CVSS: 6.4EPSS: 0%CPEs: 2EXPL: 1CVE-2012-0287 – WordPress Core <= 3.3 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2012-0287
Cross-site scripting (XSS) vulnerability in wp-comments-post.php in WordPress 3.3.x before 3.3.1, when Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via the query string in a POST operation that is not properly handled by the "Duplicate comment detected" feature. Una vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en wp-comments-post.php en WordPress v3.3.x antes de v3.3.1, cuando se utiliza Internet Explorer, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de la query string en una operación POST que no correctamente manejada por la característica "comentario duplicado detectado". • http://oldmanlab.blogspot.com/2012/01/wordpress-33-xss-vulnerability.html http://www.securityfocus.com/bid/51237 http://www.securitytracker.com/id?1026542 https://wordpress.org/news/2012/01/wordpress-3-3-1 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 0CVE-2011-3122 – WordPress Core < 3.1.3 - Media Related Security Issue
https://notcve.org/view.php?id=CVE-2011-3122
Unspecified vulnerability in WordPress 3.1 before 3.1.3 and 3.2 before Beta 2 has unknown impact and attack vectors related to "Media security." Vulnerabilidad sin especificar en WordPress 3.1 anteriores a 3.1.3 y 3.2 anteriores a Beta 2 tiene un impacto sin especificar y vectores de ataque relacionados con "Media security". • http://secunia.com/advisories/49138 http://wordpress.org/news/2011/05/wordpress-3-1-3 http://www.debian.org/security/2012/dsa-2470 http://www.securityfocus.com/bid/47995 https://exchange.xforce.ibmcloud.com/vulnerabilities/69175 • CWE-862: Missing Authorization •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 0CVE-2011-3125 – WordPress Core < 3.1.3 - Security Hardening
https://notcve.org/view.php?id=CVE-2011-3125
Unspecified vulnerability in WordPress 3.1 before 3.1.3 and 3.2 before Beta 2 has unknown impact and attack vectors related to "Various security hardening." Vulnerabilidad no especificada en WordPress v3.1 anterior a v3.1.3 y 3.2 anterior a Beta 2 tiene un impacto y vectores de ataque desconocidos relacionados con "Varios robustecimientos de la seguridad". • http://secunia.com/advisories/49138 http://wordpress.org/news/2011/05/wordpress-3-1-3 http://www.debian.org/security/2012/dsa-2470 https://exchange.xforce.ibmcloud.com/vulnerabilities/69174 • CWE-20: Improper Input Validation •
CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0CVE-2011-3126 – WordPress Core < 3.1.3 - Username Enumeration
https://notcve.org/view.php?id=CVE-2011-3126
WordPress 3.1 before 3.1.3 and 3.2 before Beta 2 allows remote attackers to determine usernames of non-authors via canonical redirects. WordPress 3.1 anteriores a 3.1.3 y 3.2 anteriores a Beta 2 permite a atacantes remotos determinar nombres de usuario de no-autores a través de redirecciones "canonical". • http://secunia.com/advisories/49138 http://wordpress.org/news/2011/05/wordpress-3-1-3 http://www.debian.org/security/2012/dsa-2470 http://www.securityfocus.com/bid/47995 https://exchange.xforce.ibmcloud.com/vulnerabilities/69173 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-204: Observable Response Discrepancy •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2011-3127 – WordPress Core < 3.1.3 - Clickjacking
https://notcve.org/view.php?id=CVE-2011-3127
WordPress 3.1 before 3.1.3 and 3.2 before Beta 2 does not prevent rendering for (1) admin or (2) login pages inside a frame in a third-party HTML document, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site. WordPress v3.1 anterior a 3.1.3 y v3.2 anterior a Beta 2, no previene adecuadamente el renderizado de las páginas (1) admin o (2) login dentro de un marco en un documento HTML de terceras partes, esto facilita a los atacantes remotos realizar ataques de clickjacking a través de un sitio web manipulado. • http://secunia.com/advisories/49138 http://wordpress.org/news/2011/05/wordpress-3-1-3 http://www.debian.org/security/2012/dsa-2470 http://www.securityfocus.com/bid/47995 https://exchange.xforce.ibmcloud.com/vulnerabilities/69172 • CWE-20: Improper Input Validation CWE-1021: Improper Restriction of Rendered UI Layers or Frames •