CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 1CVE-2019-25138 – User Submitted Posts <= 20190312 - Unauthenticated Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2019-25138
The User Submitted Posts plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the usp_check_images function in versions up to, and including, 20190312. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected sites server which may make remote code execution possible. • https://blog.nintechnet.com/arbitrary-file-upload-vulnerability-in-wordpress-user-submitted-posts-plugin https://wordpress.org/plugins/user-submitted-posts/#developers https://www.wordfence.com/threat-intel/vulnerabilities/id/5a97877b-fb4d-4e87-bcff-56be65fee6ce?source=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2016-11001 – User Submitted Posts < 20160215 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2016-11001
The user-submitted-posts plugin before 20160215 for WordPress has XSS via the user-submitted-content field. El plugin user-submitted-posts versiones anteriores a 20160215 para WordPress, presenta una vulnerabilidad de tipo XSS por medio del campo user-submitted-content. • https://wordpress.org/plugins/user-submitted-posts/#developers https://www.securityfocus.com/archive/1/537616/30/0/threaded • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2014-7463
https://notcve.org/view.php?id=CVE-2014-7463
The IM5 Fans Planet (aka uk.co.pixelkicks.im5) application 2.3.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. La aplicación para Android IM5 Fans Planet (también conocido como uk.co.pixelkicks.im5) 2.3.1 no verifica los certificados X.509 de los servidores SSL, lo que permite a atacantes man-in-the-middle suplantar servidores y obtener información sensible a través de un certificado manipulado. • http://www.kb.cert.org/vuls/id/284969 http://www.kb.cert.org/vuls/id/582497 https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing • CWE-310: Cryptographic Issues •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2014-7035
https://notcve.org/view.php?id=CVE-2014-7035
The Harmonizers Planet (aka uk.co.pixelkicks.fifthharmony) application 2.3.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. La aplicación para Android Harmonizers Planet (también conocida como uk.co.pixelkicks.fifthharmony) 2.3.4 no verifica los certificados X.509 de los servidores SSL, lo que permite a atacantes man-in-the-middle suplantar servidores y obtener información sensible a través de un certificado manipulado. • http://www.kb.cert.org/vuls/id/582497 http://www.kb.cert.org/vuls/id/862425 https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing • CWE-310: Cryptographic Issues •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2014-6694
https://notcve.org/view.php?id=CVE-2014-6694
The 5SOS Family Planet (aka uk.co.pixelkicks.fivesos) application 2.3.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. La aplicación 5SOS Family Planet 2.3.4 (también conocida como uk.co.pixelkicks.fivesos) para Android no verifica los certificados X.509 de los servidores SSL, lo que permite a atacantes man-in-the-middle falsificar servidores y obtener información sensible a través de un certificado manipulado. • http://www.kb.cert.org/vuls/id/582497 http://www.kb.cert.org/vuls/id/708073 https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing • CWE-310: Cryptographic Issues •