CVSS: 7.5EPSS: 0%CPEs: 54EXPL: 2CVE-2011-4803 – WPtouch <= 1.9.8 - SQL Injection
https://notcve.org/view.php?id=CVE-2011-4803
SQL injection vulnerability in wptouch/ajax.php in the WPTouch plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter. Vulnerabilidad de inyección SQL en wptouch/ajax.php en el complemento WPTouch para WordPress, permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro id • https://www.exploit-db.com/exploits/18039 http://www.exploit-db.com/exploits/18039 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 7EXPL: 1CVE-2011-4669 – WordPress Users <= 1.3 - SQL Injection
https://notcve.org/view.php?id=CVE-2011-4669
SQL injection vulnerability in wp-users.php in WordPress Users plugin 1.3 and possibly earlier for WordPress allows remote attackers to execute arbitrary SQL commands via the uid parameter to index.php. Vulnerabilidad de inyección SQL en wp-users.php de WordPress Users plugin v1.3 y posiblemente anterior para WordPress permite a atacantes remotos ejecutar comandos SQL a través del parámetro index.php. • http://plugins.trac.wordpress.org/changeset/448261/wordpress-users http://secunia.com/advisories/46442 http://wordpress.org/extend/plugins/wordpress-users http://www.securityfocus.com/bid/50174 https://exchange.xforce.ibmcloud.com/vulnerabilities/70683 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 22EXPL: 2CVE-2011-3860 – Cover WP <= 1.6.5 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2011-3860
Cross-site scripting (XSS) vulnerability in the Cover WP theme before 1.6.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter. vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en el tema Cover WP anteriores a v1.6.6 para WordPress, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro s. • https://www.exploit-db.com/exploits/36183 http://www.securityfocus.com/bid/50334 https://sitewat.ch/en/Advisories/18 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 2CVE-2011-3865 – Black-Letterhead <= 1.5 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2011-3865
Cross-site scripting (XSS) vulnerability in the Black-LetterHead theme before 1.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php. vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en el tema Black-LetterHead anterior a v1.6 para WordPress, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de PATH_INFO sobre index.php. • https://www.exploit-db.com/exploits/36187 https://sitewat.ch/en/Advisories/24 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 19EXPL: 1CVE-2011-3864 – The Erudite <= 2.7.8 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2011-3864
Cross-site scripting (XSS) vulnerability in the The Erudite theme before 2.7.9 for WordPress allows remote attackers to inject arbitrary web script or HTML via the cpage parameter. vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en el tema The Erudite anteriores a v2.7.9 para WordPress, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro cpage. Cross-site scripting (XSS) vulnerability in the The Erudite theme before 2.8 for WordPress allows remote attackers to inject arbitrary web script or HTML via the cpage parameter. • https://sitewat.ch/en/Advisories/23 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •