CVSS: 7.5EPSS: 5%CPEs: 73EXPL: 3CVE-2012-0937 – WordPress Core 3.3.1 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2012-0937
30 Jan 2012 — wp-admin/setup-config.php in the installation component in WordPress 3.3.1 and earlier does not limit the number of MySQL queries sent to external MySQL database servers, which allows remote attackers to use WordPress as a proxy for brute-force attacks or denial of service attacks via the dbhost parameter, a different vulnerability than CVE-2011-4898. NOTE: the vendor disputes the significance of this issue because an incomplete WordPress installation might be present on the network for only a short time **... • https://www.exploit-db.com/exploits/18417 •
CVSS: 9.3EPSS: 1%CPEs: 73EXPL: 5CVE-2011-4899 – WordPress Core 3.3.1 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2011-4899
30 Jan 2012 — wp-admin/setup-config.php in the installation component in WordPress 3.3.1 and earlier does not ensure that the specified MySQL database service is appropriate, which allows remote attackers to configure an arbitrary database via the dbhost and dbname parameters, and subsequently conduct static code injection and cross-site scripting (XSS) attacks via (1) an HTTP request or (2) a MySQL query. NOTE: the vendor disputes the significance of this issue; however, remote code execution makes the issue important i... • https://packetstorm.news/files/id/127470 •
CVSS: 7.5EPSS: 5%CPEs: 73EXPL: 4CVE-2011-4898 – WordPress Core 3.3.1 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2011-4898
30 Jan 2012 — wp-admin/setup-config.php in the installation component in WordPress 3.3.1 and earlier generates different error messages for requests lacking a dbname parameter depending on whether the MySQL credentials are valid, which makes it easier for remote attackers to conduct brute-force attacks via a series of requests with different uname and pwd parameters. NOTE: the vendor disputes the significance of this issue; also, it is unclear whether providing intentionally vague error messages during installation would... • https://www.exploit-db.com/exploits/18417 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 1%CPEs: 48EXPL: 4CVE-2011-4671 – AdRotate – Ad manager & AdSense Ads < 3.6.8 - SQL Injection
https://notcve.org/view.php?id=CVE-2011-4671
08 Nov 2011 — SQL injection vulnerability in adrotate/adrotate-out.php in the AdRotate plugin 3.6.6, and other versions before 3.6.8, for WordPress allows remote attackers to execute arbitrary SQL commands via the track parameter (aka redirect URL). Vulnerabilidad de inyección SQL en adrotate/adrotate-out.php en el complemento AdRotate v3.6.6, y otras versiones anteriores a v3.6.8 para WordPress, permite a atacantes remotos ejecutar comandos SQL a través del parámetro track (también conocido como URL). • https://www.exploit-db.com/exploits/17888 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 1%CPEs: 32EXPL: 2CVE-2011-3850 – Atahualpa < 3.6.8 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2011-3850
28 Sep 2011 — Cross-site scripting (XSS) vulnerability in the Atahualpa theme before 3.6.8 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter. vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en el tema Atahualpa anteriores a v3.6.8 para WordPress, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro s. • https://www.exploit-db.com/exploits/36178 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2011-3129 – WordPress Core <= 3.1.2 - Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2011-3129
25 May 2011 — The file upload functionality in WordPress 3.1 before 3.1.3 and 3.2 before Beta 2, when running "on hosts with dangerous security settings," has unknown impact and attack vectors, possibly related to dangerous filenames. La funcionalidad de subida de archivo en WordPress 3.1 en versiones anteriores a 3.1.3 y 3.2 en versiones anteriores a Beta 2, cuando se ejecuta "en hosts con ajustes de seguridad peligrosos", tiene un impacto y vectores de ataque desconocidos, posiblemente relacionado con nombres de archiv... • http://secunia.com/advisories/49138 • CWE-264: Permissions, Privileges, and Access Controls CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 1%CPEs: 4EXPL: 0CVE-2011-3122 – WordPress Core < 3.1.3 - Media Related Security Issue
https://notcve.org/view.php?id=CVE-2011-3122
25 May 2011 — Unspecified vulnerability in WordPress 3.1 before 3.1.3 and 3.2 before Beta 2 has unknown impact and attack vectors related to "Media security." Vulnerabilidad sin especificar en WordPress 3.1 anteriores a 3.1.3 y 3.2 anteriores a Beta 2 tiene un impacto sin especificar y vectores de ataque relacionados con "Media security". • http://secunia.com/advisories/49138 • CWE-862: Missing Authorization •
CVSS: 7.5EPSS: 1%CPEs: 4EXPL: 0CVE-2011-3128 – WordPress Core < 3.1.3 - Sensitive Information Disclosure
https://notcve.org/view.php?id=CVE-2011-3128
25 May 2011 — WordPress 3.1 before 3.1.3 and 3.2 before Beta 2 treats unattached attachments as published, which might allow remote attackers to obtain sensitive data via vectors related to wp-includes/post.php. WordPress 3.1 anteriores a 3.1.3 y 3.2 anteriores a Beta 2 trata los archivos adjuntos "unattached" como publicados, lo que puede permitir a atacantes remotos obtener información confidencial a través de vectores de ataque relacionados con wp-includes/post.php. • http://core.trac.wordpress.org/changeset/18023/branches/3.1 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 10.0EPSS: 1%CPEs: 4EXPL: 0CVE-2011-3125 – WordPress Core < 3.1.3 - Security Hardening
https://notcve.org/view.php?id=CVE-2011-3125
25 May 2011 — Unspecified vulnerability in WordPress 3.1 before 3.1.3 and 3.2 before Beta 2 has unknown impact and attack vectors related to "Various security hardening." Vulnerabilidad no especificada en WordPress v3.1 anterior a v3.1.3 y 3.2 anterior a Beta 2 tiene un impacto y vectores de ataque desconocidos relacionados con "Varios robustecimientos de la seguridad". • http://secunia.com/advisories/49138 • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2011-3130 – WordPress Core <= 3.1.2 - SQL Injection
https://notcve.org/view.php?id=CVE-2011-3130
25 May 2011 — wp-includes/taxonomy.php in WordPress 3.1 before 3.1.3 and 3.2 before Beta 2 has unknown impact and attack vectors related to "Taxonomy query hardening," possibly involving SQL injection. wp-includes/taxonomy.php de WordPress 3.1 anteriores a la versión 3.1.3 y 3.2 anteriores a Beta 2 tiene un impacto desconocido y vectores de ataque relacionados con "Taxonomy query hardening", posiblemente involucrando inyección SQL. • http://secunia.com/advisories/49138 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •