CVSS: 6.1EPSS: 0%CPEs: 53EXPL: 1CVE-2012-6527 – My Calendar < 1.10.5 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2012-6527
Cross-site scripting (XSS) vulnerability in the My Calendar plugin before 1.10.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. Cross-site scripting (XSS) en el plug-in My Calendar antes de v1.10.2 para WordPress permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del PATH_INFO. Cross-site scripting (XSS) vulnerability in the My Calendar plugin before 1.10.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. • http://plugins.trac.wordpress.org/changeset/490070/my-calendar http://secunia.com/advisories/47579 http://wordpress.org/extend/plugins/my-calendar/changelog http://www.securityfocus.com/bid/51539 https://exchange.xforce.ibmcloud.com/vulnerabilities/72454 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 1CVE-2011-5265 – Featurific For WordPress <= 1.6.2 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2011-5265
Cross-site scripting (XSS) vulnerability in cached_image.php in the Featurific For WordPress plugin 1.6.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the snum parameter. NOTE: this has been disputed by a third party. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en cached_image.php en el plugin Featurific For WordPress v1.6.2 para WordPress permite a atacantes remotos insertar secuencias de comandos web arbitrarias o código HTML a través del parámetro "snum". NOTA: esta vulnerabilidad está siendo discutida por terceros. • https://www.exploit-db.com/exploits/36339 http://archives.neohapsis.com/archives/bugtraq/2012-04/0120.html http://osvdb.org/77337 http://www.securityfocus.com/archive/1/520625/100/0/threaded http://www.securityfocus.com/bid/50779 https://exchange.xforce.ibmcloud.com/vulnerabilities/71468 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 22EXPL: 2CVE-2011-3860 – Cover WP <= 1.6.5 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2011-3860
Cross-site scripting (XSS) vulnerability in the Cover WP theme before 1.6.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter. vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en el tema Cover WP anteriores a v1.6.6 para WordPress, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro s. • https://www.exploit-db.com/exploits/36183 http://www.securityfocus.com/bid/50334 https://sitewat.ch/en/Advisories/18 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.3EPSS: 0%CPEs: 6EXPL: 1CVE-2011-5270 – WordPress Core < 3.0.6 - Incorrect Authorization Checks
https://notcve.org/view.php?id=CVE-2011-5270
wp-admin/press-this.php in WordPress before 3.0.6 does not enforce the publish_posts capability requirement, which allows remote authenticated users to perform publish actions by leveraging the Contributor role. wp-admin/press-this.php en WordPress anterior a la versión 3.0.6 no cumple los requisitos de capacidad publish_posts, lo que permite a usuarios remotos autenticados realizar acciones de publicación mediante el aprovechamiento del rol de Contributor. • http://codex.wordpress.org/Version_3.0.6 https://core.trac.wordpress.org/changeset/17710 • CWE-264: Permissions, Privileges, and Access Controls CWE-285: Improper Authorization •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2011-1762 – WordPress Core < 3.1.2 - Incorrect Authorization for Contributor-level users
https://notcve.org/view.php?id=CVE-2011-1762
A flaw exists in Wordpress related to the 'wp-admin/press-this.php 'script improperly checking user permissions when publishing posts. This may allow a user with 'Contributor-level' privileges to post as if they had 'publish_posts' permission. Se presenta un fallo en Wordpress relacionado con el script "wp-admin/press-this.php" que comprueba incorrectamente los permisos de usuario cuando son publicados posts. Esto puede permitir que un usuario con privilegios de tipo "Contributor-level" publique como si tuviera permiso "publish_posts" • https://wordpress.org/support/wordpress-version/version-3-1-2 • CWE-276: Incorrect Default Permissions CWE-284: Improper Access Control •