CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 4CVE-2013-5672 – Testimonial < 2.3 - Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-2013-5672
Multiple cross-site request forgery (CSRF) vulnerabilities in the IndiaNIC Testimonial plugin 2.2 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) add a testimonial via an iNIC_testimonial_save action; (2) add a listing template via an iNIC_testimonial_save_listing_template action; (3) add a widget template via an iNIC_testimonial_save_widget action; insert cross-site scripting (XSS) sequences via the (4) project_name, (5) project_url, (6) client_name, (7) client_city, (8) client_state, (9) description, (10) tags, (11) video_url, or (12) is_featured, (13) title, (14) widget_title, (15) no_of_testimonials, (16) filter_by_country, (17) filter_by_tags, or (18) widget_template parameter to wp-admin/admin-ajax.php. Multiples vulnerabilidades cross-site request forgery (CSRF) en la extensión extensión IndiaNIC Testimonial 2.2 para WordPress permiten a un atacante remoto secuestrar la autentificación de administradores para peticiones que: (1) añaden un testimonio a través de una acción iNIC_testimonial_save; (2) añadir una plantilla de listado a través de una acción iNIC_testimonial_save_listing_template; (3) añadir una plantilla de widget a través de una acción iNIC_testimonial_save_widget Insertar secuencias cross-site scripting (XSS) a través del parámetro (4) project_name, (5) project_url, (7) client_city, (8) client_state, (9) description, (10) tags, (11) video_url, o (12) is_featured, (13) title, (14) widget_title, (15) no_of_testimonials, (16) filter_by_country, (17) filter_by_tags, o (18) widget_template a wp-admin/admin-ajax.php. • https://www.exploit-db.com/exploits/28054 http://archives.neohapsis.com/archives/bugtraq/2013-09/0006.html http://osvdb.org/96792 http://packetstormsecurity.com/files/123036 http://seclists.org/fulldisclosure/2013/Sep/5 http://seclists.org/oss-sec/2013/q3/531 http://secunia.com/advisories/54640 http://www.exploit-db.com/exploits/28054 http://www.securityfocus.com/bid/62109 https://exchange.xforce.ibmcloud.com/vulnerabilities/86846 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 9EXPL: 2CVE-2013-5714 – Broadcast Live Video – Live Streaming : HTML5, WebRTC, HLS, RTSP, RTMP <= 4.25.3 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2013-5714
Multiple cross-site scripting (XSS) vulnerabilities in ls/htmlchat.php in the VideoWhisper Live Streaming Integration plugin 4.25.3 and possibly earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) message parameter. NOTE: some of these details are obtained from third party information. Multiples vulnerabilidades cross-site scripting (XSS) en ls/htmlchar.php de la extensión para WordPress, VideoWhisper Live Streaming Integration 4.25.3 y posiblemente anteriores permite a un atacate remoto inyectar script web o HTML a discrección a través del parámetro (1) name o (2) message. NOTA: algunos de esos detalles son obtenidos de información de terceros. Multiple cross-site scripting (XSS) vulnerabilities in ls/htmlchat.php in the VideoWhisper Live Streaming Integration plugin 4.25.3 and possibly earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) message parameter. • http://archives.neohapsis.com/archives/bugtraq/2013-08/0153.html http://osvdb.org/96593 http://secunia.com/advisories/54619 http://www.iedb.ir/exploits-402.html http://www.securityfocus.com/bid/61977 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 15EXPL: 3CVE-2013-4626 – BackWPup < 3.0.13 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2013-4626
Cross-site scripting (XSS) vulnerability in the BackWPup plugin before 3.0.13 for WordPress allows remote attackers to inject arbitrary web script or HTML via the tab parameter to wp-admin/admin.php. Vulnerabilidad XSS en el plugin BackWPup anterior a v3.0.13 para WordPress permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarias a través del parámetro "tab" a wp-admin/admin.php. WordPress BackWPup plugin version 3.0.12 suffers from a cross site scripting vulnerability. • http://archives.neohapsis.com/archives/bugtraq/2013-08/0127.html http://secunia.com/advisories/54515 http://wordpress.org/plugins/backwpup/changelog http://www.securityfocus.com/bid/61904 https://www.htbridge.com/advisory/HTB23161 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 20EXPL: 1CVE-2013-3253 – Xhanch – My Twitter <= 2.7.6 - Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-2013-3253
Cross-site request forgery (CSRF) vulnerability in admin/setting.php in the Xhanch - My Twitter plugin before 2.7.7 for WordPress allows remote attackers to hijack the authentication of administrators for requests that change unspecified settings. Vulnerabilidad de falsificación de petición en sitios cruzados (CSRF) en admin/setting.php en el plugin Xhanch - My Twitter anterior a v2.7.7 para WordPress permite a atacantes remotos secuestrar la autenticación de los administradores para las peticiones que cambian configuraciones sin especificar. • http://forum.xhanch.com/index.php/topic%2C3806.0.html http://plugins.trac.wordpress.org/changeset/750054/xhanch-my-twitter http://secunia.com/advisories/53133 http://www.securityfocus.com/bid/61629 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2013-3256 – SexyBookmarks <= 6.1.4.0 - Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-2013-3256
Cross-site request forgery (CSRF) vulnerability in the Shareaholic SexyBookmarks plugin 6.1.4.0 for WordPress allows remote attackers to hijack the authentication of users for requests that "manipulate plugin settings." Vulnerabilidad de falsificación de petición en sitios cruzados (CSRF) en el plugin Shareaholic SexyBookmarks v6.1.4.0 para WordPress permite a atacantes remotos secuestrar la autenticación de usuarios para las peticiones "manipulate plugin settings." • http://secunia.com/advisories/53138 http://wordpress.org/plugins/sexybookmarks/changelog http://www.securityfocus.com/bid/61561 https://exchange.xforce.ibmcloud.com/vulnerabilities/86126 • CWE-352: Cross-Site Request Forgery (CSRF) •