CVSS: 6.1EPSS: 1%CPEs: 4EXPL: 1CVE-2013-4625 – Duplicator – WordPress Migration Plugin <= 0.4.4 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2013-4625
Cross-site scripting (XSS) vulnerability in files/installer.cleanup.php in the Duplicator plugin before 0.4.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the package parameter. Vulnerabilidad Cross-site scripting (XSS) en files/installer.cleanup.php en el plugin Duplicator anterior a v0.4.5 para WordPress, permite a atacantes remotos ejecutar secuencias de comandos web o HTML arbitrarias a través del parámetro "package”. WordPress Duplicator plugin version 0.4.4 suffers from a cross site scripting vulnerability. • https://www.exploit-db.com/exploits/38676 http://archives.neohapsis.com/archives/bugtraq/2013-07/0161.html http://osvdb.org/95627 http://packetstormsecurity.com/files/122535/WordPress-Duplicator-0.4.4-Cross-Site-Scripting.html http://support.lifeinthegrid.com/knowledgebase.php?article=20 http://www.securityfocus.com/bid/61425 https://exchange.xforce.ibmcloud.com/vulnerabilities/85939 https://www.htbridge.com/advisory/HTB23162 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.2EPSS: 0%CPEs: 8EXPL: 0CVE-2013-5098 – Download Monitor < 3.3.6.2 - Cross-Site Scripting via sort Parameter
https://notcve.org/view.php?id=CVE-2013-5098
Cross-site scripting (XSS) vulnerability in admin/admin.php in the Download Monitor plugin before 3.3.6.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the sort parameter, a different vulnerability than CVE-2013-3262. Vulnerabilidad Cross-site scripting (XSS) en admin/admin.php en el plugin Download Monitor anterior a v3.3.6.2 para WordPress, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro “sort”, una vulnerabilidad diferente de CVE-2013-3262. • http://plugins.trac.wordpress.org/changeset/723187/download-monitor http://secunia.com/advisories/53116 http://www.securityfocus.com/bid/61407 https://exchange.xforce.ibmcloud.com/vulnerabilities/85921 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 8EXPL: 1CVE-2013-3262 – Download Monitor < 3.3.6.2 - Cross-Site Scripting via p Parameter
https://notcve.org/view.php?id=CVE-2013-3262
Cross-site scripting (XSS) vulnerability in admin/admin.php in the Download Monitor plugin before 3.3.6.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the p parameter. Vulnerabilidad Cross-site scripting (XSS) en admin/admin.php en el plugin Download Monitor anterior a v3.3.6.2 para WordPress, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro “p”. • http://plugins.trac.wordpress.org/changeset/723187/download-monitor http://secunia.com/advisories/53116 http://www.securityfocus.com/bid/61407 https://exchange.xforce.ibmcloud.com/vulnerabilities/85921 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2013-3491 – Sharebar <= 1.4.2 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2013-3491
Multiple cross-site request forgery (CSRF) vulnerabilities in the Sharebar plugin 1.2.5 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) add or (2) modify buttons, or (3) insert cross-site scripting (XSS) sequences. Múltiple vulnerabilidades CSRF (cross-site request forgery) en el plugin Sharebar v1.2.5 para WordPress permite a atacantes remotos secuentrar la autenticacion de administrador para solicitudes que (1) añaden o (2) modifican botones, o (3) insertar sencuencias XSS (cross-site scripting) Multiple cross-site request forgery (CSRF) vulnerabilities in the Sharebar plugin 1.4.2 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) add or (2) modify buttons, or (3) insert cross-site scripting (XSS) sequences. • http://secunia.com/advisories/52948 http://www.securityfocus.com/bid/60956 https://exchange.xforce.ibmcloud.com/vulnerabilities/85438 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2013-2704 – Dropdown Menu Widget <= 1.9.7 - Cross-Site Request Forgery to Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2013-2704
Cross-site request forgery (CSRF) vulnerability in the Dropdown Menu Widget plugin 1.9.1 for WordPress allows remote attackers to hijack the authentication of arbitrary users for requests that insert cross-site scripting (XSS) sequences. Vulnerabilidad de falsificación de petición en sitios cruzados (CSRF) en el pluging Dropdown Menu Widget v1.9.1 para WordPress, permite a atacantes remotos secuestrar la autenticación de usuarios para peticiones que inserten secuencias de comandos en sitios cruzados. Cross-site request forgery (CSRF) vulnerability in the Dropdown Menu Widget plugin 1.9.7 for WordPress allows remote attackers to hijack the authentication of arbitrary users for requests that insert cross-site scripting (XSS) sequences. • http://secunia.com/advisories/52958 http://wordpress.org/plugins/dropdown-menu-widget/changelog • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-352: Cross-Site Request Forgery (CSRF) •