Page 26 of 136 results (0.007 seconds)

CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0

The oEmbed protocol implementation in WordPress before 4.5.3 allows remote attackers to cause a denial of service via unspecified vectors. El protocolo de implementación de oEmbed en WordPress en versiones anteriores a 4.5.3 permite a atacantes remotos provocar una denegación de servicio a través de vectores no especificados. • http://www.securityfocus.com/bid/91363 http://www.securitytracker.com/id/1036163 https://codex.wordpress.org/Version_4.5.3 https://lists.debian.org/debian-lts-announce/2018/07/msg00046.html https://wordpress.org/news/2016/06/wordpress-4-5-3 https://wpvulndb.com/vulnerabilities/8523 • CWE-400: Uncontrolled Resource Consumption •

CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0

Cross-site scripting (XSS) vulnerability in the wp_get_attachment_link function in wp-includes/post-template.php in WordPress before 4.5.3 allows remote attackers to inject arbitrary web script or HTML via a crafted attachment name, a different vulnerability than CVE-2016-5833. Vulnerabilidad de XSS en la función wp_get_attachment_link en wp-includes/post-template.php en WordPress en versiones anteriores a 4.5.3 permite a atacantes remotos inyectar secuencia de comandos web o HTML a través de un nombre adjunto manipulado, una vulnerabilidad diferente a CVE-2016-5833. • http://www.debian.org/security/2016/dsa-3639 http://www.securityfocus.com/bid/91368 http://www.securitytracker.com/id/1036163 https://codex.wordpress.org/Version_4.5.3 https://github.com/WordPress/WordPress/commit/4372cdf45d0f49c74bbd4d60db7281de83e32648 https://wordpress.org/news/2016/06/wordpress-4-5-3 https://wpvulndb.com/vulnerabilities/8518 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.4EPSS: 0%CPEs: 2EXPL: 0

Cross-site scripting (XSS) vulnerability in flash/FlashMediaElement.as in MediaElement.js before 2.21.0, as used in WordPress before 4.5.2, allows remote attackers to inject arbitrary web script or HTML via an obfuscated form of the jsinitfunction parameter, as demonstrated by "jsinitfunctio%gn." Vulnerabilidad de XSS en flash/FlashMediaElement.as en MediaElement.js en versiones anteriores a 2.21.0, como se utiliza en WordPress en versiones anteriores a 4.5.2, permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de un formulario ofuscado del parámetro jsinitfunction, como es demostrado por "jsinitfunctio%gn". • http://www.openwall.com/lists/oss-security/2016/05/07/2 http://www.securitytracker.com/id/1035818 https://codex.wordpress.org/Version_4.5.2 https://core.trac.wordpress.org/changeset/37371 https://gist.github.com/cure53/df34ea68c26441f3ae98f821ba1feb9c https://github.com/johndyer/mediaelement/blob/master/changelog.md https://github.com/johndyer/mediaelement/commit/34834eef8ac830b9145df169ec22016a4350f06e https://wordpress.org/news/2016/05/wordpress-4-5-2 https://wpvulndb.com/vulnerabilities/8488 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 1%CPEs: 2EXPL: 0

Cross-site scripting (XSS) vulnerability in plupload.flash.swf in Plupload before 2.1.9, as used in WordPress before 4.5.2, allows remote attackers to inject arbitrary web script or HTML via a Same-Origin Method Execution (SOME) attack. Vulnerabilidad de XSS en plupload.flash.swf en Plupload en versiones anteriores a 2.1.9, como se utiliza en WordPress en versiones anteriores a 4.5.2, permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de un ataque Same-Origin Method Execution (SOME). • http://www.openwall.com/lists/oss-security/2016/05/07/2 http://www.plupload.com/punbb/viewtopic.php?pid=28690 http://www.securitytracker.com/id/1035818 https://codex.wordpress.org/Version_4.5.2 https://core.trac.wordpress.org/changeset/37382 https://gist.github.com/cure53/09a81530a44f6b8173f545accc9ed07e https://wordpress.org/news/2016/05/wordpress-4-5-2 https://wpvulndb.com/vulnerabilities/8489 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0

Cross-site scripting (XSS) vulnerability in the network settings page in WordPress before 4.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en la página de configuración de red en WordPress en versiones anteriores a 4.5 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados. • http://codex.wordpress.org/Version_4.5 http://www.debian.org/security/2016/dsa-3681 http://www.securityfocus.com/bid/92390 https://core.trac.wordpress.org/query?status=closed&milestone=4.5 https://wpvulndb.com/vulnerabilities/8474 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •