CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0CVE-2013-7279 – S3 Video <= 0.982 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2013-7279
Cross-site scripting (XSS) vulnerability in views/video-management/preview_video.php in the S3 Video plugin before 0.983 for WordPress allows remote attackers to inject arbitrary web script or HTML via the base parameter. Vulnerabilidad cross-site scripting (XSS) en views/video-management/preview_video.php en S3 Video plugin anteriores a 0.983 para Wordpress permite a atacantes remotos inyectar script web o HTML de forma arbitraria a través de un parámetro base. • http://plugins.trac.wordpress.org/changeset?old_path=%2Fs3-video&old=823847&new_path=%2Fs3-video&new=823847 http://secunia.com/advisories/56167 http://wordpress.org/plugins/s3-video/changelog http://www.securityfocus.com/bid/64420 https://exchange.xforce.ibmcloud.com/vulnerabilities/89866 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 11EXPL: 1CVE-2013-7233 – WordPress Core < 2.1 - Cross-Site Request Forgery to Denial of Service
https://notcve.org/view.php?id=CVE-2013-7233
Cross-site request forgery (CSRF) vulnerability in the retrospam component in wp-admin/options-discussion.php in WordPress 2.0.11 and earlier allows remote attackers to hijack the authentication of administrators for requests that move comments to the moderation list. V ulnerabilidad Cross-site request forgery (CSRF) en el componente retrospam en wp-admin/options-discussion.php en WordPress 2.0.11 y anteriores permite a atacantes remotos secuestrar la autenticación de los administradores de las solicitudes que mueven comentarios a la moderación de la lista. • https://www.exploit-db.com/exploits/38924 http://seclists.org/fulldisclosure/2013/Dec/145 http://www.osvdb.org/101184 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 8EXPL: 1CVE-2013-6993 – Ad-minister <= 0.6 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2013-6993
Cross-site scripting (XSS) vulnerability in the Ad-minister plugin 0.6 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the key parameter in a delete action to wp-admin/tools.php. Vulnerabilidad de cross-site scripting (XSS) en el plugin Ad-minister 0.6 y anteriores para WordPress permite a atacantes remotos inyectar scripts web o HTML arbitrarios a través del parámetro key en una acción delete en wp-admin/tools.php. The Ad-minister plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 0.6 via the key parameter in a delete action to wp-admin/tools.php due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts that execute in a victim's browser. WordPress Ad-minister plugin version 0.6 suffers from a cross site scripting vulnerability. • http://wordpress.org/support/topic/ad-minister-06-security-vulnerability-notification-xss http://www.securityfocus.com/archive/1/530540/100/0/threaded https://www.htbridge.com/advisory/HTB23187 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2013-10027 – Blogger Importer Plugin blogger-importer.php restart cross-site request forgery
https://notcve.org/view.php?id=CVE-2013-10027
A vulnerability was found in Blogger Importer Plugin up to 0.5 on WordPress. It has been classified as problematic. Affected is the function start/restart of the file blogger-importer.php. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. • https://github.com/wp-plugins/blogger-importer/commit/b83fa4f862b0f19a54cfee76060ec9c2e7f7ca70 https://vuldb.com/?ctiid.230658 https://vuldb.com/?id.230658 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.8EPSS: 10%CPEs: 2EXPL: 3CVE-2013-5961 – WordPress Plugin Lazy SEO 1.1.9 - Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2013-5961
Unrestricted file upload vulnerability in lazyseo.php in the Lazy SEO plugin 1.1.9 for WordPress allows remote attackers to execute arbitrary PHP code by uploading a PHP file, then accessing it via a direct request to the file in lazy-seo/. Vulnerabilidad de carga de archivos sin restricción en lazyseo.php de Lazy SEO plugin 1.1.9 para WordPress permite a atacantes remotos ejecutar código PHP a discrección cargando un fichero PHP, y accediendo a él directamente en la carpeta lazy-seo/. • https://www.exploit-db.com/exploits/28452 http://osvdb.org/97662 http://packetstormsecurity.com/files/123349 http://www.exploit-db.com/exploits/28452 https://exchange.xforce.ibmcloud.com/vulnerabilities/87384 •