CVSS: 5.0EPSS: 0%CPEs: 4EXPL: 0CVE-2011-3128 – WordPress Core < 3.1.3 - Sensitive Information Disclosure
https://notcve.org/view.php?id=CVE-2011-3128
WordPress 3.1 before 3.1.3 and 3.2 before Beta 2 treats unattached attachments as published, which might allow remote attackers to obtain sensitive data via vectors related to wp-includes/post.php. WordPress 3.1 anteriores a 3.1.3 y 3.2 anteriores a Beta 2 trata los archivos adjuntos "unattached" como publicados, lo que puede permitir a atacantes remotos obtener información confidencial a través de vectores de ataque relacionados con wp-includes/post.php. • http://core.trac.wordpress.org/changeset/18023/branches/3.1 http://secunia.com/advisories/49138 http://wordpress.org/news/2011/05/wordpress-3-1-3 http://www.debian.org/security/2012/dsa-2470 http://www.securityfocus.com/bid/47995 https://exchange.xforce.ibmcloud.com/vulnerabilities/69171 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.3EPSS: 0%CPEs: 4EXPL: 0CVE-2011-3129 – WordPress Core <= 3.1.2 - Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2011-3129
The file upload functionality in WordPress 3.1 before 3.1.3 and 3.2 before Beta 2, when running "on hosts with dangerous security settings," has unknown impact and attack vectors, possibly related to dangerous filenames. La funcionalidad de subida de archivo en WordPress 3.1 en versiones anteriores a 3.1.3 y 3.2 en versiones anteriores a Beta 2, cuando se ejecuta "en hosts con ajustes de seguridad peligrosos", tiene un impacto y vectores de ataque desconocidos, posiblemente relacionado con nombres de archivos peligrosos. • http://secunia.com/advisories/49138 http://wordpress.org/news/2011/05/wordpress-3-1-3 http://www.debian.org/security/2012/dsa-2470 http://www.securityfocus.com/bid/47995 • CWE-264: Permissions, Privileges, and Access Controls CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2011-3130 – WordPress Core <= 3.1.2 - SQL Injection
https://notcve.org/view.php?id=CVE-2011-3130
wp-includes/taxonomy.php in WordPress 3.1 before 3.1.3 and 3.2 before Beta 2 has unknown impact and attack vectors related to "Taxonomy query hardening," possibly involving SQL injection. wp-includes/taxonomy.php de WordPress 3.1 anteriores a la versión 3.1.3 y 3.2 anteriores a Beta 2 tiene un impacto desconocido y vectores de ataque relacionados con "Taxonomy query hardening", posiblemente involucrando inyección SQL. • http://secunia.com/advisories/49138 http://wordpress.org/news/2011/05/wordpress-3-1-3 http://www.debian.org/security/2012/dsa-2470 http://www.securityfocus.com/bid/47995 https://exchange.xforce.ibmcloud.com/vulnerabilities/69169 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2011-1762 – WordPress Core < 3.1.2 - Incorrect Authorization for Contributor-level users
https://notcve.org/view.php?id=CVE-2011-1762
A flaw exists in Wordpress related to the 'wp-admin/press-this.php 'script improperly checking user permissions when publishing posts. This may allow a user with 'Contributor-level' privileges to post as if they had 'publish_posts' permission. Se presenta un fallo en Wordpress relacionado con el script "wp-admin/press-this.php" que comprueba incorrectamente los permisos de usuario cuando son publicados posts. Esto puede permitir que un usuario con privilegios de tipo "Contributor-level" publique como si tuviera permiso "publish_posts" • https://wordpress.org/support/wordpress-version/version-3-1-2 • CWE-276: Incorrect Default Permissions CWE-284: Improper Access Control •
CVSS: 6.3EPSS: 0%CPEs: 6EXPL: 1CVE-2011-5270 – WordPress Core < 3.0.6 - Incorrect Authorization Checks
https://notcve.org/view.php?id=CVE-2011-5270
wp-admin/press-this.php in WordPress before 3.0.6 does not enforce the publish_posts capability requirement, which allows remote authenticated users to perform publish actions by leveraging the Contributor role. wp-admin/press-this.php en WordPress anterior a la versión 3.0.6 no cumple los requisitos de capacidad publish_posts, lo que permite a usuarios remotos autenticados realizar acciones de publicación mediante el aprovechamiento del rol de Contributor. • http://codex.wordpress.org/Version_3.0.6 https://core.trac.wordpress.org/changeset/17710 • CWE-264: Permissions, Privileges, and Access Controls CWE-285: Improper Authorization •