CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2015-9367 – Easy Canadian Sales Taxes Add-On for iThemes Exchange < 1.1.0 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2015-9367
Easy Canadian Sales Taxes Add-on for iThemes Exchange before 1.1.0 for WordPress has XSS via add_query_arg() and remove_query_arg(). El Add-on Easy Canadian Taxes para iThemes Exchange versiones anteriores a 1.1.0 para WordPress, tiene una vulnerabilidad de tipo XSS por medio de las funciones add_query_arg() y remove_query_arg(). • https://blog.sucuri.net/2015/04/security-advisory-xss-vulnerability-affecting-multiple-wordpress-plugins.html https://ithemes.com/coordinated-wordpress-plugin-security-update • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2015-9370 – Exchange Addon Invoices < 1.4.0 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2015-9370
Invoices Add-on for iThemes Exchange before 1.4.0 for WordPress has XSS via add_query_arg() and remove_query_arg(). El complemento Facturas para iThemes Exchange antes de 1.4.0 para WordPress tiene XSS a través de add_query_arg() y remove_query_arg(). • https://blog.sucuri.net/2015/04/security-advisory-xss-vulnerability-affecting-multiple-wordpress-plugins.html https://ithemes.com/coordinated-wordpress-plugin-security-update • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2015-9379 – iThemes Builder Style Manager < 0.7.7 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2015-9379
iThemes Builder Style Manager before 0.7.7 for WordPress has XSS via add_query_arg() and remove_query_arg(). iThemes Builder Style Manager anterior a 0.7.7 para WordPress tiene XSS a través de add_query_arg() y remove_query_arg(). • https://blog.sucuri.net/2015/04/security-advisory-xss-vulnerability-affecting-multiple-wordpress-plugins.html https://ithemes.com/coordinated-wordpress-plugin-security-update • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 2CVE-2013-2741 – BackupBuddy < 3.0 - Authentication Bypass
https://notcve.org/view.php?id=CVE-2013-2741
importbuddy.php in the BackupBuddy plugin 1.3.4, 2.1.4, 2.2.25, 2.2.28, and 2.2.4 for WordPress does not require that authentication be enabled, which allows remote attackers to obtain sensitive information, or overwrite or delete files, via vectors involving a (1) direct request, (2) step=1 request, (3) step=2 or step=3 request, or (4) step=7 request. importbuddy.php en el complemento BackupBuddy v1.3.4, v2.1.4, v2.2.25, v2.2.28, y v2.2.4 para WordPress no requiere autenticación, lo que permite a atacantes remotos obtener información o sobreescribir o borrar ficheros, a través de vectores (1) petición directa, (2) step=1 petición, (3) step=2 o step=3 peticiónt, o (4) step=7 petición. • http://archives.neohapsis.com/archives/fulldisclosure/2013-03/0205.html http://packetstormsecurity.com/files/120923 • CWE-287: Improper Authentication •
CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 2CVE-2013-2742 – BackupBuddy < 3.0 - Authentication Bypass
https://notcve.org/view.php?id=CVE-2013-2742
importbuddy.php in the BackupBuddy plugin 1.3.4, 2.1.4, 2.2.25, 2.2.28, and 2.2.4 for WordPress does not reliably delete itself after completing a restore operation, which makes it easier for remote attackers to obtain access via subsequent requests to this script. importbuddy.php en el plugin de BackupBuddy v1.3.4, v2.1.4, v2.2.25, v2.2.28 y v2.2.4 para WordPress no es fiable queda eliminado tras completar una operación de restauración, lo que hace que sea más fácil para los atacantes remotos obtener acceso a través de las solicitudes posteriores a este script. • http://archives.neohapsis.com/archives/fulldisclosure/2013-03/0205.html http://packetstormsecurity.com/files/120923 • CWE-287: Improper Authentication •