CVSS: 6.1EPSS: 0%CPEs: 73EXPL: 4CVE-2012-0782 – WordPress Core 3.3.1 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2012-0782
30 Jan 2012 — Multiple cross-site scripting (XSS) vulnerabilities in wp-admin/setup-config.php in the installation component in WordPress 3.3.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) dbhost, (2) dbname, or (3) uname parameter. NOTE: the vendor disputes the significance of this issue; also, it is unclear whether this specific XSS scenario has security relevance ** CUESTIONADA ** Varias vulnerabilidades de ejecución de comandos en sitios cruzados (XSS) en wp-admin/setup-config... • https://www.exploit-db.com/exploits/18417 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.3EPSS: 4%CPEs: 73EXPL: 5CVE-2011-4899 – WordPress Core 3.3.1 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2011-4899
30 Jan 2012 — wp-admin/setup-config.php in the installation component in WordPress 3.3.1 and earlier does not ensure that the specified MySQL database service is appropriate, which allows remote attackers to configure an arbitrary database via the dbhost and dbname parameters, and subsequently conduct static code injection and cross-site scripting (XSS) attacks via (1) an HTTP request or (2) a MySQL query. NOTE: the vendor disputes the significance of this issue; however, remote code execution makes the issue important i... • https://packetstorm.news/files/id/127470 •
CVSS: 6.4EPSS: 0%CPEs: 2EXPL: 1CVE-2012-0287 – WordPress Core <= 3.3 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2012-0287
03 Jan 2012 — Cross-site scripting (XSS) vulnerability in wp-comments-post.php in WordPress 3.3.x before 3.3.1, when Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via the query string in a POST operation that is not properly handled by the "Duplicate comment detected" feature. Una vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en wp-comments-post.php en WordPress v3.3.x antes de v3.3.1, cuando se utiliza Internet Explorer, permite a atacantes remotos inyectar ... • http://oldmanlab.blogspot.com/2012/01/wordpress-33-xss-vulnerability.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 48EXPL: 4CVE-2011-4671 – AdRotate – Ad manager & AdSense Ads < 3.6.8 - SQL Injection
https://notcve.org/view.php?id=CVE-2011-4671
08 Nov 2011 — SQL injection vulnerability in adrotate/adrotate-out.php in the AdRotate plugin 3.6.6, and other versions before 3.6.8, for WordPress allows remote attackers to execute arbitrary SQL commands via the track parameter (aka redirect URL). Vulnerabilidad de inyección SQL en adrotate/adrotate-out.php en el complemento AdRotate v3.6.6, y otras versiones anteriores a v3.6.8 para WordPress, permite a atacantes remotos ejecutar comandos SQL a través del parámetro track (también conocido como URL). • https://www.exploit-db.com/exploits/17888 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 26EXPL: 1CVE-2011-3854 – ZenLite <= 4.3 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2011-3854
27 Sep 2011 — Cross-site scripting (XSS) vulnerability in the ZenLite theme before 4.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter. vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en el tema ZenLite anteriores a v4.4 para WordPress, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro s. • http://secunia.com/advisories/46296 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 23EXPL: 2CVE-2010-4403 – Register Plus <= 3.5.11 - Sensitive Information Disclosure
https://notcve.org/view.php?id=CVE-2010-4403
24 Nov 2010 — The Register Plus plugin 3.5.1 and earlier for WordPress allows remote attackers to obtain sensitive information via a direct request to (1) dash_widget.php and (2) register-plus.php, which reveals the installation path in an error message. El complemento Register Plus 3.5.1 y versiones anteriores de WordPress permite a atacantes remotos obtener información confidencial a través de peticiones directas a (1) dash_widget.php y (2) register-plus.php, lo que revela la ruta de instalación en el mensaje de error.... • http://packetstormsecurity.org/files/view/96143/registerplus-xss.txt • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.2EPSS: 0%CPEs: 23EXPL: 2CVE-2010-4402 – Register Plus <= 3.5.11 - Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2010-4402
24 Nov 2010 — Multiple cross-site scripting (XSS) vulnerabilities in wp-login.php in the Register Plus plugin 3.5.1 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) firstname, (2) lastname, (3) website, (4) aim, (5) yahoo, (6) jabber, (7) about, (8) pass1, and (9) pass2 parameters in a register action. Multiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en wp-login.php del complemento Register Plus 3.5.1 y versiones anteriores de Wo... • http://osvdb.org/69491 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •