Page 29 of 144 results (0.004 seconds)

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0

CVE-2015-5733 – WordPress Core < 4.2.4 - Stored Cross-Site Scripting via accessibility-helper Title

https://notcve.org/view.php?id=CVE-2015-5733

Cross-site scripting (XSS) vulnerability in the refreshAdvancedAccessibilityOfItem function in wp-admin/js/nav-menu.js in WordPress before 4.2.4 allows remote attackers to inject arbitrary web script or HTML via an accessibility-helper title. Vulnerabilidad de XSS en la función refreshAdvancedAccessibilityOfItem en wp-admin/js/nav-menu.js en WordPress en versiones anteriores a 4.2.4 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de un título de asistente de accesibilidad. • http://openwall.com/lists/oss-security/2015/08/04/7 http://www.securityfocus.com/bid/76331 http://www.securitytracker.com/id/1033178 https://codex.wordpress.org/Version_4.2.4 https://core.trac.wordpress.org/changeset/33540 https://core.trac.wordpress.org/changeset/33541 https://wordpress.org/news/2015/08/wordpress-4-2-4-security-and-maintenance-release https://wpvulndb.com/vulnerabilities/8132 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 1%CPEs: 1EXPL: 0

CVE-2015-5734 – WordPress Core < 4.2.4 - Cross-Site Scripting in Theme Preview

https://notcve.org/view.php?id=CVE-2015-5734

Cross-site scripting (XSS) vulnerability in the legacy theme preview implementation in wp-includes/theme.php in WordPress before 4.2.4 allows remote attackers to inject arbitrary web script or HTML via a crafted string. Vulnerabilidad de XSS en la implementación legacy theme preview en wp-includes/theme.php en WordPress en versiones anteriores a 4.2.4 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de una cadena manipulada. • http://openwall.com/lists/oss-security/2015/08/04/7 http://www.debian.org/security/2015/dsa-3332 http://www.debian.org/security/2015/dsa-3383 http://www.securityfocus.com/bid/76331 http://www.securitytracker.com/id/1033178 https://blog.sucuri.net/2015/08/persistent-xss-vulnerability-in-wordpress-explained.html https://codex.wordpress.org/Version_4.2.4 https://core.trac.wordpress.org/changeset/33549 https://wordpress.org/news/2015/08/wordpress-4-2-4-security-and-mainte • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 8.1EPSS: 1%CPEs: 1EXPL: 0

CVE-2014-6412 – WordPress Core < 4.4 - Brute Force Password Recovery Tokens

https://notcve.org/view.php?id=CVE-2014-6412

WordPress before 4.4 makes it easier for remote attackers to predict password-recovery tokens via a brute-force approach. Las versiones anteriores a la 4.4 de WordPress facilitan que atacantes remotos puedan predecir tokens password-recovery mediante un ataque de fuerza bruta. • http://packetstormsecurity.com/files/130380/WordPress-Failed-Randomness.html http://seclists.org/fulldisclosure/2015/Feb/42 http://seclists.org/fulldisclosure/2015/Feb/53 http://www.securityfocus.com/bid/72589 http://www.securitytracker.com/id/1031749 https://bugzilla.redhat.com/show_bug.cgi?id=1192474 https://core.trac.wordpress.org/ticket/28633 • CWE-261: Weak Encoding for Password CWE-640: Weak Password Recovery Mechanism for Forgotten Password •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2012-6707 – WordPress Core - Informational - All known Versions - Weak Hashing Algorithm

https://notcve.org/view.php?id=CVE-2012-6707

WordPress through 4.8.2 uses a weak MD5-based password hashing algorithm, which makes it easier for attackers to determine cleartext values by leveraging access to the hash values. NOTE: the approach to changing this may not be fully compatible with certain use cases, such as migration of a WordPress site from a web host that uses a recent PHP version to a different web host that uses PHP 5.2. These use cases are plausible (but very unlikely) based on statistics showing widespread deployment of WordPress with obsolete PHP versions. WordPress hasta la versión 4.8.2 emplea un algoritmo débil de hash de contraseñas basado en MD5, lo que facilita que atacantes determinen valores en texto claro aprovechando el acceso a los valores hash. NOTA: la forma de cambiar esto puede no ser totalmente compatible con ciertos casos de uso, como la migración de un sitio de WordPress desde un host web que emplee una versión reciente de PHP a un host web diferente que emplee PHP 5.2. • https://core.trac.wordpress.org/ticket/21022 • CWE-261: Weak Encoding for Password CWE-326: Inadequate Encryption Strength •