CVSS: 7.6EPSS: 0%CPEs: 10EXPL: 0CVE-2013-2703 – Facebook Members < 5.0.5 - Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-2013-2703
Cross-site request forgery (CSRF) vulnerability in the Facebook Members plugin before 5.0.5 for WordPress allows remote attackers to hijack the authentication of administrators for requests that modify this plugin's settings. Vulnerabilidad CSRF en el plugin Facebook Members anterior a 5.0.5 para WordPress, permite a atacantes remotos secuestrar la autenticación de los administradores para peticiones que modifican los parámetros del plugin. • http://secunia.com/advisories/52962 http://wordpress.org/extend/plugins/facebook-members/changelog • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2013-2696 – WP Webmaster < 8.2.4 - Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-2013-2696
Cross-site request forgery (CSRF) vulnerability in the All in One Webmaster plugin before 8.2.4 for WordPress allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences. Falsificación de petición en sitios cruzados (CSRF) en el complemento All in One Webmaster antes de v8.2.4 para WordPress permite a atacantes remotos secuestrar la autenticación de las víctimas a través de vectores no especificados desconocidos. • http://secunia.com/advisories/52877 http://wordpress.org/extend/plugins/all-in-one-webmaster/changelog • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2013-2709 – FourSquare Checkins < 1.3 - Cross-Site Request Forgery to Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2013-2709
Cross-site request forgery (CSRF) vulnerability in the FourSquare Checkins plugin before 1.3 for WordPress allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences. Múltiples vulnerabilidades de falsificación de petición en sitios cruzados (CSRF) en el pluging FourSquare Checkins anterior a v1.3 para WordPress, permite a atacantes remotos secuestrar la autenticación de los administradores para las peticiones de secuencias XSS. • http://secunia.com/advisories/53151 http://wordpress.org/extend/plugins/foursquare-checkins/changelog • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 5CVE-2013-3532 – SpiderVPlayer <= 2.1 - SQL Injection
https://notcve.org/view.php?id=CVE-2013-3532
SQL injection vulnerability in settings.php in the Web Dorado Spider Video Player plugin 2.1 for WordPress allows remote attackers to execute arbitrary SQL commands via the theme parameter. Vulnerabilidad de inyección SQL en settings.php del plugin Web Dorado Spider Video Player v2.1 para Drupal permite a atacantes remotos ejecutar comandos SQL de su elección mediante el parámetro "theme". • https://www.exploit-db.com/exploits/38458 http://osvdb.org/92264 http://packetstormsecurity.com/files/121250/WordPress-Spider-Video-Player-2.1-SQL-Injection.html http://packetstormsecurity.com/files/128851/WordPress-HTML5-Flash-Player-SQL-Injection.html http://www.securityfocus.com/bid/59021 http://www.securityfocus.com/bid/70763 https://exchange.xforce.ibmcloud.com/vulnerabilities/83374 https://exchange.xforce.ibmcloud.com/vulnerabilities/98332 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 3CVE-2013-3530 – Spiffy XSPF Player <= 0.1 - SQL Injection
https://notcve.org/view.php?id=CVE-2013-3530
SQL injection vulnerability in playlist.php in the Spiffy XSPF Player plugin 0.1 for WordPress allows remote attackers to execute arbitrary SQL commands via the playlist_id parameter. Vulnerabilidad de inyección SQL en playlist.php del plugin Spiffy XSPF Player v0.1 para WordPress permite a atacantes remotos ejecutar comandos SQL de su elección mediante el parámetro "playlist_id". • https://www.exploit-db.com/exploits/38441 http://osvdb.org/92258 http://packetstormsecurity.com/files/121204/WordPress-Spiffy-XSPF-Player-0.1-SQL-Injection.html http://www.securityfocus.com/bid/58976 https://exchange.xforce.ibmcloud.com/vulnerabilities/83345 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •