CVSS: 6.1EPSS: 18%CPEs: 101EXPL: 5CVE-2009-2334 – WordPress Core <= 2.8 - Sensitive Information Disclosure
https://notcve.org/view.php?id=CVE-2009-2334
wp-admin/admin.php in WordPress and WordPress MU before 2.8.1 does not require administrative authentication to access the configuration of a plugin, which allows remote attackers to specify a configuration file in the page parameter to obtain sensitive information or modify this file, as demonstrated by the (1) collapsing-archives/options.txt, (2) akismet/readme.txt, (3) related-ways-to-take-action/options.php, (4) wp-security-scan/securityscan.php, and (5) wp-ids/ids-admin.php files. NOTE: this can be leveraged for cross-site scripting (XSS) and denial of service. wp-admin/admin.php en WordPress y WordPress MU antes de v2.8.1 no requiere autenticación administrativa para acceder a la configuración de un plugin, lo cual permite a atacantes remotos especificar un archivo de configuración en la página de parámetros para obtener información sensible o modificar este archivo, como se demostró por los ficheros (1) collapsing-archives/options.txt, (2) akismet/readme.txt, (3) related-ways-to-take-action/options.php, (4) wp-security-scan/securityscan.php, y (5) wp-ids/ids-admin.php. NOTA: esto puede ser aprovechados para vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) y denegación de servicio. • https://www.exploit-db.com/exploits/9110 http://corelabs.coresecurity.com/index.php?action=view&type=advisory&name=WordPress_Privileges_Unchecked http://securitytracker.com/id?1022528 http://wordpress.org/development/2009/07/wordpress-2-8-1 http://www.debian.org/security/2009/dsa-1871 http://www.exploit-db.com/exploits/9110 http://www.osvdb.org/55712 http://www.osvdb.org/55715 http://www.securityfocus.com/archive/1/504795/100/0/threaded http://www.securityfocus.com/bid/ • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-287: Improper Authentication •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 2CVE-2009-2336 – WordPress Core & WordPress MU < 2.8.1 - Username Enumeration
https://notcve.org/view.php?id=CVE-2009-2336
The forgotten mail interface in WordPress and WordPress MU before 2.8.1 exhibits different behavior for a password request depending on whether the user account exists, which allows remote attackers to enumerate valid usernames. NOTE: the vendor reportedly disputes the significance of this issue, indicating that the behavior exists for "user convenience." El interfaz de correo olvidado en WordPress y WordPress MU anterior a v2.8.1 muestra diferentes comportamientos para una petición de contraseña dependiendo de si existe la cuenta de usuario, lo cual permite a atacantes remotos enumerar los nombres de usuario válidos. NOTA: el fabricante informa cuestionando la importancia de esta incidencia,indicando que este comportamiendo se da por conveniencia para el usuario. • http://corelabs.coresecurity.com/index.php?action=view&type=advisory&name=WordPress_Privileges_Unchecked http://securitytracker.com/id?1022528 http://www.exploit-db.com/exploits/9110 http://www.osvdb.org/55714 http://www.securityfocus.com/archive/1/504795/100/0/threaded http://www.securityfocus.com/bid/35581 http://www.vupen.com/english/advisories/2009/1833 https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00597.html https://www.redhat.com/archives/fedora-package-an • CWE-16: Configuration CWE-203: Observable Discrepancy •
CVSS: 5.3EPSS: 96%CPEs: 2EXPL: 3CVE-2009-2335 – WordPress Core & WordPress MU < 2.8.1 - Username Enumeration
https://notcve.org/view.php?id=CVE-2009-2335
WordPress and WordPress MU before 2.8.1 exhibit different behavior for a failed login attempt depending on whether the user account exists, which allows remote attackers to enumerate valid usernames. NOTE: the vendor reportedly disputes the significance of this issue, indicating that the behavior exists for "user convenience." WordPress y WordPress MU anterior a v2.8.1 expone un comportamiento diferente para un intento fallido de acceso en función de si existe la cuenta de usuario, lo cual permite a atacantes remotos enumerar nombres de usuario válidos. NOTA: el proveedor informa de que cuestiona la importancia de esta incidencia, indicando que el comportamiento existe para conveniencia del usuario. • https://www.exploit-db.com/exploits/17702 http://corelabs.coresecurity.com/index.php?action=view&type=advisory&name=WordPress_Privileges_Unchecked http://securitytracker.com/id?1022528 http://www.exploit-db.com/exploits/9110 http://www.osvdb.org/55713 http://www.securityfocus.com/archive/1/504795/100/0/threaded http://www.securityfocus.com/bid/35581 http://www.vupen.com/english/advisories/2009/1833 https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00597.html https&# • CWE-16: Configuration CWE-204: Observable Response Discrepancy •
CVSS: 6.4EPSS: 0%CPEs: 26EXPL: 1CVE-2009-1030 – WordPress MU < 2.7 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2009-1030
Cross-site scripting (XSS) vulnerability in the choose_primary_blog function in wp-includes/wpmu-functions.php in WordPress MU (WPMU) before 2.7 allows remote attackers to inject arbitrary web script or HTML via the HTTP Host header. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en la función choose_primary_blog en wp-includes/wpmu-functions.php en WordPress MU (WPMU) anterior a v2.7 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través de la cabecera HTTP Host. • https://www.exploit-db.com/exploits/8196 http://marc.info/?l=bugtraq&m=126996727024732&w=2 http://www.securityfocus.com/archive/1/501667/100/0/threaded http://www.securityfocus.com/bid/34075 http://www.securitytracker.com/id?1021838 https://exchange.xforce.ibmcloud.com/vulnerabilities/49184 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.2EPSS: 51%CPEs: 74EXPL: 1CVE-2008-5278 – WordPress Core < 2.6.5 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2008-5278
Cross-site scripting (XSS) vulnerability in the self_link function in in the RSS Feed Generator (wp-includes/feed.php) for WordPress before 2.6.5 allows remote attackers to inject arbitrary web script or HTML via the Host header (HTTP_HOST variable). Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en la función self_link en el RSS Feed Generator (wp-includes/feed.php) para WordPress versiones anteriores a v2.6.5 permite a atacantes remotos inyectar web script o HTML de su elección a través de una cabecera Host (variable HTTP_HOST). • http://osvdb.org/50214 http://secunia.com/advisories/32882 http://secunia.com/advisories/32966 http://securityreason.com/securityalert/4662 http://wordpress.org/development/2008/11/wordpress-265 http://www.securityfocus.com/archive/1/498652 http://www.securityfocus.com/bid/32476 https://exchange.xforce.ibmcloud.com/vulnerabilities/46882 https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00000.html https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •