Page 36 of 281 results (0.007 seconds)

CVSS: 6.5EPSS: 0%CPEs: 18EXPL: 0

CVE-2012-6633 – WordPress Core <= 3.3.2 - Cross-Site Scripting

https://notcve.org/view.php?id=CVE-2012-6633

Cross-site scripting (XSS) vulnerability in wp-includes/default-filters.php in WordPress before 3.3.3 allows remote attackers to inject arbitrary web script or HTML via an editable slug field. Vulnerabilidad de Cross-site scripting (XSS) en wp-includes/default-filters.php en WordPress antes de 3.3.3 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de un campo slug editable. • http://codex.wordpress.org/Version_3.3.3 https://core.trac.wordpress.org/changeset/21083 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.4EPSS: 0%CPEs: 18EXPL: 0

CVE-2012-6634 – WordPress Core <= 3.3.2 - Sensitive Information Disclosure

https://notcve.org/view.php?id=CVE-2012-6634

wp-admin/media-upload.php in WordPress before 3.3.3 allows remote attackers to obtain sensitive information or bypass intended media-attachment restrictions via a post_id value. wp-admin/media-upload.php en WordPress anterior a 3.3.3 permite a atacantes remotos obtener información sensible o de evitar restricciones de medios adjuntos a través de un valor post_id. • http://codex.wordpress.org/Version_3.3.3 https://core.trac.wordpress.org/changeset/21087 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 4.3EPSS: 0%CPEs: 18EXPL: 0

CVE-2012-6635 – WordPress Core <= 3.3.2 - Sensitive Information Disclosure

https://notcve.org/view.php?id=CVE-2012-6635

wp-admin/includes/class-wp-posts-list-table.php in WordPress before 3.3.3 does not properly restrict excerpt-view access, which allows remote authenticated users to obtain sensitive information by visiting a draft. wp-admin/includes/class-wp-posts-list-table.php en WordPress anterior a 3.3.3 no restringe adecuadamente el accesso a la vista-resumen (excerpt-view) lo que permite a los usuarios remotos autenticados obtener información sensible al visitar un proyecto. • http://codex.wordpress.org/Version_3.3.3 https://core.trac.wordpress.org/changeset/21086 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2012-6707 – WordPress Core - Informational - All known Versions - Weak Hashing Algorithm

https://notcve.org/view.php?id=CVE-2012-6707

WordPress through 4.8.2 uses a weak MD5-based password hashing algorithm, which makes it easier for attackers to determine cleartext values by leveraging access to the hash values. NOTE: the approach to changing this may not be fully compatible with certain use cases, such as migration of a WordPress site from a web host that uses a recent PHP version to a different web host that uses PHP 5.2. These use cases are plausible (but very unlikely) based on statistics showing widespread deployment of WordPress with obsolete PHP versions. WordPress hasta la versión 4.8.2 emplea un algoritmo débil de hash de contraseñas basado en MD5, lo que facilita que atacantes determinen valores en texto claro aprovechando el acceso a los valores hash. NOTA: la forma de cambiar esto puede no ser totalmente compatible con ciertos casos de uso, como la migración de un sitio de WordPress desde un host web que emplee una versión reciente de PHP a un host web diferente que emplee PHP 5.2. • https://core.trac.wordpress.org/ticket/21022 • CWE-261: Weak Encoding for Password CWE-326: Inadequate Encryption Strength •

CVSS: 9.8EPSS: 20%CPEs: 4EXPL: 4

CVE-2012-3577 – Nmedia WordPress Member Conversation < 1.4 - Arbitrary File Upload

https://notcve.org/view.php?id=CVE-2012-3577

Unrestricted file upload vulnerability in doupload.php in the Nmedia Member Conversation plugin before 1.4 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in wp-content/uploads/user_uploads. Vulnerabilidad de carba de archivo sin restricciones en doupload.php en el plugin Nmedia Member Conversation antes de v1.4 para WordPress que permite a atacantes remotos ejecutar código arbitrario mediante la subida de un archivo con una extensión ejecutable, para a continuación, acceder a través de una solicitud directa al archivo en wp-content/uploads/user_uploads. • https://www.exploit-db.com/exploits/37353 http://packetstormsecurity.org/files/113287/WordPress-Nmedia-WP-Member-Conversation-1.35.0-Shell-Upload.html http://secunia.com/advisories/49375 http://wordpress.org/extend/plugins/wordpress-member-private-conversation/changelog http://www.opensyscom.fr/Actualites/wordpress-plugins-nmedia-wordpress-member-conversation-shell-upload-vulnerability.html http://www.securityfocus.com/bid/53790 https://exchange.xforce.ibmcloud.com/vulnerabilities/76076 • CWE-264: Permissions, Privileges, and Access Controls CWE-434: Unrestricted Upload of File with Dangerous Type •