CVSS: 6.5EPSS: 0%CPEs: 18EXPL: 0CVE-2012-6633 – WordPress Core <= 3.3.2 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2012-6633
27 Jun 2012 — Cross-site scripting (XSS) vulnerability in wp-includes/default-filters.php in WordPress before 3.3.3 allows remote attackers to inject arbitrary web script or HTML via an editable slug field. Vulnerabilidad de Cross-site scripting (XSS) en wp-includes/default-filters.php en WordPress antes de 3.3.3 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de un campo slug editable. • http://codex.wordpress.org/Version_3.3.3 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 18EXPL: 0CVE-2012-6634 – WordPress Core <= 3.3.2 - Sensitive Information Disclosure
https://notcve.org/view.php?id=CVE-2012-6634
27 Jun 2012 — wp-admin/media-upload.php in WordPress before 3.3.3 allows remote attackers to obtain sensitive information or bypass intended media-attachment restrictions via a post_id value. wp-admin/media-upload.php en WordPress anterior a 3.3.3 permite a atacantes remotos obtener información sensible o de evitar restricciones de medios adjuntos a través de un valor post_id. • http://codex.wordpress.org/Version_3.3.3 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.3EPSS: 0%CPEs: 18EXPL: 0CVE-2012-6635 – WordPress Core <= 3.3.2 - Sensitive Information Disclosure
https://notcve.org/view.php?id=CVE-2012-6635
27 Jun 2012 — wp-admin/includes/class-wp-posts-list-table.php in WordPress before 3.3.3 does not properly restrict excerpt-view access, which allows remote authenticated users to obtain sensitive information by visiting a draft. wp-admin/includes/class-wp-posts-list-table.php en WordPress anterior a 3.3.3 no restringe adecuadamente el accesso a la vista-resumen (excerpt-view) lo que permite a los usuarios remotos autenticados obtener información sensible al visitar un proyecto. • http://codex.wordpress.org/Version_3.3.3 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2012-6707 – WordPress Core - Informational < 6.8 - Weak Hashing Algorithm
https://notcve.org/view.php?id=CVE-2012-6707
20 Jun 2012 — WordPress through 4.8.2 uses a weak MD5-based password hashing algorithm, which makes it easier for attackers to determine cleartext values by leveraging access to the hash values. NOTE: the approach to changing this may not be fully compatible with certain use cases, such as migration of a WordPress site from a web host that uses a recent PHP version to a different web host that uses PHP 5.2. These use cases are plausible (but very unlikely) based on statistics showing widespread deployment of WordPress wi... • https://core.trac.wordpress.org/ticket/21022 • CWE-261: Weak Encoding for Password CWE-326: Inadequate Encryption Strength •
CVSS: 10.0EPSS: 43%CPEs: 2EXPL: 3CVE-2012-3575 – RBX Gallery < 3.1 - Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2012-3575
08 Jun 2012 — Unrestricted file upload vulnerability in uploader.php in the RBX Gallery plugin 2.1 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in uploads/rbxslider. Vulnerabilidad de subida de fichero sin restricción en uploader.php del complemento RBX Gallery 2.1 de WordPress. Permite a usuarios remotos ejecutar código arbitrario subiendo un archivo con una extensión de ejecutable y, después, accedien... • https://www.exploit-db.com/exploits/19019 • CWE-264: Permissions, Privileges, and Access Controls CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 6.1EPSS: 0%CPEs: 8EXPL: 0CVE-2012-2633 – WassUp Real Time Analytics < 1.8.3.1 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2012-2633
06 Jun 2012 — Cross-site scripting (XSS) vulnerability in wassup.php in the WassUp plugin before 1.8.3.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the User-Agent HTTP header. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el complemento WassUp anteriores a 1.8.3.1 de WordPress permite a atacantes remotos inyectar codigo de script web o código HTML de su elección a través de una cabecera HTTP User-Agent. • http://jvn.jp/en/jp/JVN15646988/index.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 17%CPEs: 2EXPL: 4CVE-2012-3578 – FCChat Widget < 2.2.13.7 - Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2012-3578
06 Jun 2012 — Unrestricted file upload vulnerability in html/Upload.php in the FCChat Widget plugin 2.2.13.1 and earlier for WordPress allows remote attackers to execute arbitrary code by uploading a file with a file with an executable extension followed by a safe extension, then accessing it via a direct request to the file in html/images. Vulnerabilidad de carga de fichero sin restriciciones en html/Upload.php en el widget del plugin FCChat v2.2.13.1 y anteriores para Wordpress que permite a atacantes remotos ejecutar ... • https://www.exploit-db.com/exploits/37370 • CWE-264: Permissions, Privileges, and Access Controls CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.8EPSS: 21%CPEs: 3EXPL: 4CVE-2012-3574 – MM Forms Community <= 2.2.6 - Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2012-3574
06 Jun 2012 — Unrestricted file upload vulnerability in includes/doajaxfileupload.php in the MM Forms Community plugin 2.2.5 and 2.2.6 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in upload/temp. Vulnerabilidad de subida de fichero sin restricción en includes/doajaxfileupload.php del complemento MM Forms Community 2.2.5 y 2.2.6 de WordPress. Permite a usuarios remotos ejecutar código arbitrario subiendo... • https://www.exploit-db.com/exploits/18997 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.8EPSS: 25%CPEs: 4EXPL: 4CVE-2012-3577 – Nmedia WordPress Member Conversation < 1.4 - Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2012-3577
05 Jun 2012 — Unrestricted file upload vulnerability in doupload.php in the Nmedia Member Conversation plugin before 1.4 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in wp-content/uploads/user_uploads. Vulnerabilidad de carba de archivo sin restricciones en doupload.php en el plugin Nmedia Member Conversation antes de v1.4 para WordPress que permite a atacantes remotos ejecutar código arbitrario mediant... • https://www.exploit-db.com/exploits/37353 • CWE-264: Permissions, Privileges, and Access Controls CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 7.5EPSS: 17%CPEs: 2EXPL: 3CVE-2012-3588 – Plugin: Newsletter <= 1.5 - Arbitrary File Read
https://notcve.org/view.php?id=CVE-2012-3588
31 May 2012 — Directory traversal vulnerability in preview.php in the Plugin Newsletter plugin 1.5 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the data parameter. Vulnerabilidad de salto de directorio en preview.php en el complemento Plugin Newsletter v1.5 para WordPress, permite a atacantes remotos leer archivos de su elección a través de .. (punto punto) en el parámetro data. • https://www.exploit-db.com/exploits/19018 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •