CVSS: 6.1EPSS: 0%CPEs: 8EXPL: 2CVE-2011-3855 – F8 Lite <= 4.2.1 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2011-3855
Cross-site scripting (XSS) vulnerability in the F8 Lite theme before 4.2.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter. vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en el tema F8 Lite anteriores a v4.2.2 para WordPress, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro s. • https://www.exploit-db.com/exploits/36180 https://sitewat.ch/en/Advisories/13 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 12EXPL: 0CVE-2012-1068 – WP-RecentComments <= 2.0.6 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2012-1068
Cross-site scripting (XSS) vulnerability in the rc_ajax function in core.php in the WP-RecentComments plugin before 2.0.7 for WordPress allows remote attackers to inject arbitrary web script or HTML via the page parameter, related to AJAX paging. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en la función rc_ajax en core.php en el complemento WP-RecentComments v2.0.7 para WordPress, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro page, relacionado con la paginación AJAX. • http://plugins.trac.wordpress.org/changeset/416723/wp-recentcomments/trunk/core.php?old=316325&old_path=wp-recentcomments%2Ftrunk%2Fcore.php http://secunia.com/advisories/46141 http://wordpress.org/extend/plugins/wp-recentcomments/changelog http://www.osvdb.org/75635 http://www.securityfocus.com/bid/49734 https://exchange.xforce.ibmcloud.com/vulnerabilities/70003 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2011-1762 – WordPress Core < 3.1.2 - Incorrect Authorization for Contributor-level users
https://notcve.org/view.php?id=CVE-2011-1762
A flaw exists in Wordpress related to the 'wp-admin/press-this.php 'script improperly checking user permissions when publishing posts. This may allow a user with 'Contributor-level' privileges to post as if they had 'publish_posts' permission. Se presenta un fallo en Wordpress relacionado con el script "wp-admin/press-this.php" que comprueba incorrectamente los permisos de usuario cuando son publicados posts. Esto puede permitir que un usuario con privilegios de tipo "Contributor-level" publique como si tuviera permiso "publish_posts" • https://wordpress.org/support/wordpress-version/version-3-1-2 • CWE-276: Incorrect Default Permissions CWE-284: Improper Access Control •
CVSS: 6.3EPSS: 0%CPEs: 6EXPL: 1CVE-2011-5270 – WordPress Core < 3.0.6 - Incorrect Authorization Checks
https://notcve.org/view.php?id=CVE-2011-5270
wp-admin/press-this.php in WordPress before 3.0.6 does not enforce the publish_posts capability requirement, which allows remote authenticated users to perform publish actions by leveraging the Contributor role. wp-admin/press-this.php en WordPress anterior a la versión 3.0.6 no cumple los requisitos de capacidad publish_posts, lo que permite a usuarios remotos autenticados realizar acciones de publicación mediante el aprovechamiento del rol de Contributor. • http://codex.wordpress.org/Version_3.0.6 https://core.trac.wordpress.org/changeset/17710 • CWE-264: Permissions, Privileges, and Access Controls CWE-285: Improper Authorization •
CVSS: 6.4EPSS: 0%CPEs: 75EXPL: 0CVE-2011-4956 – WordPress Core <= 3.1 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2011-4956
Cross-site scripting (XSS) vulnerability in WordPress before 3.1.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en WordPress antes de v3.1.1, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores no especificados. • http://secunia.com/advisories/44038 http://secunia.com/advisories/49138 http://wordpress.org/news/2011/04/wordpress-3-1-1 http://www.debian.org/security/2012/dsa-2470 http://www.openwall.com/lists/oss-security/2012/04/19/17 http://www.openwall.com/lists/oss-security/2012/04/19/6 http://www.osvdb.org/72141 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •