Page 25 of 136 results (0.022 seconds)

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

The customizer in WordPress before 4.5.3 allows remote attackers to bypass intended redirection restrictions via unspecified vectors. El customizador en WordPress en versiones anteriores a 4.5.3 permite a atacantes remotos eludir las restricciones destinadas a la redirección a través de vectores no especificados. • http://www.debian.org/security/2016/dsa-3639 http://www.securityfocus.com/bid/91362 http://www.securitytracker.com/id/1036163 https://codex.wordpress.org/Version_4.5.3 https://wordpress.org/news/2016/06/wordpress-4-5-3 https://wpvulndb.com/vulnerabilities/8522 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

WordPress before 4.5.3 allows remote attackers to bypass intended password-change restrictions by leveraging knowledge of a cookie. WordPress en versiones anteriores a 4.5.3 permite a atacantes remotos eludir las restricciones destinadas al cambio de contraseña aprovechando el conocimiento de una cookie. • http://www.debian.org/security/2016/dsa-3639 http://www.securityfocus.com/bid/91367 http://www.securitytracker.com/id/1036163 https://codex.wordpress.org/Version_4.5.3 https://wordpress.org/news/2016/06/wordpress-4-5-3 https://wpvulndb.com/vulnerabilities/8524 • CWE-255: Credentials Management Errors CWE-285: Improper Authorization •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

WordPress before 4.5.3 allows remote attackers to bypass the sanitize_file_name protection mechanism via unspecified vectors. WordPress en versiones anteriores a 4.5.3 permite a atacantes remotos eludir el mecanismo de protección sanitize_file_name a través de vectores no especificados. • http://www.debian.org/security/2016/dsa-3639 http://www.securityfocus.com/bid/91364 http://www.securitytracker.com/id/1036163 https://codex.wordpress.org/Version_4.5.3 https://wordpress.org/news/2016/06/wordpress-4-5-3 • CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0

Cross-site scripting (XSS) vulnerability in the column_title function in wp-admin/includes/class-wp-media-list-table.php in WordPress before 4.5.3 allows remote attackers to inject arbitrary web script or HTML via a crafted attachment name, a different vulnerability than CVE-2016-5834. Vulnerabilidad de XSS en la función column_title en wp-admin/includes/class-wp-media-list-table.php en WordPress en versiones anteriores a 4.5.3 permite a atacantes remotos inyectar secuencia de comandos web o HTML a través de un nombre adjunto manipulado, una vulnerabilidad diferente a CVE-2016-5834. • http://www.securityfocus.com/bid/91368 http://www.securitytracker.com/id/1036163 https://codex.wordpress.org/Version_4.5.3 https://github.com/WordPress/WordPress/commit/4372cdf45d0f49c74bbd4d60db7281de83e32648 https://wordpress.org/news/2016/06/wordpress-4-5-3 https://wpvulndb.com/vulnerabilities/8518 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

WordPress before 4.5.3 allows remote attackers to obtain sensitive revision-history information by leveraging the ability to read a post, related to wp-admin/includes/ajax-actions.php and wp-admin/revision.php. WordPress en versiones anteriores a 4.5.3 permite a atacantes remotos obtener información sensible del histórico de revisión aprovechando la habilidad para leer un post relacionado con wp-admin/includes/ajax-actions.php y wp-admin/revision.php. • http://www.debian.org/security/2016/dsa-3639 http://www.securityfocus.com/bid/91366 http://www.securitytracker.com/id/1036163 https://codex.wordpress.org/Version_4.5.3 https://github.com/WordPress/WordPress/commit/a2904cc3092c391ac7027bc87f7806953d1a25a1 https://wordpress.org/news/2016/06/wordpress-4-5-3 https://wpvulndb.com/vulnerabilities/8519 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •