CVSS: 6.1EPSS: 0%CPEs: 26EXPL: 2CVE-2011-3863 – RedLine < 1.66 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2011-3863
Cross-site scripting (XSS) vulnerability in the RedLine theme before 1.66 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter. vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en el tema RedLine anteriores a v1.66 para WordPress, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro s. • https://www.exploit-db.com/exploits/36191 https://sitewat.ch/en/Advisories/22 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 28EXPL: 2CVE-2011-3852 – Evolve < 1.2.7 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2011-3852
Cross-site scripting (XSS) vulnerability in the EvoLve theme before 1.2.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter. vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en el tema EvoLve anteriores a v1.2.6 para WordPress, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro s. Cross-site scripting (XSS) vulnerability in the EvoLve theme before 1.2.7 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter. • https://www.exploit-db.com/exploits/36182 https://sitewat.ch/en/Advisories/10 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 14EXPL: 1CVE-2011-5216 – SCORM Cloud For WordPress < 1.0.7 - SQL Injection
https://notcve.org/view.php?id=CVE-2011-5216
SQL injection vulnerability in ajax.php in SCORM Cloud For WordPress plugin before 1.0.7 for WordPress allows remote attackers to execute arbitrary SQL commands via the active parameter. NOTE: some of these details are obtained from third party information. Vulnerabilidad de inyección SQL en ajax.php en el pluging SCORM Cloud For WordPress anteriores a v1.0.7 para WordPress, permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro. NOTA. Algunos de estos detalles se han obtenido de información de terceros. • http://plugins.trac.wordpress.org/changeset/435356/scormcloud http://secunia.com/advisories/47198 http://wordpress.org/extend/plugins/scormcloud/changelog http://www.osvdb.org/77679 https://exchange.xforce.ibmcloud.com/vulnerabilities/71788 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 27EXPL: 0CVE-2011-4568 – FV Flowplayer Video Player <= 1.2.11 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2011-4568
Cross-site scripting (XSS) vulnerability in view/frontend-head.php in the Flowplayer plugin before 1.2.12 for WordPress allows remote attackers to inject arbitrary web script or HTML via the URI. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en view/frontend-head.php en el complemento Flowplayer antes de v1.2.12 para WordPress, permite a atacantes remotos ejecutar secuencias de comandos web o HTML a través de la URI. • http://plugins.trac.wordpress.org/changeset?reponame=&new=413607%40fv-wordpress-flowplayer&old=409594%40fv-wordpress-flowplayer http://secunia.com/advisories/46346 http://wordpress.org/extend/plugins/fv-wordpress-flowplayer/changelog http://www.securityfocus.com/bid/50008 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.3EPSS: 0%CPEs: 6EXPL: 1CVE-2011-5270 – WordPress Core < 3.0.6 - Incorrect Authorization Checks
https://notcve.org/view.php?id=CVE-2011-5270
wp-admin/press-this.php in WordPress before 3.0.6 does not enforce the publish_posts capability requirement, which allows remote authenticated users to perform publish actions by leveraging the Contributor role. wp-admin/press-this.php en WordPress anterior a la versión 3.0.6 no cumple los requisitos de capacidad publish_posts, lo que permite a usuarios remotos autenticados realizar acciones de publicación mediante el aprovechamiento del rol de Contributor. • http://codex.wordpress.org/Version_3.0.6 https://core.trac.wordpress.org/changeset/17710 • CWE-264: Permissions, Privileges, and Access Controls CWE-285: Improper Authorization •