CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2016-10705 – Jetpack <= 4.0.3 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2016-10705
20 Jun 2016 — The Jetpack plugin before 4.0.4 for WordPress has XSS via the Likes module. El plugin Jetpack en versiones anteriores a la 4.0.4 para WordPress tiene XSS mediante el módulo Likes. • https://jetpack.com/2016/06/20/jetpack-4-0-4-bug-fixes • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2015-9357 – Akismet <= 3.1.4 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2015-9357
13 Oct 2015 — The akismet plugin before 3.1.5 for WordPress has XSS. El plugin akismet antes de 3.1.5 para WordPress tiene XSS. • https://wordpress.org/plugins/akismet/#developers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2015-9359 – Jetpack <= 3.4.2 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2015-9359
20 Apr 2015 — The Jetpack plugin before 3.4.3 for WordPress has XSS via add_query_arg() and remove_query_arg(). El plugin Jetpack anterior a 3.4.3 para WordPress tiene una vulnerabilidad XSS a través de add_query_arg () y remove_query_arg (). • https://blog.sucuri.net/2015/04/security-advisory-xss-vulnerability-affecting-multiple-wordpress-plugins.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 1%CPEs: 3EXPL: 4CVE-2015-3429 – Twenty Fifteen Theme <= 1.1 & WordPress Core < 4.2.2 - Cross-Site Scripting via example.html
https://notcve.org/view.php?id=CVE-2015-3429
08 Apr 2015 — Cross-site scripting (XSS) vulnerability in example.html in Genericons before 3.3.1, as used in WordPress before 4.2.2, allows remote attackers to inject arbitrary web script or HTML via a fragment identifier. Vulnerabilidad de XSS en example.html en Genericons anterior a 3.3.1, utilizado en WordPress anterior a 4.2.2, permite a atacantes remotos inyectar secuencias de comandos web arbitrarios o HTML a través de un identificador de fragmentos. The security update for wordpress in DSA 3328 contained a regres... • https://packetstorm.news/files/id/131802 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 82%CPEs: 2EXPL: 5CVE-2013-2010 – W3 Total Cache <= 0.9.2.8 - Remote Code Execution
https://notcve.org/view.php?id=CVE-2013-2010
01 Aug 2014 — WordPress W3 Total Cache Plugin 0.9.2.8 has a Remote PHP Code Execution Vulnerability WordPress W3 Total Cache Plugin versión 0.9.2.8, presenta una Vulnerabilidad de Ejecución de Código PHP Remota. • https://packetstorm.news/files/id/130999 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2013-2008 – WP Super Cache Plugin <= 1.3 - Multiple Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2013-2008
01 Aug 2014 — WordPress Super Cache Plugin 1.3 has XSS. WordPress Super Cache Plugin versión 1.3, presenta una vulnerabilidad de tipo XSS. The WordPress Super Cache Plugin 1.3 has XSS via several vulnerable parameters. • http://www.openwall.com/lists/oss-security/2013/04/24/10 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 25%CPEs: 1EXPL: 3CVE-2013-2009 – WP Super Cache <= 1.2 - Remote Code Execution
https://notcve.org/view.php?id=CVE-2013-2009
01 Aug 2014 — WordPress WP Super Cache Plugin 1.2 has Remote PHP Code Execution WordPress WP Super Cache Plugin versión 1.2, presenta una Ejecución de Código PHP Remota. The WP Super Cache plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 1.2. This allows unauthenticated attackers to execute code on the server. • https://www.exploit-db.com/exploits/38494 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 5%CPEs: 1EXPL: 1CVE-2013-2011 – WP Super Cache < 1.3.2 - Remote Code Execution
https://notcve.org/view.php?id=CVE-2013-2011
01 Aug 2014 — WordPress W3 Super Cache Plugin before 1.3.2 contains a PHP code-execution vulnerability which could allow remote attackers to inject arbitrary code. This issue exists because of an incomplete fix for CVE-2013-2009. WordPress W3 Super Cache Plugin versiones anteriores a 1.3.2, contiene una vulnerabilidad de ejecución de código PHP que podría permitir a atacantes remotos inyectar código arbitrario. Este problema se presenta debido a una corrección incompleta para CVE-2013-2009. • http://www.openwall.com/lists/oss-security/2013/04/25/4 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-116: Improper Encoding or Escaping of Output •
CVSS: 9.1EPSS: 0%CPEs: 35EXPL: 0CVE-2014-0173 – Jetpack < 2.9.3 - Security Bypass
https://notcve.org/view.php?id=CVE-2014-0173
21 Apr 2014 — The Jetpack plugin before 1.9 before 1.9.4, 2.0.x before 2.0.9, 2.1.x before 2.1.4, 2.2.x before 2.2.7, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.2, 2.6.x before 2.6.3, 2.7.x before 2.7.2, 2.8.x before 2.8.2, and 2.9.x before 2.9.3 for WordPress does not properly restrict access to the XML-RPC service, which allows remote attackers to bypass intended restrictions and publish posts via unspecified vectors. NOTE: some of these details are obtained from third party information. El plugin Jetpack... • http://jetpack.me/2014/04/10/jetpack-security-update • CWE-264: Permissions, Privileges, and Access Controls CWE-285: Improper Authorization •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 3CVE-2011-4673 – WordPress Plugin jetpack - 'sharedaddy.php' ID SQL Injection
https://notcve.org/view.php?id=CVE-2011-4673
02 Dec 2011 — SQL injection vulnerability in modules/sharedaddy.php in the Jetpack plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter. Vulnerabilidad de inyección SQL en modules/sharedaddy.php en el complemento Jetpack para WordPress, permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro id. • https://www.exploit-db.com/exploits/18126 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •