CVE-2011-3818 – WordPress Core 2.9.2 and 3.0.4 - Sensitive Information Disclosure
https://notcve.org/view.php?id=CVE-2011-3818
WordPress 2.9.2 and 3.0.4 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by wp-admin/includes/user.php and certain other files. WordPress v2.9.2 y v3.0.4 permiten a atacantes remotos obtener información sensible a través de una petición directa a un archivo .php, lo que revela la ruta de instalación en un mensaje de error, como se demostró con wp-admin/includes/user.php y algunos otros archivos. • http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/wordpress_2.9.2 http://www.openwall.com/lists/oss-security/2011/06/27/6 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2010-5296 – WordPress Core < 3.0.2 - Missing Authorization
https://notcve.org/view.php?id=CVE-2010-5296
wp-includes/capabilities.php in WordPress before 3.0.2, when a Multisite configuration is used, does not require the Super Admin role for the delete_users capability, which allows remote authenticated administrators to bypass intended access restrictions via a delete action. wp-includes/capabilities.php en WordPress anterior a la versión 3.0.2, cuando se usa una configuración Multisite, no requiere el rol Super Admin para la capacidad delete_users, lo que permite a administradores remotos autenticados evadir restricciones de acceso intencionadas a través de una acción de eliminación. • http://codex.wordpress.org/Version_3.0.2 https://core.trac.wordpress.org/changeset/15562 • CWE-264: Permissions, Privileges, and Access Controls CWE-862: Missing Authorization •
CVE-2010-4536 – WordPress Core <= 3.0.3 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2010-4536
Multiple cross-site scripting (XSS) vulnerabilities in KSES, as used in WordPress before 3.0.4, allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) the & (ampersand) character, (2) the case of an attribute name, (3) a padded entity, and (4) an entity that is not in normalized form. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en KSES, como las utilizadas en WordPress antes de v3.0.4, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores relacionados con (1) & (carácter ampersand), (2) el caso de un nombre de atributo, (3) una entidad con relleno, y (4) una entidad que no está en forma normalizada. • http://core.trac.wordpress.org/changeset/17172/branches/3.0 http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053289.html http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053293.html http://secunia.com/advisories/42755 http://secunia.com/advisories/43000 http://wordpress.org/news/2010/12/3-0-4-update http://www.openwall.com/lists/oss-security/2010/12/30/1 http://www.securityfocus.com/bid/45620 http://www.vupen.com/english/advisories/ • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2010-5106 – WordPress Core < 3.0.3 - Access Control Bypass
https://notcve.org/view.php?id=CVE-2010-5106
The XML-RPC remote publishing interface in xmlrpc.php in WordPress before 3.0.3 does not properly check capabilities, which allows remote authenticated users to bypass intended access restrictions, and publish, edit, or delete posts, by leveraging the Author or Contributor role. La interfaz de publicación de XML-RPC remoto en xmlrpc.php en WordPress antes de v3.0.3 no realiza correctamente determinadas comprobaciones, lo que permite a usuarios remotos autenticados eludir restricciones de acceso, y publicar, editar o borrar mensajes, al aprovechar el rol de autor o colaborador. • http://codex.wordpress.org/Version_3.0.3 http://core.trac.wordpress.org/changeset/16803 http://openwall.com/lists/oss-security/2012/09/14/10 • CWE-264: Permissions, Privileges, and Access Controls CWE-284: Improper Access Control •
CVE-2010-5293 – WordPress Core < 3.0.2 - Spam Protection Bypass
https://notcve.org/view.php?id=CVE-2010-5293
wp-includes/comment.php in WordPress before 3.0.2 does not properly whitelist trackbacks and pingbacks in the blogroll, which allows remote attackers to bypass intended spam restrictions via a crafted URL, as demonstrated by a URL that triggers a substring match. wp-includes/comment.php en WordPress anterior a la versión 3.0.2 no incluye en lista blanca los trackbacks y pingbacks en el blogroll, lo que permite a atacantes remotos evadir restricciones de SPAM intencionadas mediante una URL manipulada, tal y como se demostró mediante una URL que genera una coincidencia de subcadena. • http://codex.wordpress.org/Version_3.0.2 https://core.trac.wordpress.org/changeset/16637 https://core.trac.wordpress.org/ticket/13887 • CWE-264: Permissions, Privileges, and Access Controls CWE-639: Authorization Bypass Through User-Controlled Key •