Page 48 of 259 results (0.012 seconds)

CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 3

SQL injection vulnerability in wp-admin/admin-ajax.php in WordPress before 2.2 allows remote attackers to execute arbitrary SQL commands via the cookie parameter. Vulnerabilidad de inyección SQL en wp-admin/admin-ajax.php en WordPress anterior a 2.2 permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro cookie. • https://www.exploit-db.com/exploits/3960 http://osvdb.org/36311 http://secunia.com/advisories/25345 http://secunia.com/advisories/29014 http://www.debian.org/security/2008/dsa-1502 http://www.exploit-db.com/exploits/3960 http://www.securityfocus.com/archive/1/469258/100/0/threaded http://www.securityfocus.com/bid/24076 http://www.vupen.com/english/advisories/2007/1889 http://www.waraxe.us/advisory-50.html https://exchange.xforce.ibmcloud.com/vulnerabilities/34399 •

CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0

xmlrpc (xmlrpc.php) in WordPress 2.1.2, and probably earlier, allows remote authenticated users with the contributor role to bypass intended access restrictions and invoke the publish_posts functionality, which can be used to "publish a previously saved post." xmlrpc (xmlrpc.php) en WordPress versión 2.1.2, y probablemente anteriores, permite a usuarios autenticados remotos con el rol de colaborador omitir las restricciones de acceso previstas e invocar la funcionalidad publish_posts, que puede ser usada para "publish a previously saved post”. • http://secunia.com/advisories/24751 http://secunia.com/advisories/25108 http://trac.wordpress.org/ticket/4091 http://www.debian.org/security/2007/dsa-1285 http://www.notsosecure.com/folder2/2007/04/03/wordpress-212-xmlrpc-security-issues http://www.vupen.com/english/advisories/2007/1245 https://exchange.xforce.ibmcloud.com/vulnerabilities/33470 • CWE-264: Permissions, Privileges, and Access Controls CWE-285: Improper Authorization •

CVSS: 8.8EPSS: 1%CPEs: 3EXPL: 3

SQL injection vulnerability in xmlrpc (xmlrpc.php) in WordPress 2.1.2, and probably earlier, allows remote authenticated users to execute arbitrary SQL commands via a string parameter value in an XML RPC mt.setPostCategories method call, related to the post_id variable. Una vulnerabilidad de inyección SQL en xmlrpc (xmlrpc.php) en WordPress versión 2.1.2, y probablemente anteriores, permite a usuarios autenticados remotos ejecutar comandos SQL arbitrarios por medio de un valor del parámetro string en una llamada RPC XML del método mt.setPostCategories, relacionado con la variable post_id. • https://www.exploit-db.com/exploits/3656 http://secunia.com/advisories/24751 http://secunia.com/advisories/25108 http://trac.wordpress.org/ticket/4091 http://www.debian.org/security/2007/dsa-1285 http://www.notsosecure.com/folder2/2007/04/03/wordpress-212-xmlrpc-security-issues http://www.securityfocus.com/bid/23294 http://www.vupen.com/english/advisories/2007/1245 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 7.2EPSS: 1%CPEs: 1EXPL: 6

Multiple cross-site scripting (XSS) vulnerabilities in WordPress 2.0.9 and earlier allow remote attackers to inject arbitrary web script or HTML via the popuptitle parameter to (1) wp-admin/post.php or (2) wp-admin/page-new.php. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en WordPress 2.0.9 y anteriores permiten a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través del parámetro popuptitle de (1) wp-admin/post.php o (2) wp-admin/page-new.php. • https://www.exploit-db.com/exploits/30978 https://www.exploit-db.com/exploits/30977 http://lists.grok.org.uk/pipermail/full-disclosure/2008-January/059439.html http://securityreason.com/securityalert/3539 http://securityvulns.ru/Sdocument714.html http://websecurity.com.ua/1658 http://www.securityfocus.com/archive/1/485786/100/0/threaded http://www.securityfocus.com/bid/27123 https://exchange.xforce.ibmcloud.com/vulnerabilities/39426 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.8EPSS: 5%CPEs: 1EXPL: 2

Cross-site request forgery (CSRF) vulnerability in the AdminPanel in WordPress 2.1.1 and earlier allows remote attackers to perform privileged actions as administrators, as demonstrated using the delete action in wp-admin/post.php. NOTE: this issue can be leveraged to perform cross-site scripting (XSS) attacks and steal cookies via the post parameter. Vulnerabilidad de falsificación de petición en sitios cruzados (CSRF) en el AdminPanel en WordPress 2.1.1 y anteriores permite a atacantes remotos realizar acciones privilegiadas como administradores, como se demostró con el uso de una acción de borrado en wp-admin/post.php. NOTA: este asunto podría estar apalancado en los ataques de secuencias de comandos en sitios cruzados (XSS) y robar cookies a través del parámetro post. • https://www.exploit-db.com/exploits/29682 http://archives.neohapsis.com/archives/fulldisclosure/2007-02/0583.html http://osvdb.org/33787 http://osvdb.org/33788 http://secunia.com/advisories/24566 http://www.gentoo.org/security/en/glsa/glsa-200703-23.xml http://www.securityfocus.com/archive/1/461351/100/0/threaded http://www.securityfocus.com/bid/22735 https://exchange.xforce.ibmcloud.com/vulnerabilities/32703 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •