CVE-2008-5695 – WordPress Core < 2.3.3 & WordPress MU < 1.3.2 - Remote Code Execution
https://notcve.org/view.php?id=CVE-2008-5695
wp-admin/options.php in WordPress MU before 1.3.2, and WordPress 2.3.2 and earlier, does not properly validate requests to update an option, which allows remote authenticated users with manage_options and upload_files capabilities to execute arbitrary code by uploading a PHP script and adding this script's pathname to active_plugins. wp-admin/options.php en versiones de WordPress MU anteriores a la 1.3.2, y WordPress 2.3.2 y anteriores, no valida las solicitudes de actualización de una opción, lo que permite a usuarios remotos que tengan las capacidades manage_options y upload_files y esten autenticados, ejecutar código arbitrario subiendo un Script PHP y añadiendo la ruta de este script a los plugins activos. • https://www.exploit-db.com/exploits/5066 http://mu.wordpress.org/forums/topic.php?id=7534&page&replies=1 http://secunia.com/advisories/28789 http://securityreason.com/securityalert/4798 http://www.buayacorp.com/files/wordpress/wordpress-mu-options-overwrite.html http://www.buayacorp.com/files/wordpress/wp-blog-option-overwrite.txt http://www.securityfocus.com/bid/27633 • CWE-20: Improper Input Validation CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2008-2146 – WordPress Core < 2.2.3 - Restriction Bypass
https://notcve.org/view.php?id=CVE-2008-2146
wp-includes/vars.php in Wordpress before 2.2.3 does not properly extract the current path from the PATH_INFO ($PHP_SELF), which allows remote attackers to bypass intended access restrictions for certain pages. El archivo wp-incluye/vars.php en Wordpress versiones anteriores a 2.2.3, no extrae apropiadamente la ruta (path) actual del PATH_INFO ($PHP_SELF), que permite a atacantes remotos omitir las restricciones de acceso previstas para ciertas páginas. • http://osvdb.org/45188 http://trac.wordpress.org/changeset/6029 http://trac.wordpress.org/changeset?old_path=tags%2F2.2.2&old=6063&new_path=tags%2F2.2.3&new=6063#file10 http://trac.wordpress.org/ticket/4748 https://exchange.xforce.ibmcloud.com/vulnerabilities/42379 • CWE-264: Permissions, Privileges, and Access Controls CWE-284: Improper Access Control •
CVE-2007-4893 – WordPress Core <= 2.2.2 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2007-4893
wp-admin/admin-functions.php in Wordpress before 2.2.3 and Wordpress multi-user (MU) before 1.2.5a does not properly verify the unfiltered_html privilege, which allows remote attackers to conduct cross-site scripting (XSS) attacks via modified data to (1) post.php or (2) page.php with a no_filter field. wp-admin/admin-functions.php de Wordpress versiones anteriores a 2.2.3 y Wordpress multi-user (MU) versiones anteriores a 1.2.5a no verifican apropiadamente el privilegio unfiltered_html, lo cual permite a atacantes remotos conducir ataques de secuencias de comandos en sitios cruzados (XSS) mediante datos modificados en (1) post.php ó (2) page.php con un campo no filtrado. • http://fedoranews.org/updates/FEDORA-2007-214.shtml http://secunia.com/advisories/26771 http://secunia.com/advisories/26796 http://trac.wordpress.org/ticket/4720 http://wordpress.org/development/2007/09/wordpress-223 http://www.securityfocus.com/bid/25639 http://www.vupen.com/english/advisories/2007/3132 https://bugzilla.redhat.com/show_bug.cgi?id=285831 https://exchange.xforce.ibmcloud.com/vulnerabilities/36576 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2007-3639 – WordPress Core < 2.2.2 - Open Redirect
https://notcve.org/view.php?id=CVE-2007-3639
WordPress before 2.2.2 allows remote attackers to redirect visitors to other websites and potentially obtain sensitive information via (1) the _wp_http_referer parameter to wp-pass.php, related to the wp_get_referer function in wp-includes/functions.php; and possibly other vectors related to (2) wp-includes/pluggable.php and (3) the wp_nonce_ays function in wp-includes/functions.php. WordPress anterior a 2.2.2 permite a atacantes remotos redireccionar a los vistantes a otros sitios web y potencialmente obtener información sensible a través del parámetro (1) the _wp_http_referer en wp-pass.php, relacionado con la función wp_get_referer en wp-includes/functions.php; y posiblemente otros vectores relacionados en (2) wp-includes/pluggable.php y (3) la función wp_nonce_ays en wp-includes/functions.php. • http://osvdb.org/40802 http://secunia.com/advisories/30013 http://securityreason.com/securityalert/2869 http://www.debian.org/security/2008/dsa-1564 http://www.securityfocus.com/archive/1/472885/100/0/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/35272 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVE-2007-3544 – WordPress Core <= 2.2.1 - Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2007-3544
Unrestricted file upload vulnerability in (1) wp-app.php and (2) app.php in WordPress 2.2.1 and WordPress MU 1.2.3 allows remote authenticated users to upload and execute arbitrary PHP code via unspecified vectors, possibly related to the wp_postmeta table and the use of custom fields in normal (non-attachment) posts. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2007-3543. Vulnerabilidad e envío de archivo no restringido en (1) wp-app.php y (2) app.php de WordPresss 2.2.1 y WordPresss MU 1.2.3 permite a usuarios autenticados remotamente enviar y ejecutar código PHP de su elección a través de vectores no especificados, posiblemente relacionados con la tabla wp_postmeta y el uso de campos personalizados en anotaciones (posts) normales (sin adjuntos). • http://osvdb.org/37294 http://www.buayacorp.com/files/wordpress/wordpress-advisory.html • CWE-434: Unrestricted Upload of File with Dangerous Type •