CVE-2012-6707 – WordPress Core - Informational - All known Versions - Weak Hashing Algorithm
https://notcve.org/view.php?id=CVE-2012-6707
WordPress through 4.8.2 uses a weak MD5-based password hashing algorithm, which makes it easier for attackers to determine cleartext values by leveraging access to the hash values. NOTE: the approach to changing this may not be fully compatible with certain use cases, such as migration of a WordPress site from a web host that uses a recent PHP version to a different web host that uses PHP 5.2. These use cases are plausible (but very unlikely) based on statistics showing widespread deployment of WordPress with obsolete PHP versions. WordPress hasta la versión 4.8.2 emplea un algoritmo débil de hash de contraseñas basado en MD5, lo que facilita que atacantes determinen valores en texto claro aprovechando el acceso a los valores hash. NOTA: la forma de cambiar esto puede no ser totalmente compatible con ciertos casos de uso, como la migración de un sitio de WordPress desde un host web que emplee una versión reciente de PHP a un host web diferente que emplee PHP 5.2. • https://core.trac.wordpress.org/ticket/21022 • CWE-261: Weak Encoding for Password CWE-326: Inadequate Encryption Strength •
CVE-2011-3855 – F8 Lite <= 4.2.1 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2011-3855
Cross-site scripting (XSS) vulnerability in the F8 Lite theme before 4.2.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter. vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en el tema F8 Lite anteriores a v4.2.2 para WordPress, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro s. • https://www.exploit-db.com/exploits/36180 https://sitewat.ch/en/Advisories/13 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2011-3854 – ZenLite <= 4.3 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2011-3854
Cross-site scripting (XSS) vulnerability in the ZenLite theme before 4.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter. vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en el tema ZenLite anteriores a v4.4 para WordPress, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro s. • http://secunia.com/advisories/46296 https://sitewat.ch/en/Advisories/12 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2010-4277 – Embedded Video <= 4.1 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2010-4277
Cross-site scripting (XSS) vulnerability in lembedded-video.php in the Embedded Video plugin 4.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the content parameter to wp-admin/post.php. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en lembedded-video.php en el plugin Embedded Video v4.1 para WordPress permite a atacantes remotos inyecatar código web o HTML de su elección a través del parámetro content en wp-admin/post.php. Cross-site scripting (XSS) vulnerability in embedded-video.php in the Embedded Video plugin 4.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the content parameter to wp-admin/post.php. Embedded Video WordPress Plugin suffers from a cross site scripting vulnerability. • http://www.securityfocus.com/archive/1/515345/100/0/threaded http://www.securityfocus.com/bid/45486 https://exchange.xforce.ibmcloud.com/vulnerabilities/64214 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •