CVSS: 6.1EPSS: 0%CPEs: 105EXPL: 0CVE-2013-3261 – Album and Image Gallery with Lightbox – Flagallery Photo Portfolio < 2.72 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2013-3261
Cross-site scripting (XSS) vulnerability in wp-admin/admin.php in the GRAND FlAGallery plugin before 2.72 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter in a flag-manage-gallery action. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados en wp-admin/admin.php en el complemnto GRAND FlAGallery anteriores a v2.72 para WordPress permite a a atacantes remotos a inyectar secuencias de comandos Web o HTML a través del parámetro s en una acción flag-manage-gallery. • http://secunia.com/advisories/53111 http://wordpress.org/plugins/flash-album-gallery/changelog • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 11EXPL: 0CVE-2013-3479 – ShareThis <= 7.0.5 - Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-2013-3479
Cross-site request forgery (CSRF) vulnerability in the ShareThis plugin before 7.0.6 for WordPress allows remote attackers to hijack the authentication of administrators for requests that modify this plugin's settings. Vulnerabilidad CSRF (Cross-site request forgery) en el plugin ShareThis anterior a v7.0.6 para WordPress permite a atacantes remotos secuestrar la autenticación de los administradores para solicitudes que modifican la configuración de este plugin. • http://secunia.com/advisories/53135 http://wordpress.org/plugins/share-this/changelog • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0CVE-2013-3254 – WP Photo Album Plus < 5.0.3 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2013-3254
Cross-site scripting (XSS) vulnerability in wp-admin/admin.php in the WP Photo Album Plus plugin before 5.0.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the commentid parameter in a wppa_manage_comments edit action. Vulnerabilidad Cross-site scripting (XSS) en wp-admin/admin.php en el plugin WP Photo Album Plus anterior a v5.0.3 para WordPress permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro "commentid" en la acción de edición "wppa_manage_comments". • http://secunia.com/advisories/53105 http://wordpress.org/extend/plugins/wp-photo-album-plus/changelog • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 0%CPEs: 19EXPL: 0CVE-2013-2707 – Login With Ajax < 3.1 - Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-2013-2707
Cross-site request forgery (CSRF) vulnerability in the Login With Ajax plugin before 3.1 for WordPress allows remote attackers to hijack the authentication of arbitrary users for requests that modify this plugin's settings. Falsificación de petición en sitios cruzados (CSRF) en el plugin Login With Ajax anterior a v3.1 para WordPress permite a atacantes remotos secuestrar la autenticación de los usuarios arbitrarios de solicitudes que permiten modificar la configuración de este plugin. • http://secunia.com/advisories/52950 http://wordpress.org/extend/plugins/login-with-ajax/changelog • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.8EPSS: 0%CPEs: 127EXPL: 0CVE-2013-2702 – Easy Plugin for AdSense < 6.10 - Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-2013-2702
Cross-site request forgery (CSRF) vulnerability in the Easy AdSense Lite plugin before 6.10 for WordPress allows remote attackers to hijack the authentication of arbitrary users for requests that modify this plugin's settings. Vulnerabilidad CSRF en el plugin Easy AdSense Lite anterior 6.10 para WordPress, permite a atacantes remotos secuestrar la autenticación de los usuarios para peticiones que modifican los parámetros del plugin. • http://secunia.com/advisories/52953 • CWE-352: Cross-Site Request Forgery (CSRF) •