CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-5832 – WordPress Core < 4.5.3 - Cross-Site Scripting via Customizer
https://notcve.org/view.php?id=CVE-2016-5832
The customizer in WordPress before 4.5.3 allows remote attackers to bypass intended redirection restrictions via unspecified vectors. El customizador en WordPress en versiones anteriores a 4.5.3 permite a atacantes remotos eludir las restricciones destinadas a la redirección a través de vectores no especificados. • http://www.debian.org/security/2016/dsa-3639 http://www.securityfocus.com/bid/91362 http://www.securitytracker.com/id/1036163 https://codex.wordpress.org/Version_4.5.3 https://wordpress.org/news/2016/06/wordpress-4-5-3 https://wpvulndb.com/vulnerabilities/8522 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2016-5836 – WordPress Core < 4.5.3 - Denial of Service via oEmbed Protocol
https://notcve.org/view.php?id=CVE-2016-5836
The oEmbed protocol implementation in WordPress before 4.5.3 allows remote attackers to cause a denial of service via unspecified vectors. El protocolo de implementación de oEmbed en WordPress en versiones anteriores a 4.5.3 permite a atacantes remotos provocar una denegación de servicio a través de vectores no especificados. • http://www.securityfocus.com/bid/91363 http://www.securitytracker.com/id/1036163 https://codex.wordpress.org/Version_4.5.3 https://lists.debian.org/debian-lts-announce/2018/07/msg00046.html https://wordpress.org/news/2016/06/wordpress-4-5-3 https://wpvulndb.com/vulnerabilities/8523 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-5837 – WordPress Core < 4.5.3 - Authorization Bypass to Remove Category Attribute
https://notcve.org/view.php?id=CVE-2016-5837
WordPress before 4.5.3 allows remote attackers to bypass intended access restrictions and remove a category attribute from a post via unspecified vectors. WordPress en versiones anteriores a 4.5.3 permite a atacantes remotos eludir las restricciones destinadas al acceso y eliminar un atributo de categoría desde un post a través de vectores no especificados. • http://www.debian.org/security/2016/dsa-3639 http://www.securityfocus.com/bid/91365 http://www.securitytracker.com/id/1036163 https://codex.wordpress.org/Version_4.5.3 https://wordpress.org/news/2016/06/wordpress-4-5-3 https://wpvulndb.com/vulnerabilities/8520 • CWE-285: Improper Authorization •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-5838 – WordPress Core < 4.5.3 - Password Change via Stolen Cookie
https://notcve.org/view.php?id=CVE-2016-5838
WordPress before 4.5.3 allows remote attackers to bypass intended password-change restrictions by leveraging knowledge of a cookie. WordPress en versiones anteriores a 4.5.3 permite a atacantes remotos eludir las restricciones destinadas al cambio de contraseña aprovechando el conocimiento de una cookie. • http://www.debian.org/security/2016/dsa-3639 http://www.securityfocus.com/bid/91367 http://www.securitytracker.com/id/1036163 https://codex.wordpress.org/Version_4.5.3 https://wordpress.org/news/2016/06/wordpress-4-5-3 https://wpvulndb.com/vulnerabilities/8524 • CWE-255: Credentials Management Errors CWE-285: Improper Authorization •
CVSS: 6.1EPSS: 1%CPEs: 2EXPL: 0CVE-2016-4566 – WordPress Core < 4.5.2 - Cross-Site Scripting via plupload.flash.swf
https://notcve.org/view.php?id=CVE-2016-4566
Cross-site scripting (XSS) vulnerability in plupload.flash.swf in Plupload before 2.1.9, as used in WordPress before 4.5.2, allows remote attackers to inject arbitrary web script or HTML via a Same-Origin Method Execution (SOME) attack. Vulnerabilidad de XSS en plupload.flash.swf en Plupload en versiones anteriores a 2.1.9, como se utiliza en WordPress en versiones anteriores a 4.5.2, permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de un ataque Same-Origin Method Execution (SOME). • http://www.openwall.com/lists/oss-security/2016/05/07/2 http://www.plupload.com/punbb/viewtopic.php?pid=28690 http://www.securitytracker.com/id/1035818 https://codex.wordpress.org/Version_4.5.2 https://core.trac.wordpress.org/changeset/37382 https://gist.github.com/cure53/09a81530a44f6b8173f545accc9ed07e https://wordpress.org/news/2016/05/wordpress-4-5-2 https://wpvulndb.com/vulnerabilities/8489 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •