CVSS: 6.1EPSS: 0%CPEs: 32EXPL: 2CVE-2011-3858 – Pixiv Custom < 2.1.6 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2011-3858
Cross-site scripting (XSS) vulnerability in the Pixiv Custom theme before 2.1.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter. vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en el tema Pixiv Custom anterior a v2.1.6 para WordPress, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro s. Cross-site scripting (XSS) vulnerability in the Pixiv Custom theme before 2.1.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via the cpage parameter. • https://www.exploit-db.com/exploits/36185 https://sitewat.ch/en/Advisories/16 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 28EXPL: 2CVE-2011-3852 – Evolve < 1.2.7 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2011-3852
Cross-site scripting (XSS) vulnerability in the EvoLve theme before 1.2.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter. vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en el tema EvoLve anteriores a v1.2.6 para WordPress, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro s. Cross-site scripting (XSS) vulnerability in the EvoLve theme before 1.2.7 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter. • https://www.exploit-db.com/exploits/36182 https://sitewat.ch/en/Advisories/10 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 14EXPL: 1CVE-2011-5216 – SCORM Cloud For WordPress < 1.0.7 - SQL Injection
https://notcve.org/view.php?id=CVE-2011-5216
SQL injection vulnerability in ajax.php in SCORM Cloud For WordPress plugin before 1.0.7 for WordPress allows remote attackers to execute arbitrary SQL commands via the active parameter. NOTE: some of these details are obtained from third party information. Vulnerabilidad de inyección SQL en ajax.php en el pluging SCORM Cloud For WordPress anteriores a v1.0.7 para WordPress, permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro. NOTA. Algunos de estos detalles se han obtenido de información de terceros. • http://plugins.trac.wordpress.org/changeset/435356/scormcloud http://secunia.com/advisories/47198 http://wordpress.org/extend/plugins/scormcloud/changelog http://www.osvdb.org/77679 https://exchange.xforce.ibmcloud.com/vulnerabilities/71788 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 27EXPL: 0CVE-2011-4568 – FV Flowplayer Video Player <= 1.2.11 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2011-4568
Cross-site scripting (XSS) vulnerability in view/frontend-head.php in the Flowplayer plugin before 1.2.12 for WordPress allows remote attackers to inject arbitrary web script or HTML via the URI. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en view/frontend-head.php en el complemento Flowplayer antes de v1.2.12 para WordPress, permite a atacantes remotos ejecutar secuencias de comandos web o HTML a través de la URI. • http://plugins.trac.wordpress.org/changeset?reponame=&new=413607%40fv-wordpress-flowplayer&old=409594%40fv-wordpress-flowplayer http://secunia.com/advisories/46346 http://wordpress.org/extend/plugins/fv-wordpress-flowplayer/changelog http://www.securityfocus.com/bid/50008 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2011-1762 – WordPress Core < 3.1.2 - Incorrect Authorization for Contributor-level users
https://notcve.org/view.php?id=CVE-2011-1762
A flaw exists in Wordpress related to the 'wp-admin/press-this.php 'script improperly checking user permissions when publishing posts. This may allow a user with 'Contributor-level' privileges to post as if they had 'publish_posts' permission. Se presenta un fallo en Wordpress relacionado con el script "wp-admin/press-this.php" que comprueba incorrectamente los permisos de usuario cuando son publicados posts. Esto puede permitir que un usuario con privilegios de tipo "Contributor-level" publique como si tuviera permiso "publish_posts" • https://wordpress.org/support/wordpress-version/version-3-1-2 • CWE-276: Incorrect Default Permissions CWE-284: Improper Access Control •