CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0CVE-2016-7168 – WordPress Core < 4.6.1 - Authenticated Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2016-7168
Cross-site scripting (XSS) vulnerability in the media_handle_upload function in wp-admin/includes/media.php in WordPress before 4.6.1 might allow remote attackers to inject arbitrary web script or HTML by tricking an administrator into uploading an image file that has a crafted filename. Vulnerabilidad de XSS en la función media_handle_upload en wp-admin/includes/media.php en WordPress en versiones anteriores a 4.6.1 podría permitir a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios engañando a un administrador para subir un archivo de imagen que tiene un nombre de archivo manipulado. • http://www.debian.org/security/2016/dsa-3681 http://www.openwall.com/lists/oss-security/2016/09/08/19 http://www.openwall.com/lists/oss-security/2016/09/08/24 http://www.securityfocus.com/bid/92841 https://codex.wordpress.org/Version_4.6.1 https://github.com/WordPress/WordPress/commit/c9e60dab176635d4bfaaf431c0ea891e4726d6e0 https://sumofpwn.nl/advisory/2016/persistent_cross_site_scripting_vulnerability_in_wordpress_due_to_unsafe_processing_of_file_names.html https://wordpress.org/news/20 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2016-6897 – WordPress Core < 4.6 - Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-2016-6897
Cross-site request forgery (CSRF) vulnerability in the wp_ajax_update_plugin function in wp-admin/includes/ajax-actions.php in WordPress before 4.6 allows remote attackers to hijack the authentication of subscribers for /dev/random read operations by leveraging a late call to the check_ajax_referer function, a related issue to CVE-2016-6896. Vulnerabilidad de CSRF en la función wp_ajax_update_plugin en wp-admin/includes/ajax-actions.php en WordPress en versiones anteriores a 4.6 permite a atacantes remotos secuestrar la autenticación de subscriptores para operaciones de lectura /dev/random aprovechando una llamada tardía a la función check_ajax_referer, un caso relacionado con CVE-2016-6896. Cross-site request forgery (CSRF) vulnerability in the wp_ajax_update_plugin function in wp-admin/includes/ajax-actions.php in WordPress before 4.6 allows remote attackers to hijack the authentication of subscribers for /dev/random read operations by leveraging a late call to • https://www.exploit-db.com/exploits/40288 http://www.openwall.com/lists/oss-security/2016/08/20/1 http://www.securityfocus.com/bid/92572 http://www.securitytracker.com/id/1036683 https://github.com/WordPress/WordPress/commit/8c82515ab62b88fb32d01c9778f0204b296f3568 https://sumofpwn.nl/advisory/2016/path_traversal_vulnerability_in_wordpress_core_ajax_handlers.html https://wpvulndb.com/vulnerabilities/8606 - • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2016-10148 – WordPress Core < 4.6 - Authorization Bypass
https://notcve.org/view.php?id=CVE-2016-10148
The wp_ajax_update_plugin function in wp-admin/includes/ajax-actions.php in WordPress before 4.6 makes a get_plugin_data call before checking the update_plugins capability, which allows remote authenticated users to bypass intended read-access restrictions via the plugin parameter to wp-admin/admin-ajax.php, a related issue to CVE-2016-6896. La función wp_ajax_update_plugin en wp-admin/includes/ajax-actions.php en WordPress en versiones anteriores a 4.6 hace una llamada get_plugin_data antes de comprobar la capacidad update_plugins, lo que permite a usuarios remotos autenticados eludir las restricciones de acceso de lectura a través del parámetro plugin a wp-admin/admin-ajax.php, un caso relacionado con CVE-2016-6896. • http://www.openwall.com/lists/oss-security/2016/08/20/1 http://www.securityfocus.com/bid/96847 https://core.trac.wordpress.org/changeset/38168 https://core.trac.wordpress.org/ticket/37490 https://sumofpwn.nl/advisory/2016/path_traversal_vulnerability_in_wordpress_core_ajax_handlers.html • CWE-254: 7PK - Security Features CWE-284: Improper Access Control CWE-862: Missing Authorization •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2012-6707 – WordPress Core - Informational - All known Versions - Weak Hashing Algorithm
https://notcve.org/view.php?id=CVE-2012-6707
WordPress through 4.8.2 uses a weak MD5-based password hashing algorithm, which makes it easier for attackers to determine cleartext values by leveraging access to the hash values. NOTE: the approach to changing this may not be fully compatible with certain use cases, such as migration of a WordPress site from a web host that uses a recent PHP version to a different web host that uses PHP 5.2. These use cases are plausible (but very unlikely) based on statistics showing widespread deployment of WordPress with obsolete PHP versions. WordPress hasta la versión 4.8.2 emplea un algoritmo débil de hash de contraseñas basado en MD5, lo que facilita que atacantes determinen valores en texto claro aprovechando el acceso a los valores hash. NOTA: la forma de cambiar esto puede no ser totalmente compatible con ciertos casos de uso, como la migración de un sitio de WordPress desde un host web que emplee una versión reciente de PHP a un host web diferente que emplee PHP 5.2. • https://core.trac.wordpress.org/ticket/21022 • CWE-261: Weak Encoding for Password CWE-326: Inadequate Encryption Strength •