Page 59 of 701 results (0.005 seconds)

CVSS: 6.1EPSS: 0%CPEs: 21EXPL: 1

CVE-2013-5918 – Platinum SEO <= 1.3.7 - Reflected Cross-Site Scripting

https://notcve.org/view.php?id=CVE-2013-5918

Cross-site scripting (XSS) vulnerability in platinum_seo_pack.php in the Platinum SEO plugin before 1.3.8 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter. Vulnerabilidad XSS en platinum_seo_pack.php en el plugin Platinum SEO anterior a v1.3.8 para WordPress permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarias a través del parámetro "s". • http://osvdb.org/ref/97/platinum_seo.txt http://www.osvdb.org/97263 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.8EPSS: 65%CPEs: 2EXPL: 2

CVE-2013-5917 – NOSpamPTI <= 2.1 - SQL Injection

https://notcve.org/view.php?id=CVE-2013-5917

SQL injection vulnerability in wp-comments-post.php in the NOSpam PTI plugin 2.1 for WordPress allows remote attackers to execute arbitrary SQL commands via the comment_post_ID parameter. Vulnerabilidad de inyección SQL en wp-comments-post.php en el plugin NOSpam PTI v2.1 para Wordpress permite a atacantes remotos ejecutar comandos SQL arbritrarios a través del parámetro "comment_post_ID". WordPress NOSpamPTI plugin version 2.1 suffers from a remote blind SQL injection vulnerability. • https://www.exploit-db.com/exploits/28485 http://archives.neohapsis.com/archives/bugtraq/2013-09/0102.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 1

CVE-2013-6010 – Comment Attachment <= 1.5.5 - Cross-Site Scripting

https://notcve.org/view.php?id=CVE-2013-6010

Cross-site scripting (XSS) vulnerability in the Comment Attachment plugin 1.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via the "Attachment field title." Vulnerabilidad de XSS en el plugin Comment Attachment para WordPress permite a atacantes remotos inyectar script web arbitrario o HTML a través del "Attachment field title." Cross-site scripting (XSS) vulnerability in the Comment Attachment plugin 1.5.5 and below for WordPress allows remote attackers to inject arbitrary web script or HTML via the "Attachment field title." • http://osvdb.org/97600 http://packetstormsecurity.com/files/123327 https://exchange.xforce.ibmcloud.com/vulnerabilities/87290 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.8EPSS: 10%CPEs: 25EXPL: 2

CVE-2013-5963 – Simple Dropbox Upload < 1.8.8.1 - Arbitrary File Upload

https://notcve.org/view.php?id=CVE-2013-5963

Unrestricted file upload vulnerability in multi.php in Simple Dropbox Upload plugin before 1.8.8.1 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in wp-content/uploads/wpdb/. Vulnerabilidad de subida de ficheros sin restricciones en multi.php en el plugin Simple Dropbox Upload anteriores a 1.8.8.1 para WordPress permite a atacantes remotos ejecutar código arbitrario subiendo un fichero con una extensión ejecutable y después accediendo a él a través de una petición directa al fichero wp-content/uploads/wpdb/. • http://packetstormsecurity.com/files/123235 http://plugins.trac.wordpress.org/changeset?reponame=&old=774214%40simple-dropbox-upload-form%2Ftrunk&new=774214%40simple-dropbox-upload-form%2Ftrunk http://secunia.com/advisories/54856 http://wordpress.org/plugins/simple-dropbox-upload-form/changelog https://exchange.xforce.ibmcloud.com/vulnerabilities/87166 • CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: 6.3EPSS: 0%CPEs: 1EXPL: 1

CVE-2013-4340 – WordPress Core < 3.6.1 - Spoof Post Authorship

https://notcve.org/view.php?id=CVE-2013-4340

wp-admin/includes/post.php in WordPress before 3.6.1 allows remote authenticated users to spoof the authorship of a post by leveraging the Author role and providing a modified user_ID parameter. wp-admin/includes/post.php en WordPress anteriores a 3.6.1 permite a usuarios remotos autentificados falsear la autoría de una entrada aprovechando el rol Author y utilizando un parámetro user_ID modificado. • http://codex.wordpress.org/Version_3.6.1 http://core.trac.wordpress.org/changeset/25321 http://lists.fedoraproject.org/pipermail/package-announce/2013-September/116828.html http://lists.fedoraproject.org/pipermail/package-announce/2013-September/116832.html http://lists.fedoraproject.org/pipermail/package-announce/2013-September/117118.html http://wordpress.org/news/2013/09/wordpress-3-6-1 http://www.debian.org/security/2013/dsa-2757 • CWE-264: Permissions, Privileges, and Access Controls CWE-285: Improper Authorization •