Page 28 of 148 results (0.012 seconds)

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

SQL injection vulnerability in the wp_untrash_post_comments function in wp-includes/post.php in WordPress before 4.2.4 allows remote attackers to execute arbitrary SQL commands via a comment that is mishandled after retrieval from the trash. Vulnerabilidad de inyección SQL en la función wp_untrash_post_comments en wp-includes/post.php en WordPress en versiones anteriores a 4.2.4 permite a atacantes remotos ejecutar comandos SQL arbitrarios a través de un comentario que no es manejado correctamente después de haber sido recuperado de la papelera de reciclaje. • http://openwall.com/lists/oss-security/2015/08/04/7 http://www.debian.org/security/2015/dsa-3332 http://www.debian.org/security/2015/dsa-3383 http://www.securityfocus.com/bid/76160 http://www.securitytracker.com/id/1033178 https://codex.wordpress.org/Version_4.2.4 https://core.trac.wordpress.org/changeset/33555 https://core.trac.wordpress.org/changeset/33556 https://wordpress.org/news/2015/08/wordpress-4-2-4-security-and-maintenance-release https://wpvulndb.com/ • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 5.5EPSS: 1%CPEs: 1EXPL: 0

Cross-site scripting (XSS) vulnerability in the form function in the WP_Nav_Menu_Widget class in wp-includes/default-widgets.php in WordPress before 4.2.4 allows remote attackers to inject arbitrary web script or HTML via a widget title. Vulnerabilidad de XSS en la función form en la clase WP_Nav_Menu_Widget en wp-includes/default-widgets.php en WordPress en versiones anteriores a 4.2.4 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de un título de widget. • http://openwall.com/lists/oss-security/2015/08/04/7 http://www.debian.org/security/2015/dsa-3332 http://www.debian.org/security/2015/dsa-3383 http://www.securityfocus.com/bid/76160 http://www.securitytracker.com/id/1033178 https://codex.wordpress.org/Version_4.2.4 https://core.trac.wordpress.org/changeset/33529 https://wordpress.org/news/2015/08/wordpress-4-2-4-security-and-maintenance-release https://wpvulndb.com/vulnerabilities/8131 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0

Cross-site scripting (XSS) vulnerability in the refreshAdvancedAccessibilityOfItem function in wp-admin/js/nav-menu.js in WordPress before 4.2.4 allows remote attackers to inject arbitrary web script or HTML via an accessibility-helper title. Vulnerabilidad de XSS en la función refreshAdvancedAccessibilityOfItem en wp-admin/js/nav-menu.js en WordPress en versiones anteriores a 4.2.4 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de un título de asistente de accesibilidad. • http://openwall.com/lists/oss-security/2015/08/04/7 http://www.securityfocus.com/bid/76331 http://www.securitytracker.com/id/1033178 https://codex.wordpress.org/Version_4.2.4 https://core.trac.wordpress.org/changeset/33540 https://core.trac.wordpress.org/changeset/33541 https://wordpress.org/news/2015/08/wordpress-4-2-4-security-and-maintenance-release https://wpvulndb.com/vulnerabilities/8132 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 1%CPEs: 1EXPL: 0

Cross-site scripting (XSS) vulnerability in the legacy theme preview implementation in wp-includes/theme.php in WordPress before 4.2.4 allows remote attackers to inject arbitrary web script or HTML via a crafted string. Vulnerabilidad de XSS en la implementación legacy theme preview en wp-includes/theme.php en WordPress en versiones anteriores a 4.2.4 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de una cadena manipulada. • http://openwall.com/lists/oss-security/2015/08/04/7 http://www.debian.org/security/2015/dsa-3332 http://www.debian.org/security/2015/dsa-3383 http://www.securityfocus.com/bid/76331 http://www.securitytracker.com/id/1033178 https://blog.sucuri.net/2015/08/persistent-xss-vulnerability-in-wordpress-explained.html https://codex.wordpress.org/Version_4.2.4 https://core.trac.wordpress.org/changeset/33549 https://wordpress.org/news/2015/08/wordpress-4-2-4-security-and-mainte • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.4EPSS: 0%CPEs: 2EXPL: 0

Cross-site scripting (XSS) vulnerability in WordPress before 4.2.3 allows remote authenticated users to inject arbitrary web script or HTML by leveraging the Author or Contributor role to place a crafted shortcode inside an HTML element, related to wp-includes/kses.php and wp-includes/shortcodes.php. Vulnerabilidad de XSS en WordPress en versiones anteriores a 4.2.3, permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través del aprovechamiento del rol de Author o Contributor para colocar un código corto manipulado dentro de un elemento HTML, relacionado con wp-includes/kses.php y wp-includes/shortcodes.php. • http://codex.wordpress.org/Version_4.2.3 http://openwall.com/lists/oss-security/2015/07/23/18 http://www.debian.org/security/2015/dsa-3328 http://www.debian.org/security/2015/dsa-3332 http://www.debian.org/security/2015/dsa-3383 http://www.securityfocus.com/bid/76011 http://www.securitytracker.com/id/1033037 https://core.trac.wordpress.org/changeset/33359 https://klikki.fi/adv/wordpress3.html https://wordpress.org/news/2015/07/wordpress-4-2-3 https:/& • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •