CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 0CVE-2014-1232 – Foliopress WYSIWYG < 2.6.8.5 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2014-1232
Cross-site scripting (XSS) vulnerability in the Foliopress WYSIWYG plugin before 2.6.8.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Cross-site scripting (XSS) en el plugin Foliopress WYSIWYG para WordPress anterior a 2.6.8.5 que permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores no especificados. • http://secunia.com/advisories/56261 http://wordpress.org/plugins/foliopress-wysiwyg/changelog http://www.securityfocus.com/bid/64666 https://exchange.xforce.ibmcloud.com/vulnerabilities/90102 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 24%CPEs: 2EXPL: 2CVE-2013-7240 – Advanced Dewplayer < 1.3 - Directory Traversal
https://notcve.org/view.php?id=CVE-2013-7240
Directory traversal vulnerability in download-file.php in the Advanced Dewplayer plugin 1.2 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the dew_file parameter. Vulnerabilidad de salto de directorio en download-file.php en el plugin Advanced Dewplayer 1.2 para WordPress permite a atacantes remotos leer ficheros arbitrarios a través de un .. (punto punto) en el parámetro dew_file. • https://www.exploit-db.com/exploits/38936 http://seclists.org/oss-sec/2013/q4/566 http://seclists.org/oss-sec/2013/q4/570 http://wordpress.org/support/topic/security-vulnerability-cve-2013-7240-directory-traversal http://www.securityfocus.com/bid/64587 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 2CVE-2013-6992 – AskApache Firefox Adsense <= 3.0 - Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-2013-6992
Cross-site request forgery (CSRF) vulnerability in askapache-firefox-adsense.php in the AskApache Firefox Adsense plugin 3.0 and earlier for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the aafireadcode parameter to wp-admin/options-general.php. Vulnerabilidad de cross-site request forgery (CSRF) en askapache-firefox-adsense.php en el plugin AskApache Firefox Adsense 3.0 y anteriores para WordPress permite a atacantes remotos secuestrar la autenticación de administradores en peticiones que efectúan ataques cross-site-scripting (XSS) mediante el parámetro aafireadcode a wp-admin/options-general.php. AskApache Firefox Adsense WordPress plugin version 3.0 suffers from a cross site request forgery vulnerability. • http://osvdb.org/101435 http://www.securityfocus.com/archive/1/530539/100/0/threaded http://www.securityfocus.com/bid/64534 https://www.htbridge.com/advisory/HTB23188 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 7EXPL: 1CVE-2013-6991 – WP-Cron Dashboard < 1.1.6 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2013-6991
Cross-site scripting (XSS) vulnerability in the WP-Cron Dashboard plugin 1.1.5 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the procname parameter to wp-admin/tools.php. Vulnerabilidad de cross-site scripting (XSS) en el plugin WP-Cron Dashboard 1.1.5 y anteriores para WordPress permite a atacantes remotos inyectar scripts web o HTML arbitrarios a través del parámetro procname a wp-admin/tools.php. WordPress WP-Cron Dashboard plugin version 1.1.5 suffers from a cross site scripting vulnerability. • http://wordpress.org/support/topic/wp-cron-dashboard-115-security-vulnerability-notification-xss http://www.securityfocus.com/archive/1/530536/100/0/threaded https://www.htbridge.com/advisory/HTB23189 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 1CVE-2013-7276 – Recommend to a friend <= 2.2.2 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2013-7276
Cross-site scripting (XSS) vulnerability in inc/raf_form.php in the Recommend to a friend plugin 2.0.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the current_url parameter. Cross-site scripting (XSS) en inc/raf_form.php en el plugin Recommend to a friend 2.0.2 de WordPress que permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro current_url. Cross-site scripting (XSS) vulnerability in inc/raf_form.php in the Recommend to a friend plugin 2.2.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the current_url parameter. • http://osvdb.org/101487 http://packetstormsecurity.com/files/124587/WordPress-Recommend-Cross-Site-Scripting.html http://secunia.com/advisories/56209 https://exchange.xforce.ibmcloud.com/vulnerabilities/89989 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •