CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2007-3240 – Vistered Little (Unspecified Version) - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2007-3240
Cross-site scripting (XSS) vulnerability in 404.php in the Vistered-Little theme for WordPress allows remote attackers to inject arbitrary web script or HTML via the URI (REQUEST_URI) that accesses index.php. NOTE: this can be leveraged for PHP code execution in an administrative session. Vulnerabilidad de secuencia de comandos en sitios cruzados (XSS) en 404.php en el tema Vistered-Little para WordPress permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del URI(REQUEST_URI) que accede a index.php. NOTA: Esto puede ser aprovechado para ejecutar código PHP en una sesión administrativa. The Vistered Little theme for WordPress is vulnerable to Reflected Cross-Site Scripting via the the URI (REQUEST_URI) that accesses index.php in all known versions due to insufficient input sanitization and output escaping. • http://osvdb.org/37441 http://securityreason.com/securityalert/2807 http://www.securityfocus.com/archive/1/470837/100/0/threaded http://www.xssnews.com • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 9%CPEs: 1EXPL: 1CVE-2007-3140 – WordPress Core <= 2.2 - SQL Injection
https://notcve.org/view.php?id=CVE-2007-3140
SQL injection vulnerability in xmlrpc.php in WordPress 2.2 allows remote authenticated users to execute arbitrary SQL commands via a parameter value in an XML RPC wp.suggestCategories methodCall, a different vector than CVE-2007-1897. Vulnerabilidad de inyección SQL en xmlrpc.php de WordPress 2.2 permite a usuarios remotos autenticados ejecutar comandos SQL de su elección a través de un valor de parámetro en una llamada de método XML RPC wp.suggestCategories, vector distinto de CVE-2007-1897. • https://www.exploit-db.com/exploits/4039 http://osvdb.org/36321 http://secunia.com/advisories/25552 http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.021.html http://www.securityfocus.com/bid/24344 http://www.vupen.com/english/advisories/2007/2099 https://exchange.xforce.ibmcloud.com/vulnerabilities/34746 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 3%CPEs: 1EXPL: 0CVE-2007-3239 – AndyBlue Theme < 1.5 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2007-3239
Cross-site scripting (XSS) vulnerability in searchform.php in the AndyBlue theme before 20070607 for WordPress allows remote attackers to inject arbitrary web script or HTML via the PHP_SELF portion of a URI to index.php. NOTE: this can be leveraged for PHP code execution in an administrative session. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en searchform.php en el tema AndyBlue versiones anteriores a 20070607 para WordPress permite a atacantes remotos inyectar scripts web o HTML de su elección mediante la porción de un URI, PHP_SELF en idex.php. NOTA. Esto puede ser aprovechado para ejecutar código PHP en una sesión administrativa. Cross-site scripting (XSS) vulnerability in searchform.php in the AndyBlue theme before 1.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the PHP_SELF portion of a URI to index.php. • http://osvdb.org/36379 http://secunia.com/advisories/25659 http://securityreason.com/securityalert/2807 http://www.securityfocus.com/archive/1/470837/100/0/threaded http://www.securityfocus.com/bid/24490 http://www.xssnews.com • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 3%CPEs: 12EXPL: 0CVE-2007-1894 – WordPress Core <= 2.1.2 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2007-1894
Cross-site scripting (XSS) vulnerability in wp-includes/general-template.php in WordPress before 20070309 allows remote attackers to inject arbitrary web script or HTML via the year parameter in the wp_title function. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en wp-includes/general-template.php de WordPress anterior a 09/03/2007 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través del parámetro year en la función wp_title. • http://chxsecurity.org/advisories/adv-1-mid.txt http://secunia.com/advisories/24485 http://secunia.com/advisories/25108 http://securityreason.com/securityalert/2526 http://trac.wordpress.org/changeset/5003 http://trac.wordpress.org/ticket/4093 http://www.debian.org/security/2007/dsa-1285 http://www.securityfocus.com/archive/1/462374/100/0/threaded http://www.securityfocus.com/bid/22902 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2011-0700 – WordPress Core <= 3.0.4 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2011-0700
Multiple cross-site scripting (XSS) vulnerabilities in WordPress before 3.0.5 allow remote authenticated users to inject arbitrary web script or HTML via vectors related to (1) the Quick/Bulk Edit title (aka post title or post_title), (2) post_status, (3) comment_status, (4) ping_status, and (5) escaping of tags within the tags meta box. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en Wordpress en versiones anteriores a v3.0.5, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro (1) Quick/Bulk Edit title (también conocido como post title or post_title), (2) post_status, (3) comment_status, (4) ping_status, y (5)saliendo de tags sin usar tags meta box . • http://codex.wordpress.org/Version_3.0.5 http://core.trac.wordpress.org/changeset/17397 http://core.trac.wordpress.org/changeset/17401 http://core.trac.wordpress.org/changeset/17406 http://core.trac.wordpress.org/changeset/17412 http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056412.html http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056998.html http://lists.fedoraproject.org/pipermail/package-announce/2011-March/057003.html http://openwall.com/lists&#x • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •