CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2015-9368 – Easy EU Value Added (VAT) Taxes < 1.2.0 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2015-9368
Easy EU Value Added (VAT) Taxes Add-on for iThemes Exchange before 1.2.0 for WordPress has XSS via add_query_arg() and remove_query_arg(). El Add-on Easy EU Value Added (VAT) Taxes para iThemes Exchange versiones anteriores a 1.2.0 para WordPress, tiene una vulnerabilidad de tipo XSS por medio de las funciones add_query_arg() y remove_query_arg(). • https://blog.sucuri.net/2015/04/security-advisory-xss-vulnerability-affecting-multiple-wordpress-plugins.html https://ithemes.com/coordinated-wordpress-plugin-security-update • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2015-9375 – Exchange Addon Table Rate Shipping < 1.1.0 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2015-9375
Table Rate Shipping Add-on for iThemes Exchange before 1.1.0 for WordPress has XSS via add_query_arg() and remove_query_arg(). La extensión de envío de tarifa de tabla para iThemes Exchange antes de 1.1.0 para WordPress tiene XSS a través de add_query_arg () y remove_query_arg (). • https://blog.sucuri.net/2015/04/security-advisory-xss-vulnerability-affecting-multiple-wordpress-plugins.html https://ithemes.com/coordinated-wordpress-plugin-security-update • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2015-9374 – Stripe Add-on for iThemes Exchange < 1.2.0 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2015-9374
Stripe Add-on for iThemes Exchange before 1.2.0 for WordPress has XSS via add_query_arg() and remove_query_arg(). la extensión Stripe para iThemes Exchange antes de 1.2.0 para WordPress tiene una vulnerabilidad XSS a través de add_query_arg () y remove_query_arg (). • https://blog.sucuri.net/2015/04/security-advisory-xss-vulnerability-affecting-multiple-wordpress-plugins.html https://ithemes.com/coordinated-wordpress-plugin-security-update • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 2CVE-2013-2741 – BackupBuddy < 3.0 - Authentication Bypass
https://notcve.org/view.php?id=CVE-2013-2741
importbuddy.php in the BackupBuddy plugin 1.3.4, 2.1.4, 2.2.25, 2.2.28, and 2.2.4 for WordPress does not require that authentication be enabled, which allows remote attackers to obtain sensitive information, or overwrite or delete files, via vectors involving a (1) direct request, (2) step=1 request, (3) step=2 or step=3 request, or (4) step=7 request. importbuddy.php en el complemento BackupBuddy v1.3.4, v2.1.4, v2.2.25, v2.2.28, y v2.2.4 para WordPress no requiere autenticación, lo que permite a atacantes remotos obtener información o sobreescribir o borrar ficheros, a través de vectores (1) petición directa, (2) step=1 petición, (3) step=2 o step=3 peticiónt, o (4) step=7 petición. • http://archives.neohapsis.com/archives/fulldisclosure/2013-03/0205.html http://packetstormsecurity.com/files/120923 • CWE-287: Improper Authentication •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 2CVE-2013-2744 – BackupBuddy <= 2.2.28 - Sensitive Information Disclosure
https://notcve.org/view.php?id=CVE-2013-2744
importbuddy.php in the BackupBuddy plugin 2.2.25 for WordPress allows remote attackers to obtain configuration information via a step 0 phpinfo action, which calls the phpinfo function. importbuddy.php en el plugin para WordPress BackupBuddy v2.2.25 permite a atacantes remotos obtener información de configuración a través de una acción "step 0 phpinfo", que llama a la función phpinfo. The BackupBuddy plugin for WordPress is vulnerable to Sensitive Data Exposure in versions up to, and including, 2.2.28 via a step 0 phpinfo action, which calls the phpinfo function. This can allow remote attackers to extract configuration information. • http://archives.neohapsis.com/archives/fulldisclosure/2013-03/0205.html http://packetstormsecurity.com/files/120923 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •