhost, (2) dbname, or (3) uname parameter. NOTE: the vendor disputes the significance of this issue; also, it is unclear whether this specific XSS scenario has security relevance ** CUESTIONADA ** Varias vulnerabilidades de ejecución de comandos en sitios cruzados (XSS) en wp-admin/setup-config... • https://www.exploit-db.com/exploits/18417 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 5%CPEs: 73EXPL: 3CVE-2012-0937 – WordPress Core 3.3.1 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2012-0937
30 Jan 2012 — wp-admin/setup-config.php in the installation component in WordPress 3.3.1 and earlier does not limit the number of MySQL queries sent to external MySQL database servers, which allows remote attackers to use WordPress as a proxy for brute-force attacks or denial of service attacks via the dbhost parameter, a different vulnerability than CVE-2011-4898. NOTE: the vendor disputes the significance of this issue because an incomplete WordPress installation might be present on the network for only a short time **... • https://www.exploit-db.com/exploits/18417 •
CVSS: 10.0EPSS: 1%CPEs: 4EXPL: 0CVE-2011-3122 – WordPress Core < 3.1.3 - Media Related Security Issue
https://notcve.org/view.php?id=CVE-2011-3122
25 May 2011 — Unspecified vulnerability in WordPress 3.1 before 3.1.3 and 3.2 before Beta 2 has unknown impact and attack vectors related to "Media security." Vulnerabilidad sin especificar en WordPress 3.1 anteriores a 3.1.3 y 3.2 anteriores a Beta 2 tiene un impacto sin especificar y vectores de ataque relacionados con "Media security". • http://secunia.com/advisories/49138 • CWE-862: Missing Authorization •
CVSS: 10.0EPSS: 1%CPEs: 4EXPL: 0CVE-2011-3125 – WordPress Core < 3.1.3 - Security Hardening
https://notcve.org/view.php?id=CVE-2011-3125
25 May 2011 — Unspecified vulnerability in WordPress 3.1 before 3.1.3 and 3.2 before Beta 2 has unknown impact and attack vectors related to "Various security hardening." Vulnerabilidad no especificada en WordPress v3.1 anterior a v3.1.3 y 3.2 anterior a Beta 2 tiene un impacto y vectores de ataque desconocidos relacionados con "Varios robustecimientos de la seguridad". • http://secunia.com/advisories/49138 • CWE-20: Improper Input Validation •
CVSS: 5.3EPSS: 1%CPEs: 4EXPL: 0CVE-2011-3126 – WordPress Core < 3.1.3 - Username Enumeration
https://notcve.org/view.php?id=CVE-2011-3126
25 May 2011 — WordPress 3.1 before 3.1.3 and 3.2 before Beta 2 allows remote attackers to determine usernames of non-authors via canonical redirects. WordPress 3.1 anteriores a 3.1.3 y 3.2 anteriores a Beta 2 permite a atacantes remotos determinar nombres de usuario de no-autores a través de redirecciones "canonical". • http://secunia.com/advisories/49138 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-204: Observable Response Discrepancy •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2011-3127 – WordPress Core < 3.1.3 - Clickjacking
https://notcve.org/view.php?id=CVE-2011-3127
25 May 2011 — WordPress 3.1 before 3.1.3 and 3.2 before Beta 2 does not prevent rendering for (1) admin or (2) login pages inside a frame in a third-party HTML document, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site. WordPress v3.1 anterior a 3.1.3 y v3.2 anterior a Beta 2, no previene adecuadamente el renderizado de las páginas (1) admin o (2) login dentro de un marco en un documento HTML de terceras partes, esto facilita a los atacantes remotos realizar ataques de cli... • http://secunia.com/advisories/49138 • CWE-20: Improper Input Validation CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 7.5EPSS: 1%CPEs: 4EXPL: 0CVE-2011-3128 – WordPress Core < 3.1.3 - Sensitive Information Disclosure
https://notcve.org/view.php?id=CVE-2011-3128
25 May 2011 — WordPress 3.1 before 3.1.3 and 3.2 before Beta 2 treats unattached attachments as published, which might allow remote attackers to obtain sensitive data via vectors related to wp-includes/post.php. WordPress 3.1 anteriores a 3.1.3 y 3.2 anteriores a Beta 2 trata los archivos adjuntos "unattached" como publicados, lo que puede permitir a atacantes remotos obtener información confidencial a través de vectores de ataque relacionados con wp-includes/post.php. • http://core.trac.wordpress.org/changeset/18023/branches/3.1 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2011-3129 – WordPress Core <= 3.1.2 - Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2011-3129
25 May 2011 — The file upload functionality in WordPress 3.1 before 3.1.3 and 3.2 before Beta 2, when running "on hosts with dangerous security settings," has unknown impact and attack vectors, possibly related to dangerous filenames. La funcionalidad de subida de archivo en WordPress 3.1 en versiones anteriores a 3.1.3 y 3.2 en versiones anteriores a Beta 2, cuando se ejecuta "en hosts con ajustes de seguridad peligrosos", tiene un impacto y vectores de ataque desconocidos, posiblemente relacionado con nombres de archiv... • http://secunia.com/advisories/49138 • CWE-264: Permissions, Privileges, and Access Controls CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2011-3130 – WordPress Core <= 3.1.2 - SQL Injection
https://notcve.org/view.php?id=CVE-2011-3130
25 May 2011 — wp-includes/taxonomy.php in WordPress 3.1 before 3.1.3 and 3.2 before Beta 2 has unknown impact and attack vectors related to "Taxonomy query hardening," possibly involving SQL injection. wp-includes/taxonomy.php de WordPress 3.1 anteriores a la versión 3.1.3 y 3.2 anteriores a Beta 2 tiene un impacto desconocido y vectores de ataque relacionados con "Taxonomy query hardening", posiblemente involucrando inyección SQL. • http://secunia.com/advisories/49138 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2011-1762 – WordPress Core < 3.1.2 - Incorrect Authorization for Contributor-level users
https://notcve.org/view.php?id=CVE-2011-1762
26 Apr 2011 — A flaw exists in Wordpress related to the 'wp-admin/press-this.php 'script improperly checking user permissions when publishing posts. This may allow a user with 'Contributor-level' privileges to post as if they had 'publish_posts' permission. Se presenta un fallo en Wordpress relacionado con el script "wp-admin/press-this.php" que comprueba incorrectamente los permisos de usuario cuando son publicados posts. Esto puede permitir que un usuario con privilegios de tipo "Contributor-level" publique como si tuv... • https://wordpress.org/support/wordpress-version/version-3-1-2 • CWE-276: Incorrect Default Permissions CWE-284: Improper Access Control •