CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0CVE-2013-7279 – S3 Video <= 0.982 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2013-7279
Cross-site scripting (XSS) vulnerability in views/video-management/preview_video.php in the S3 Video plugin before 0.983 for WordPress allows remote attackers to inject arbitrary web script or HTML via the base parameter. Vulnerabilidad cross-site scripting (XSS) en views/video-management/preview_video.php en S3 Video plugin anteriores a 0.983 para Wordpress permite a atacantes remotos inyectar script web o HTML de forma arbitraria a través de un parámetro base. • http://plugins.trac.wordpress.org/changeset?old_path=%2Fs3-video&old=823847&new_path=%2Fs3-video&new=823847 http://secunia.com/advisories/56167 http://wordpress.org/plugins/s3-video/changelog http://www.securityfocus.com/bid/64420 https://exchange.xforce.ibmcloud.com/vulnerabilities/89866 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 11EXPL: 1CVE-2013-7233 – WordPress Core < 2.1 - Cross-Site Request Forgery to Denial of Service
https://notcve.org/view.php?id=CVE-2013-7233
Cross-site request forgery (CSRF) vulnerability in the retrospam component in wp-admin/options-discussion.php in WordPress 2.0.11 and earlier allows remote attackers to hijack the authentication of administrators for requests that move comments to the moderation list. V ulnerabilidad Cross-site request forgery (CSRF) en el componente retrospam en wp-admin/options-discussion.php en WordPress 2.0.11 y anteriores permite a atacantes remotos secuestrar la autenticación de los administradores de las solicitudes que mueven comentarios a la moderación de la lista. • https://www.exploit-db.com/exploits/38924 http://seclists.org/fulldisclosure/2013/Dec/145 http://www.osvdb.org/101184 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 8EXPL: 1CVE-2013-6993 – Ad-minister <= 0.6 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2013-6993
Cross-site scripting (XSS) vulnerability in the Ad-minister plugin 0.6 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the key parameter in a delete action to wp-admin/tools.php. Vulnerabilidad de cross-site scripting (XSS) en el plugin Ad-minister 0.6 y anteriores para WordPress permite a atacantes remotos inyectar scripts web o HTML arbitrarios a través del parámetro key en una acción delete en wp-admin/tools.php. The Ad-minister plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 0.6 via the key parameter in a delete action to wp-admin/tools.php due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts that execute in a victim's browser. WordPress Ad-minister plugin version 0.6 suffers from a cross site scripting vulnerability. • http://wordpress.org/support/topic/ad-minister-06-security-vulnerability-notification-xss http://www.securityfocus.com/archive/1/530540/100/0/threaded https://www.htbridge.com/advisory/HTB23187 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 10%CPEs: 2EXPL: 3CVE-2013-5961 – WordPress Plugin Lazy SEO 1.1.9 - Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2013-5961
Unrestricted file upload vulnerability in lazyseo.php in the Lazy SEO plugin 1.1.9 for WordPress allows remote attackers to execute arbitrary PHP code by uploading a PHP file, then accessing it via a direct request to the file in lazy-seo/. Vulnerabilidad de carga de archivos sin restricción en lazyseo.php de Lazy SEO plugin 1.1.9 para WordPress permite a atacantes remotos ejecutar código PHP a discrección cargando un fichero PHP, y accediendo a él directamente en la carpeta lazy-seo/. • https://www.exploit-db.com/exploits/28452 http://osvdb.org/97662 http://packetstormsecurity.com/files/123349 http://www.exploit-db.com/exploits/28452 https://exchange.xforce.ibmcloud.com/vulnerabilities/87384 •
CVSS: 6.1EPSS: 0%CPEs: 21EXPL: 1CVE-2013-5918 – Platinum SEO <= 1.3.7 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2013-5918
Cross-site scripting (XSS) vulnerability in platinum_seo_pack.php in the Platinum SEO plugin before 1.3.8 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter. Vulnerabilidad XSS en platinum_seo_pack.php en el plugin Platinum SEO anterior a v1.3.8 para WordPress permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarias a través del parámetro "s". • http://osvdb.org/ref/97/platinum_seo.txt http://www.osvdb.org/97263 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •