Page 65 of 701 results (0.007 seconds)

CVSS: 5.3EPSS: 2%CPEs: 1EXPL: 1

wp-includes/class-phpass.php in WordPress 3.5.1, when a password-protected post exists, allows remote attackers to cause a denial of service (CPU consumption) via a crafted value of a certain wp-postpass cookie. wp-includes/class-phpass.php en WordPress v3.5.1, cuando un password protegido existe, permite a atacantes remotos causar una denegación de servicio (consumo de CPU) mediante una valor especialmente diseñado para cierto cookie wp-postpass. • http://archives.neohapsis.com/archives/bugtraq/2013-06/0052.html http://codex.wordpress.org/Version_3.5.2 http://openwall.com/lists/oss-security/2013/06/12/2 http://wordpress.org/news/2013/06/wordpress-3-5-2 http://www.debian.org/security/2013/dsa-2718 https://github.com/wpscanteam/wpscan/issues/219 https://vndh.net/note:wordpress-351-denial-service • CWE-310: Cryptographic Issues CWE-400: Uncontrolled Resource Consumption •

CVSS: 6.8EPSS: 0%CPEs: 8EXPL: 0

Cross-site request forgery (CSRF) vulnerability in the WP Maintenance Mode plugin before 1.8.8 for WordPress allows remote attackers to hijack the authentication of arbitrary users for requests that modify this plugin's settings. Múltiples vulnerabilidades de falsificación de petición en sitios cruzados (CSRF) en el plugin WP Maintenance Mode anterior a v1.8.8 para WordPress , permite a atacantes remotos secuestrar la autenticación de los usuarios para solicitudes que modifican la configuración de los plugins. • http://secunia.com/advisories/53125 http://wordpress.org/plugins/wp-maintenance-mode/changelog • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 6.1EPSS: 0%CPEs: 105EXPL: 0

Cross-site scripting (XSS) vulnerability in wp-admin/admin.php in the GRAND FlAGallery plugin before 2.72 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter in a flag-manage-gallery action. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados en wp-admin/admin.php en el complemnto GRAND FlAGallery anteriores a v2.72 para WordPress permite a a atacantes remotos a inyectar secuencias de comandos Web o HTML a través del parámetro s en una acción flag-manage-gallery. • http://secunia.com/advisories/53111 http://wordpress.org/plugins/flash-album-gallery/changelog • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

A vulnerability was found in dd32 Debug Bar Plugin up to 0.8 on WordPress. It has been declared as problematic. Affected by this vulnerability is the function render of the file panels/class-debug-bar-queries.php. The manipulation leads to cross site scripting. The attack can be launched remotely. • https://github.com/dd32/debug-bar/commit/0842af8f8a556bc3e39b9ef758173b0a8a9ccbfc https://github.com/dd32/debug-bar/releases/tag/0.8.1 https://vuldb.com/?ctiid.222739 https://vuldb.com/?id.222739 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 8.8EPSS: 0%CPEs: 11EXPL: 0

Cross-site request forgery (CSRF) vulnerability in the ShareThis plugin before 7.0.6 for WordPress allows remote attackers to hijack the authentication of administrators for requests that modify this plugin's settings. Vulnerabilidad CSRF (Cross-site request forgery) en el plugin ShareThis anterior a v7.0.6 para WordPress permite a atacantes remotos secuestrar la autenticación de los administradores para solicitudes que modifican la configuración de este plugin. • http://secunia.com/advisories/53135 http://wordpress.org/plugins/share-this/changelog • CWE-352: Cross-Site Request Forgery (CSRF) •