CVSS: 9.8EPSS: 0%CPEs: 7EXPL: 1CVE-2011-4669 – WordPress Users <= 1.3 - SQL Injection
https://notcve.org/view.php?id=CVE-2011-4669
SQL injection vulnerability in wp-users.php in WordPress Users plugin 1.3 and possibly earlier for WordPress allows remote attackers to execute arbitrary SQL commands via the uid parameter to index.php. Vulnerabilidad de inyección SQL en wp-users.php de WordPress Users plugin v1.3 y posiblemente anterior para WordPress permite a atacantes remotos ejecutar comandos SQL a través del parámetro index.php. • http://plugins.trac.wordpress.org/changeset/448261/wordpress-users http://secunia.com/advisories/46442 http://wordpress.org/extend/plugins/wordpress-users http://www.securityfocus.com/bid/50174 https://exchange.xforce.ibmcloud.com/vulnerabilities/70683 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 22EXPL: 2CVE-2011-3860 – Cover WP <= 1.6.5 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2011-3860
Cross-site scripting (XSS) vulnerability in the Cover WP theme before 1.6.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter. vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en el tema Cover WP anteriores a v1.6.6 para WordPress, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro s. • https://www.exploit-db.com/exploits/36183 http://www.securityfocus.com/bid/50334 https://sitewat.ch/en/Advisories/18 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 2CVE-2011-3865 – Black-Letterhead <= 1.5 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2011-3865
Cross-site scripting (XSS) vulnerability in the Black-LetterHead theme before 1.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php. vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en el tema Black-LetterHead anterior a v1.6 para WordPress, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de PATH_INFO sobre index.php. • https://www.exploit-db.com/exploits/36187 https://sitewat.ch/en/Advisories/24 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 19EXPL: 1CVE-2011-3864 – The Erudite <= 2.7.8 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2011-3864
Cross-site scripting (XSS) vulnerability in the The Erudite theme before 2.7.9 for WordPress allows remote attackers to inject arbitrary web script or HTML via the cpage parameter. vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en el tema The Erudite anteriores a v2.7.9 para WordPress, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro cpage. Cross-site scripting (XSS) vulnerability in the The Erudite theme before 2.8 for WordPress allows remote attackers to inject arbitrary web script or HTML via the cpage parameter. • https://sitewat.ch/en/Advisories/23 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 26EXPL: 1CVE-2011-3854 – ZenLite <= 4.3 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2011-3854
Cross-site scripting (XSS) vulnerability in the ZenLite theme before 4.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter. vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en el tema ZenLite anteriores a v4.4 para WordPress, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro s. • http://secunia.com/advisories/46296 https://sitewat.ch/en/Advisories/12 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •