Page 40 of 197 results (0.008 seconds)

CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 1

CVE-2010-0682 – WordPress Core < 2.9.2 - Authorization Bypass

https://notcve.org/view.php?id=CVE-2010-0682

WordPress 2.9 before 2.9.2 allows remote authenticated users to read trash posts from other authors via a direct request with a modified p parameter. WordPress v2.9 anterior a v2.9.2, permite a usuarios autenticados remotamente leer mensajes eliminados de otros autores a través de una petición directa con una modificación en el parámetro "p". • https://www.exploit-db.com/exploits/11441 http://hakre.wordpress.com/2010/02/16/the-short-memory-of-wordpress-org-security http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052917.html http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052932.html http://secunia.com/advisories/38592 http://secunia.com/advisories/42871 http://tmacuk.co.uk/?p=180 http://wordpress.org/development/2010/02/wordpress-2-9-2 http://www.osvdb.org/62330 https: • CWE-264: Permissions, Privileges, and Access Controls CWE-639: Authorization Bypass Through User-Controlled Key •

CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0

CVE-2011-0700 – WordPress Core <= 3.0.4 - Cross-Site Scripting

https://notcve.org/view.php?id=CVE-2011-0700

Multiple cross-site scripting (XSS) vulnerabilities in WordPress before 3.0.5 allow remote authenticated users to inject arbitrary web script or HTML via vectors related to (1) the Quick/Bulk Edit title (aka post title or post_title), (2) post_status, (3) comment_status, (4) ping_status, and (5) escaping of tags within the tags meta box. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en Wordpress en versiones anteriores a v3.0.5, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro (1) Quick/Bulk Edit title (también conocido como post title or post_title), (2) post_status, (3) comment_status, (4) ping_status, y (5)saliendo de tags sin usar tags meta box . • http://codex.wordpress.org/Version_3.0.5 http://core.trac.wordpress.org/changeset/17397 http://core.trac.wordpress.org/changeset/17401 http://core.trac.wordpress.org/changeset/17406 http://core.trac.wordpress.org/changeset/17412 http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056412.html http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056998.html http://lists.fedoraproject.org/pipermail/package-announce/2011-March/057003.html http://openwall.com/lists&#x • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •