NotCVE - vendor:"Wordpress" product:"Wordpress" version:"2.1.3"

Page 19 of 233 results (0.008 seconds)

CVSS: 10.0EPSS: 1%CPEs: 76EXPL: 0

CVE-2012-4033 – Zingiri Web Shop < 2.4.0 - Multiple Vulnerabilities

https://notcve.org/view.php?id=CVE-2012-4033

18 Apr 2012 — Multiple unspecified vulnerabilities in the Zingiri Web Shop plugin before 2.4.0 for WordPress have unknown impact and attack vectors. Múltiples vulnerabilidades no especificadas en el plug-in Zingiri Web Shop antes de v2.4.0 para WordPress tienen un impacto y vectores de ataque desconocidos. The Zingiri Web Shop plugin for WordPress has multiple vulnerabilities in versions up to, and including, 2.3.7. This is due to the inclusion of timthumb.php, along with several cross-site scripting and SQL injection vu... • http://forums.zingiri.com/announcements.php?aid=2 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •

CVSS: 10.0EPSS: 48%CPEs: 99EXPL: 3

CVE-2012-3576 – IDB Ecommerce (wpStoreCart 5) < 2.5.30 - Arbitrary File Upload

https://notcve.org/view.php?id=CVE-2012-3576

06 Mar 2012 — Unrestricted file upload vulnerability in php/upload.php in the wpStoreCart plugin before 2.5.30 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in uploads/wpstorecart. Vulnerabilidad de subida de fichero sin restricción en php/upload.php del plugin wpStoreCart en versiones anteriores a la 2.5.30 de WordPress. Permite a usuarios remotos ejecutar código arbitrario subiendo un archivo con una e... • https://www.exploit-db.com/exploits/19023 • CWE-264: Permissions, Privileges, and Access Controls CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: 6.1EPSS: 0%CPEs: 73EXPL: 4

CVE-2012-0782 – WordPress Core 3.3.1 - Multiple Vulnerabilities

https://notcve.org/view.php?id=CVE-2012-0782

30 Jan 2012 — Multiple cross-site scripting (XSS) vulnerabilities in wp-admin/setup-config.php in the installation component in WordPress 3.3.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) dbhost, (2) dbname, or (3) uname parameter. NOTE: the vendor disputes the significance of this issue; also, it is unclear whether this specific XSS scenario has security relevance ** CUESTIONADA ** Varias vulnerabilidades de ejecución de comandos en sitios cruzados (XSS) en wp-admin/setup-config... • https://www.exploit-db.com/exploits/18417 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.5EPSS: 5%CPEs: 73EXPL: 3

CVE-2012-0937 – WordPress Core 3.3.1 - Multiple Vulnerabilities

https://notcve.org/view.php?id=CVE-2012-0937

30 Jan 2012 — wp-admin/setup-config.php in the installation component in WordPress 3.3.1 and earlier does not limit the number of MySQL queries sent to external MySQL database servers, which allows remote attackers to use WordPress as a proxy for brute-force attacks or denial of service attacks via the dbhost parameter, a different vulnerability than CVE-2011-4898. NOTE: the vendor disputes the significance of this issue because an incomplete WordPress installation might be present on the network for only a short time **... • https://www.exploit-db.com/exploits/18417 •

CVSS: 9.3EPSS: 1%CPEs: 73EXPL: 5

CVE-2011-4899 – WordPress Core 3.3.1 - Multiple Vulnerabilities

https://notcve.org/view.php?id=CVE-2011-4899

30 Jan 2012 — wp-admin/setup-config.php in the installation component in WordPress 3.3.1 and earlier does not ensure that the specified MySQL database service is appropriate, which allows remote attackers to configure an arbitrary database via the dbhost and dbname parameters, and subsequently conduct static code injection and cross-site scripting (XSS) attacks via (1) an HTTP request or (2) a MySQL query. NOTE: the vendor disputes the significance of this issue; however, remote code execution makes the issue important i... • https://packetstorm.news/files/id/127470 •

CVSS: 7.5EPSS: 5%CPEs: 73EXPL: 4

CVE-2011-4898 – WordPress Core 3.3.1 - Multiple Vulnerabilities

https://notcve.org/view.php?id=CVE-2011-4898

30 Jan 2012 — wp-admin/setup-config.php in the installation component in WordPress 3.3.1 and earlier generates different error messages for requests lacking a dbname parameter depending on whether the MySQL credentials are valid, which makes it easier for remote attackers to conduct brute-force attacks via a series of requests with different uname and pwd parameters. NOTE: the vendor disputes the significance of this issue; also, it is unclear whether providing intentionally vague error messages during installation would... • https://www.exploit-db.com/exploits/18417 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 6.1EPSS: 0%CPEs: 32EXPL: 2

CVE-2011-3858 – Pixiv Custom < 2.1.6 - Cross-Site Scripting

https://notcve.org/view.php?id=CVE-2011-3858

28 Sep 2011 — Cross-site scripting (XSS) vulnerability in the Pixiv Custom theme before 2.1.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter. vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en el tema Pixiv Custom anterior a v2.1.6 para WordPress, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro s. Cross-site scripting (XSS) vulnerability in the Pixiv Custom theme before 2.1.6 for WordPress allows... • https://www.exploit-db.com/exploits/36185 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0

CVE-2011-1762 – WordPress Core < 3.1.2 - Incorrect Authorization for Contributor-level users

https://notcve.org/view.php?id=CVE-2011-1762

26 Apr 2011 — A flaw exists in Wordpress related to the 'wp-admin/press-this.php 'script improperly checking user permissions when publishing posts. This may allow a user with 'Contributor-level' privileges to post as if they had 'publish_posts' permission. Se presenta un fallo en Wordpress relacionado con el script "wp-admin/press-this.php" que comprueba incorrectamente los permisos de usuario cuando son publicados posts. Esto puede permitir que un usuario con privilegios de tipo "Contributor-level" publique como si tuv... • https://wordpress.org/support/wordpress-version/version-3-1-2 • CWE-276: Incorrect Default Permissions CWE-284: Improper Access Control •

CVSS: 6.3EPSS: 0%CPEs: 6EXPL: 1

CVE-2011-5270 – WordPress Core < 3.0.6 - Incorrect Authorization Checks

https://notcve.org/view.php?id=CVE-2011-5270

26 Apr 2011 — wp-admin/press-this.php in WordPress before 3.0.6 does not enforce the publish_posts capability requirement, which allows remote authenticated users to perform publish actions by leveraging the Contributor role. wp-admin/press-this.php en WordPress anterior a la versión 3.0.6 no cumple los requisitos de capacidad publish_posts, lo que permite a usuarios remotos autenticados realizar acciones de publicación mediante el aprovechamiento del rol de Contributor. • http://codex.wordpress.org/Version_3.0.6 • CWE-264: Permissions, Privileges, and Access Controls CWE-285: Improper Authorization •

CVSS: 6.4EPSS: 0%CPEs: 75EXPL: 0

CVE-2011-4956 – WordPress Core <= 3.1 - Cross-Site Scripting

https://notcve.org/view.php?id=CVE-2011-4956

05 Apr 2011 — Cross-site scripting (XSS) vulnerability in WordPress before 3.1.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en WordPress antes de v3.1.1, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores no especificados. • http://secunia.com/advisories/44038 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

1...17 18 19 20 21