CVE-2013-2204 – WordPress Core <= 3.5.1 - Content-Spoofing Attacks
https://notcve.org/view.php?id=CVE-2013-2204
moxieplayer.as in Moxiecode moxieplayer, as used in the TinyMCE Media plugin in WordPress before 3.5.2 and other products, does not consider the presence of a # (pound sign) character during extraction of the QUERY_STRING, which allows remote attackers to pass arbitrary parameters to a Flash application, and conduct content-spoofing attacks, via a crafted string after a ? (question mark) character. moxieplayer.as en Moxiecode moxieplayer, como es usado en el plugin TinyMCE Media en WordPress anterior a v3.5.2 y otros productos, no tiene en cuenta la presencia de un carácter # (signo almohadilla), durante la extracción de la QUERY_STRING, que permite a atacantes remotos para pasar parámetros arbitrarios a una aplicación Flash, y realizar ataques de suplantación de contenido, una cadena hecha a mano después de un carácter ? (signo de interrogación). • http://codex.wordpress.org/Version_3.5.2 http://wordpress.org/news/2013/06/wordpress-3-5-2 http://www.debian.org/security/2013/dsa-2718 https://bugzilla.redhat.com/show_bug.cgi?id=976784 https://github.com/moxiecode/moxieplayer/commit/b61ac518ffa2657e2dc9019b2dcf2f3f37dbfab0 • CWE-20: Improper Input Validation •
CVE-2013-2205 – WordPress Core < 3.5.2 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2013-2205
The default configuration of SWFUpload in WordPress before 3.5.2 has an unrestrictive security.allowDomain setting, which allows remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via a crafted web site. La configuración por defecto en SWFUpload en WordPress anterior a v3.5.2 tiene una configuración security.allowDomain no restrictiva, permitiendo a atacantes remotos eludir el "Same Origin Policy" y llevar a cabo ataques cross-site scripting (XSS) a través de un sitio web manipulado. • http://codex.wordpress.org/Version_3.5.2 http://make.wordpress.org/core/2013/06/21/secure-swfupload http://wordpress.org/news/2013/06/wordpress-3-5-2 http://www.debian.org/security/2013/dsa-2718 http://www.securityfocus.com/bid/60759 https://bugzilla.redhat.com/show_bug.cgi?id=976784 • CWE-16: Configuration CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2013-2199 – WordPress Core < 3.5.2 - Server Side Request Forgery
https://notcve.org/view.php?id=CVE-2013-2199
The HTTP API in WordPress before 3.5.2 allows remote attackers to send HTTP requests to intranet servers via unspecified vectors, related to a Server-Side Request Forgery (SSRF) issue, a similar vulnerability to CVE-2013-0235. La HTTP API en WordPress anteriores a v3.5.2 permite a atacantes remotos enviar peticiones HTTP a los servidores de la intranet a través de vectores no especificados, relacionado con peticiones manipuladas del lado del servidor (Server-Side Request Forgery (SSRF)), es similar a CVE-2013-0235. • http://codex.wordpress.org/Version_3.5.2 http://wordpress.org/news/2013/06/wordpress-3-5-2 http://www.debian.org/security/2013/dsa-2718 https://bugzilla.redhat.com/show_bug.cgi?id=976784 • CWE-264: Permissions, Privileges, and Access Controls CWE-918: Server-Side Request Forgery (SSRF) •
CVE-2013-3529 – WP FuneralPress <= 1.1.6 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2013-3529
Multiple cross-site scripting (XSS) vulnerabilities in user/obits.php in the WP FuneralPress plugin before 1.1.7 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) message, (2) photo-message, or (3) youtube-message parameter. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en user/obits.php del plugin WP FuneralPress versiones anteriores a v1.1.7 para WordPress permite a atacantes remotos inyectar secuencias de comandos web o HTML mediante los parámetro (1) "message", (2) "photo-message", o (3) "youtube-message". • https://www.exploit-db.com/exploits/24914 http://packetstormsecurity.com/files/121030/WordPress-FuneralPress-1.1.6-Cross-Site-Scripting.html http://plugins.trac.wordpress.org/changeset?old_path=%2Fwp-funeral-press&old=690038&new_path=%2Fwp-funeral-press&new=690038 http://seclists.org/fulldisclosure/2013/Mar/282 http://secunia.com/advisories/52809 http://wordpress.org/extend/plugins/wp-funeral-press/changelog http://www.exploit-db.com/exploits/24914 http://www.securityfocus.com/bid/58790 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2013-0235 – WordPress Core < 3.5.1 - Server-Side Request Forgery
https://notcve.org/view.php?id=CVE-2013-0235
The XMLRPC API in WordPress before 3.5.1 allows remote attackers to send HTTP requests to intranet servers, and conduct port-scanning attacks, by specifying a crafted source URL for a pingback, related to a Server-Side Request Forgery (SSRF) issue. La API XMLRPC en WordPress anteriores a v3.5.1 permite a a atacantes remotos a enviar peticiones HTTP a servidores de la intranet, y conducir ataques de escaneo de puertos, especificando una URL origen manipulada en la respuesta a un ping, relacionado con una falsificación de petición del lado del servidor (SSRF). • http://codex.wordpress.org/Version_3.5.1 http://core.trac.wordpress.org/changeset/23330 http://wordpress.org/news/2013/01/wordpress-3-5-1 http://www.acunetix.com/blog/web-security-zone/wordpress-pingback-vulnerability https://bugzilla.redhat.com/show_bug.cgi?id=904120 • CWE-918: Server-Side Request Forgery (SSRF) •