CVSS: 5.0EPSS: 0%CPEs: 73EXPL: 4CVE-2011-4898 – WordPress Core 3.3.1 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2011-4898
wp-admin/setup-config.php in the installation component in WordPress 3.3.1 and earlier generates different error messages for requests lacking a dbname parameter depending on whether the MySQL credentials are valid, which makes it easier for remote attackers to conduct brute-force attacks via a series of requests with different uname and pwd parameters. NOTE: the vendor disputes the significance of this issue; also, it is unclear whether providing intentionally vague error messages during installation would be reasonable from a usability perspective ** CONTROVERTIDO ** wp-admin/setup-config.php en el componente de instalación de WordPress v3.3.1 y anteriores genera diferentes mensajes de error para las solicitudes que carecen de un parámetro dbname dependiendo de si las credenciales MySQL son válidas, lo facilita a los atacantes remotos a la hora de llevar a cabo ataque de fuerza bruta a través de un gran numero de peticiones con diferentes parámetros 'uname' y 'pwd'. NOTA: el vendedor se opone a la importancia de este problema. Por otra parte, tampoco está claro si proporcionar mensajes de error intencionalmente vagos durante la instalación es razonable desde la perspectiva de la usabilidad. WordPress versions 3.3.1 and below suffer from MySQL username/password disclosure, PHP code execution and cross site scripting vulnerabilities. • https://www.exploit-db.com/exploits/18417 http://archives.neohapsis.com/archives/bugtraq/2012-01/0150.html http://www.exploit-db.com/exploits/18417 https://www.trustwave.com/spiderlabs/advisories/TWSL2012-002.txt • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 4%CPEs: 3EXPL: 4CVE-2012-1125 – Kish Guest Posting <= 1.1 - Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2012-1125
Unrestricted file upload vulnerability in uploadify/scripts/uploadify.php in the Kish Guest Posting plugin before 1.2 for WordPress allows remote attackers to execute arbitrary code by uploading a file with a PHP extension, then accessing it via a direct request to the file in the directory specified by the folder parameter. Vulnerabilidad de subida de archivos sin restricción en uploadify/scripts/uploadify.php en el plugin Kish Guest Posting anterior a v1.2 para WordPress, permite a atacantes remotos ejecutar código de su elección subiendo un archivo con una extensión PHP, después accediendo al mismo a través de una petición al fichero en el directorio especificado por el parámetro folder. The Kish Guest Posting plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the uploadify/scripts/uploadify.php file in versions up to, and including, 1.2. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected sites server which may make remote code execution possible. • https://www.exploit-db.com/exploits/18412 http://archives.neohapsis.com/archives/bugtraq/2012-01/0145.html http://plugins.svn.wordpress.org/kish-guest-posting/trunk/readme.txt http://plugins.trac.wordpress.org/changeset/403694/kish-guest-posting/trunk/uploadify/scripts/uploadify.php http://secunia.com/advisories/47688 http://www.exploit-db.com/exploits/18412 http://www.openwall.com/lists/oss-security/2012/03/06/11 http://www.openwall.com/lists/oss-security/2012/03/06/3 http&# • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 5CVE-2012-0895 – Count per Day <= 3.1 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2012-0895
Cross-site scripting (XSS) vulnerability in map/map.php in the Count Per Day module before 3.1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the map parameter. Vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en el map/map.php en el módulo "Count Per Day" de Wordpress antes de su versión v3.1.1, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro 'map'. The Count per Day plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘map’ parameter in versions up to, and including, 3.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. • https://www.exploit-db.com/exploits/18355 http://osvdb.org/78271 http://packetstormsecurity.org/files/108631/countperday-downloadxss.txt http://plugins.trac.wordpress.org/changeset/488883/count-per-day http://secunia.com/advisories/47529 http://wordpress.org/extend/plugins/count-per-day/changelog http://www.exploit-db.com/exploits/18355 http://www.securityfocus.com/bid/51402 https://exchange.xforce.ibmcloud.com/vulnerabilities/72384 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 1%CPEs: 7EXPL: 4CVE-2012-0896 – Count per Day <= 3.1 - Arbitrary File Download
https://notcve.org/view.php?id=CVE-2012-0896
Absolute path traversal vulnerability in download.php in the Count Per Day module before 3.1.1 for WordPress allows remote attackers to read arbitrary files via the f parameter. Una vulnerabilidad de salto de directorio abosluto en download.php en el modulo de Wordpress llamado "Count Per Day" antes de su versión v3.1.1, permite a atacantes remotos leer ficheros de su elección mediante el parámetro 'f'. • https://www.exploit-db.com/exploits/18355 http://osvdb.org/78270 http://packetstormsecurity.org/files/108631/countperday-downloadxss.txt http://plugins.trac.wordpress.org/changeset/488883/count-per-day http://secunia.com/advisories/47529 http://wordpress.org/extend/plugins/count-per-day/changelog http://www.exploit-db.com/exploits/18355 http://www.securityfocus.com/bid/51402 https://exchange.xforce.ibmcloud.com/vulnerabilities/72385 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.1EPSS: 0%CPEs: 18EXPL: 3CVE-2011-5207 – TheCartPress eCommerce Shopping Cart <= 1.1.5 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2011-5207
Cross-site scripting (XSS) vulnerability in admin/OptionsPostsList.php in the TheCartPress plugin for WordPress before 1.1.6 before 2011-12-31 allows remote attackers to inject arbitrary web script or HTML via the tcp_name_post_XXXXX parameter. Una vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en admin/OptionsPostsList.php en el plugin para WordPress TheCartPress antes de v1.1.6 anterior al 31/12/2011, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro tcp_name_post_XXXXX. • https://www.exploit-db.com/exploits/36481 http://packetstormsecurity.org/files/view/108272/wpcartpress-xss.txt http://plugins.trac.wordpress.org/changeset/482746/thecartpress http://secunia.com/advisories/47427 http://www.securityfocus.com/bid/51216 https://exchange.xforce.ibmcloud.com/vulnerabilities/72070 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •