CVE-2014-0165 – WordPress Core < 3.8.2 - Contributor Users Can Publish Posts
https://notcve.org/view.php?id=CVE-2014-0165
WordPress before 3.7.2 and 3.8.x before 3.8.2 allows remote authenticated users to publish posts by leveraging the Contributor role, related to wp-admin/includes/post.php and wp-admin/includes/class-wp-posts-list-table.php. WordPress anterior a 3.7.2 y 3.8.x anterior a 3.8.2 permite a usuarios remotos autenticados publicar mensajes mediante el aprovechamiento del rol de Colaborador, relacionado con wp-admin/includes/post.php y wp-admin/includes/class-wp-posts-list-table.php. • http://codex.wordpress.org/Version_3.7.2 http://codex.wordpress.org/Version_3.8.2 http://core.trac.wordpress.org/changeset/27976 http://www.debian.org/security/2014/dsa-2901 https://bugzilla.redhat.com/show_bug.cgi?id=1085866 • CWE-264: Permissions, Privileges, and Access Controls CWE-285: Improper Authorization •
CVE-2013-4340 – WordPress Core < 3.6.1 - Spoof Post Authorship
https://notcve.org/view.php?id=CVE-2013-4340
wp-admin/includes/post.php in WordPress before 3.6.1 allows remote authenticated users to spoof the authorship of a post by leveraging the Author role and providing a modified user_ID parameter. wp-admin/includes/post.php en WordPress anteriores a 3.6.1 permite a usuarios remotos autentificados falsear la autoría de una entrada aprovechando el rol Author y utilizando un parámetro user_ID modificado. • http://codex.wordpress.org/Version_3.6.1 http://core.trac.wordpress.org/changeset/25321 http://lists.fedoraproject.org/pipermail/package-announce/2013-September/116828.html http://lists.fedoraproject.org/pipermail/package-announce/2013-September/116832.html http://lists.fedoraproject.org/pipermail/package-announce/2013-September/117118.html http://wordpress.org/news/2013/09/wordpress-3-6-1 http://www.debian.org/security/2013/dsa-2757 • CWE-264: Permissions, Privileges, and Access Controls CWE-285: Improper Authorization •
CVE-2013-5738 – WordPress Core < 3.6.1 - HTML File Upload
https://notcve.org/view.php?id=CVE-2013-5738
The get_allowed_mime_types function in wp-includes/functions.php in WordPress before 3.6.1 does not require the unfiltered_html capability for uploads of .htm and .html files, which might make it easier for remote authenticated users to conduct cross-site scripting (XSS) attacks via a crafted file. La función get_allowed_mime_types en wp-includes/functions.php de WordPress anterior a 3.6.1 no requiere la capacidad unfiltered_html para subidas de ficheros .htm y .html lo cual podría facilitar a usuarios remotos autenticados realizar un ataque cross-site scripting (XSS) a través de un fichero manipulado • http://codex.wordpress.org/Version_3.6.1 http://core.trac.wordpress.org/changeset/25322 http://wordpress.org/news/2013/09/wordpress-3-6-1 http://www.debian.org/security/2013/dsa-2757 • CWE-20: Improper Input Validation CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2013-5739 – WordPress Core < 3.6.1 - .swf and .exe File Upload
https://notcve.org/view.php?id=CVE-2013-5739
The default configuration of WordPress before 3.6.1 does not prevent uploads of .swf and .exe files, which might make it easier for remote authenticated users to conduct cross-site scripting (XSS) attacks via a crafted file, related to the get_allowed_mime_types function in wp-includes/functions.php. La configuración por defecto de Wordpress anteriores a 3.6.1 no previene la carga de archivos .swf y .exe, lo que podría hacer fácil para un usuario remoto autentificado realizar ataques cross-site scripting (XSS) a través de archivos manipulados, relacionado con la función get_allowed_mime_types en wp-includes/functions.php. • http://codex.wordpress.org/Version_3.6.1 http://core.trac.wordpress.org/changeset/25322 http://wordpress.org/news/2013/09/wordpress-3-6-1 http://www.debian.org/security/2013/dsa-2757 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2013-4339 – WordPress Core < 3.6.1 - Open Redirect
https://notcve.org/view.php?id=CVE-2013-4339
WordPress before 3.6.1 does not properly validate URLs before use in an HTTP redirect, which allows remote attackers to bypass intended redirection restrictions via a crafted string. WordPress anterior a v3.6.1 no valida adecuadamente las URLs antes de su uso en una redirección HTTP, lo que permite a atacantes remotos evitar las restricciones establecidas a las redirecciones a través de una cadena hecha mano. WordPress version 3.6 suffers from multiple URL redirection restriction bypass vulnerabilities. • http://codex.wordpress.org/Version_3.6.1 http://core.trac.wordpress.org/changeset/25323 http://core.trac.wordpress.org/changeset/25324 http://lists.fedoraproject.org/pipermail/package-announce/2013-September/116828.html http://lists.fedoraproject.org/pipermail/package-announce/2013-September/116832.html http://lists.fedoraproject.org/pipermail/package-announce/2013-September/117118.html http://seclists.org/fulldisclosure/2013/Dec/174 http://wordpress.org/news/2013/09/wordpress-3-6-1 http:/ • CWE-20: Improper Input Validation CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •