Page 30 of 292 results (0.006 seconds)

CVSS: 4.3EPSS: 0%CPEs: 98EXPL: 0

CVE-2014-0165 – WordPress Core < 3.8.2 - Contributor Users Can Publish Posts

https://notcve.org/view.php?id=CVE-2014-0165

WordPress before 3.7.2 and 3.8.x before 3.8.2 allows remote authenticated users to publish posts by leveraging the Contributor role, related to wp-admin/includes/post.php and wp-admin/includes/class-wp-posts-list-table.php. WordPress anterior a 3.7.2 y 3.8.x anterior a 3.8.2 permite a usuarios remotos autenticados publicar mensajes mediante el aprovechamiento del rol de Colaborador, relacionado con wp-admin/includes/post.php y wp-admin/includes/class-wp-posts-list-table.php. • http://codex.wordpress.org/Version_3.7.2 http://codex.wordpress.org/Version_3.8.2 http://core.trac.wordpress.org/changeset/27976 http://www.debian.org/security/2014/dsa-2901 https://bugzilla.redhat.com/show_bug.cgi?id=1085866 • CWE-264: Permissions, Privileges, and Access Controls CWE-285: Improper Authorization •

CVSS: 6.5EPSS: 1%CPEs: 98EXPL: 1

CVE-2014-0166 – WordPress Core < 3.8.2 - Authentication Cookie Forgery

https://notcve.org/view.php?id=CVE-2014-0166

The wp_validate_auth_cookie function in wp-includes/pluggable.php in WordPress before 3.7.2 and 3.8.x before 3.8.2 does not properly determine the validity of authentication cookies, which makes it easier for remote attackers to obtain access via a forged cookie. La función wp_validate_auth_cookie en wp-includes/pluggable.php en WordPress anterior a 3.7.2 y 3.8.x anterior a 3.8.2 no determina debidamente la validez de cookies de autenticación, lo que facilita a atacantes remotos obtener acceso a través de una cookie falsificada. • https://github.com/Ettack/POC-CVE-2014-0166 http://codex.wordpress.org/Version_3.7.2 http://codex.wordpress.org/Version_3.8.2 http://core.trac.wordpress.org/changeset/28054 http://www.debian.org/security/2014/dsa-2901 https://bugzilla.redhat.com/show_bug.cgi?id=1085858 • CWE-287: Improper Authentication •

CVSS: 8.8EPSS: 0%CPEs: 11EXPL: 1

CVE-2013-7233 – WordPress Core < 2.1 - Cross-Site Request Forgery to Denial of Service

https://notcve.org/view.php?id=CVE-2013-7233

Cross-site request forgery (CSRF) vulnerability in the retrospam component in wp-admin/options-discussion.php in WordPress 2.0.11 and earlier allows remote attackers to hijack the authentication of administrators for requests that move comments to the moderation list. V ulnerabilidad Cross-site request forgery (CSRF) en el componente retrospam en wp-admin/options-discussion.php en WordPress 2.0.11 y anteriores permite a atacantes remotos secuestrar la autenticación de los administradores de las solicitudes que mueven comentarios a la moderación de la lista. • https://www.exploit-db.com/exploits/38924 http://seclists.org/fulldisclosure/2013/Dec/145 http://www.osvdb.org/101184 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 6.1EPSS: 0%CPEs: 21EXPL: 1

CVE-2013-5918 – Platinum SEO <= 1.3.7 - Reflected Cross-Site Scripting

https://notcve.org/view.php?id=CVE-2013-5918

Cross-site scripting (XSS) vulnerability in platinum_seo_pack.php in the Platinum SEO plugin before 1.3.8 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter. Vulnerabilidad XSS en platinum_seo_pack.php en el plugin Platinum SEO anterior a v1.3.8 para WordPress permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarias a través del parámetro "s". • http://osvdb.org/ref/97/platinum_seo.txt http://www.osvdb.org/97263 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 1

CVE-2013-6010 – Comment Attachment <= 1.5.5 - Cross-Site Scripting

https://notcve.org/view.php?id=CVE-2013-6010

Cross-site scripting (XSS) vulnerability in the Comment Attachment plugin 1.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via the "Attachment field title." Vulnerabilidad de XSS en el plugin Comment Attachment para WordPress permite a atacantes remotos inyectar script web arbitrario o HTML a través del "Attachment field title." Cross-site scripting (XSS) vulnerability in the Comment Attachment plugin 1.5.5 and below for WordPress allows remote attackers to inject arbitrary web script or HTML via the "Attachment field title." • http://osvdb.org/97600 http://packetstormsecurity.com/files/123327 https://exchange.xforce.ibmcloud.com/vulnerabilities/87290 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •