CVE-2016-6635 – WordPress Core < 4.5 - Cross-Site Request Forgery via wp_ajax_wp_compression_test
https://notcve.org/view.php?id=CVE-2016-6635
Cross-site request forgery (CSRF) vulnerability in the wp_ajax_wp_compression_test function in wp-admin/includes/ajax-actions.php in WordPress before 4.5 allows remote attackers to hijack the authentication of administrators for requests that change the script compression option. Vulnerabilidad de CSRF en la función wp_ajax_wp_compression_test en wp-admin/includes/ajax-actions.php en WordPress en versiones anteriores a 4.5 permite a atacantes remotos secuestrar la autenticación de administradores para peticiones que cambian la opción de compresión de la escritura. • http://codex.wordpress.org/Version_4.5 http://www.debian.org/security/2016/dsa-3681 https://github.com/WordPress/WordPress/commit/9b7a7754133c50b82bd9d976fb5b24094f658aab https://wpvulndb.com/vulnerabilities/8475 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2016-2221 – WordPress Core < 4.4.2 - Open Redirect via wp_validate_redirect
https://notcve.org/view.php?id=CVE-2016-2221
Open redirect vulnerability in the wp_validate_redirect function in wp-includes/pluggable.php in WordPress before 4.4.2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a malformed URL that triggers incorrect hostname parsing, as demonstrated by an https:example.com URL. Vulnerabilidad de redirección abierta en la función wp_validate_redirect en wp-includes/pluggable.php en WordPress en versiones anteriores a 4.4.2 permite a atacantes remotos redirigir a los usuarios a sitios web arbitrarios y llevar acabo ataques de phishing a través de una URL mal formada que desencadena un análisis gramatical del nombre de host incorrecto, según lo demostrado mediante una URL https:example.com. • http://www.debian.org/security/2016/dsa-3472 http://www.securityfocus.com/bid/82463 http://www.securitytracker.com/id/1034933 https://codex.wordpress.org/Version_4.4.2 https://core.trac.wordpress.org/changeset/36444 https://wordpress.org/news/2016/02/wordpress-4-4-2-security-and-maintenance-release https://wpvulndb.com/vulnerabilities/8377 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVE-2016-1564 – WordPress Core < 4.4.1 - Cross-Site Scripting via Theme Names
https://notcve.org/view.php?id=CVE-2016-1564
Multiple cross-site scripting (XSS) vulnerabilities in wp-includes/class-wp-theme.php in WordPress before 4.4.1 allow remote attackers to inject arbitrary web script or HTML via a (1) stylesheet name or (2) template name to wp-admin/customize.php. Múltiples vulnerabilidades de XSS en wp-includes/class-wp-theme.php en WordPress en versiones anteriores a 4.4.1 permiten a atacantes remotos inyectar comandos de web o HTML arbitrarios a través de (1) nombre de hoja de estilo o (2) nombre de plantilla para wp-admin/customize.php. • http://twitter.com/brutelogic/statuses/685105483397619713 http://www.debian.org/security/2016/dsa-3444 http://www.openwall.com/lists/oss-security/2016/01/08/4 http://www.securitytracker.com/id/1034622 https://codex.wordpress.org/Version_4.4.1 https://core.trac.wordpress.org/changeset/36185 https://wordpress.org/news/2016/01/wordpress-4-4-1-security-and-maintenance-release https://wpvulndb.com/vulnerabilities/8358 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2014-6412 – WordPress Core < 4.4 - Brute Force Password Recovery Tokens
https://notcve.org/view.php?id=CVE-2014-6412
WordPress before 4.4 makes it easier for remote attackers to predict password-recovery tokens via a brute-force approach. Las versiones anteriores a la 4.4 de WordPress facilitan que atacantes remotos puedan predecir tokens password-recovery mediante un ataque de fuerza bruta. • http://packetstormsecurity.com/files/130380/WordPress-Failed-Randomness.html http://seclists.org/fulldisclosure/2015/Feb/42 http://seclists.org/fulldisclosure/2015/Feb/53 http://www.securityfocus.com/bid/72589 http://www.securitytracker.com/id/1031749 https://bugzilla.redhat.com/show_bug.cgi?id=1192474 https://core.trac.wordpress.org/ticket/28633 • CWE-261: Weak Encoding for Password CWE-640: Weak Password Recovery Mechanism for Forgotten Password •
CVE-2012-6707 – WordPress Core - Informational - All known Versions - Weak Hashing Algorithm
https://notcve.org/view.php?id=CVE-2012-6707
WordPress through 4.8.2 uses a weak MD5-based password hashing algorithm, which makes it easier for attackers to determine cleartext values by leveraging access to the hash values. NOTE: the approach to changing this may not be fully compatible with certain use cases, such as migration of a WordPress site from a web host that uses a recent PHP version to a different web host that uses PHP 5.2. These use cases are plausible (but very unlikely) based on statistics showing widespread deployment of WordPress with obsolete PHP versions. WordPress hasta la versión 4.8.2 emplea un algoritmo débil de hash de contraseñas basado en MD5, lo que facilita que atacantes determinen valores en texto claro aprovechando el acceso a los valores hash. NOTA: la forma de cambiar esto puede no ser totalmente compatible con ciertos casos de uso, como la migración de un sitio de WordPress desde un host web que emplee una versión reciente de PHP a un host web diferente que emplee PHP 5.2. • https://core.trac.wordpress.org/ticket/21022 • CWE-261: Weak Encoding for Password CWE-326: Inadequate Encryption Strength •