CVSS: 6.1EPSS: 0%CPEs: 23EXPL: 3CVE-2013-4954 – Pie Register <= 1.30 - Multiple Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2013-4954
Multiple cross-site scripting (XSS) vulnerabilities in wp-login.php in the Genetech Solutions Pie-Register plugin before 1.31 for WordPress, when "Allow New Registrations to set their own Password" is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) pass1 or (2) pass2 parameter in a register action. NOTE: some of these details are obtained from third party information. Múltiples vulnerabilidades XSS en el plugin Genetech Solutions Pie-Register anterior a 1.31 para WordPress, cuando "los nuevos registros pueden establecer su propia contraseña" está activado, permite a atacantes remotos inyectar secuencias de comandos web y HTML arbitrarias a través de los parámetros (1) pass1 o (2) pass2 en una acción de registro. NOTA: Esta información ha sido obtenida a partir de terceros. • https://www.exploit-db.com/exploits/38643 http://osvdb.org/95160 http://plugins.trac.wordpress.org/changeset?reponame=&old=740249%40pie-register&new=740249%40pie-register http://secunia.com/advisories/54123 http://wordpress.org/plugins/pie-register/changelog http://wordpress.org/support/topic/security-issue-web-application-cross-site-scripting http://www.securityfocus.com/bid/61140 https://exchange.xforce.ibmcloud.com/vulnerabilities/85604 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 1%CPEs: 4EXPL: 1CVE-2013-4625 – Duplicator – WordPress Migration Plugin <= 0.4.4 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2013-4625
Cross-site scripting (XSS) vulnerability in files/installer.cleanup.php in the Duplicator plugin before 0.4.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the package parameter. Vulnerabilidad Cross-site scripting (XSS) en files/installer.cleanup.php en el plugin Duplicator anterior a v0.4.5 para WordPress, permite a atacantes remotos ejecutar secuencias de comandos web o HTML arbitrarias a través del parámetro "package”. WordPress Duplicator plugin version 0.4.4 suffers from a cross site scripting vulnerability. • https://www.exploit-db.com/exploits/38676 http://archives.neohapsis.com/archives/bugtraq/2013-07/0161.html http://osvdb.org/95627 http://packetstormsecurity.com/files/122535/WordPress-Duplicator-0.4.4-Cross-Site-Scripting.html http://support.lifeinthegrid.com/knowledgebase.php?article=20 http://www.securityfocus.com/bid/61425 https://exchange.xforce.ibmcloud.com/vulnerabilities/85939 https://www.htbridge.com/advisory/HTB23162 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.2EPSS: 0%CPEs: 8EXPL: 0CVE-2013-5098 – Download Monitor < 3.3.6.2 - Cross-Site Scripting via sort Parameter
https://notcve.org/view.php?id=CVE-2013-5098
Cross-site scripting (XSS) vulnerability in admin/admin.php in the Download Monitor plugin before 3.3.6.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the sort parameter, a different vulnerability than CVE-2013-3262. Vulnerabilidad Cross-site scripting (XSS) en admin/admin.php en el plugin Download Monitor anterior a v3.3.6.2 para WordPress, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro “sort”, una vulnerabilidad diferente de CVE-2013-3262. • http://plugins.trac.wordpress.org/changeset/723187/download-monitor http://secunia.com/advisories/53116 http://www.securityfocus.com/bid/61407 https://exchange.xforce.ibmcloud.com/vulnerabilities/85921 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 8EXPL: 1CVE-2013-3262 – Download Monitor < 3.3.6.2 - Cross-Site Scripting via p Parameter
https://notcve.org/view.php?id=CVE-2013-3262
Cross-site scripting (XSS) vulnerability in admin/admin.php in the Download Monitor plugin before 3.3.6.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the p parameter. Vulnerabilidad Cross-site scripting (XSS) en admin/admin.php en el plugin Download Monitor anterior a v3.3.6.2 para WordPress, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro “p”. • http://plugins.trac.wordpress.org/changeset/723187/download-monitor http://secunia.com/advisories/53116 http://www.securityfocus.com/bid/61407 https://exchange.xforce.ibmcloud.com/vulnerabilities/85921 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2013-3491 – Sharebar <= 1.4.2 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2013-3491
Multiple cross-site request forgery (CSRF) vulnerabilities in the Sharebar plugin 1.2.5 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) add or (2) modify buttons, or (3) insert cross-site scripting (XSS) sequences. Múltiple vulnerabilidades CSRF (cross-site request forgery) en el plugin Sharebar v1.2.5 para WordPress permite a atacantes remotos secuentrar la autenticacion de administrador para solicitudes que (1) añaden o (2) modifican botones, o (3) insertar sencuencias XSS (cross-site scripting) Multiple cross-site request forgery (CSRF) vulnerabilities in the Sharebar plugin 1.4.2 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) add or (2) modify buttons, or (3) insert cross-site scripting (XSS) sequences. • http://secunia.com/advisories/52948 http://www.securityfocus.com/bid/60956 https://exchange.xforce.ibmcloud.com/vulnerabilities/85438 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-352: Cross-Site Request Forgery (CSRF) •