Page 70 of 660 results (0.010 seconds)

CVSS: 7.5EPSS: 90%CPEs: 19EXPL: 1

CVE-2012-4915 – Google Doc Embedder < 2.5.4 - Directory Traversal

https://notcve.org/view.php?id=CVE-2012-4915

Directory traversal vulnerability in the Google Doc Embedder plugin before 2.5.4 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter to libs/pdf.php. Vulnerabilidad de salto de directorio en el plugin Google Doc Embedder anterior a 2.5.4 para WordPress permite a atacantes remotos leer archivos arbitrarios a través de un .. (punto punto) en el parámetro file en libs/pdf.php. • https://www.exploit-db.com/exploits/23970 http://osvdb.org/88891 http://secunia.com/advisories/50832 http://www.securityfocus.com/bid/57133 https://exchange.xforce.ibmcloud.com/vulnerabilities/80930 http://web.archive.org/web/20130119141940/http://secunia.com/advisories/50832 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0

CVE-2013-0721 – WP PHP Widget <= 1.0.2 - Full Path Disclosure

https://notcve.org/view.php?id=CVE-2013-0721

wp-php-widget.php in the WP PHP widget plugin 1.0.2 for WordPress allows remote attackers to obtain sensitive information via a direct request, which reveals the full path in an error message. wp-php-widget.php en el plugin WP PHP widget v1.0.2 para WordPress permite a atacantes remotos obtener información sensible a través de una solicitud directa, lo que revela la ruta completa de un mensaje de error. • http://osvdb.org/ref/88/wp-php-widget.txt http://www.osvdb.org/88846 https://exchange.xforce.ibmcloud.com/vulnerabilities/80906 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 8.8EPSS: 0%CPEs: 46EXPL: 0

CVE-2013-0736 – Mingle Forum <= 1.0.34 - Cross-Site Request Forgery

https://notcve.org/view.php?id=CVE-2013-0736

Multiple cross-site request forgery (CSRF) vulnerabilities in the Mingle Forum plugin 1.0.34 and possibly earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) modify user privileges or (2) conduct cross-site scripting (XSS) attacks via unspecified vectors. Múltiples vulnerabilidades CSRF en el plugin Mingle Forum 1.0.34 y posiblemente versiones anteriores para WordPress permite a atacantes remotos secuestrar la autenticación de los administradores con peticiones que (1) modifiquen los privilegios del usuario o (2) llevan a cabo ataques XSS a través de vectores sin especificar. • http://osvdb.org/96905 http://secunia.com/advisories/47687 http://secunia.com/secunia_research/2013-6 http://www.securityfocus.com/bid/62133 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0

CVE-2012-5868 – WordPress Core < 4.0 - Missing Session Cookie Expiration

https://notcve.org/view.php?id=CVE-2012-5868

WordPress 3.4.2 does not invalidate a wordpress_sec session cookie upon an administrator's logout action, which makes it easier for remote attackers to discover valid session identifiers via a brute-force attack, or modify data via a replay attack. WordPress v3.4.2 no invalida una cookie de sesión wordpress_sec cookie en una acción de desconexió del administrador, lo que hace que sea más fácil para los atacantes remotos a la hora de descubrir identificadores de sesión válidos a través de un ataque de fuerza bruta, o modificar datos a través de un ataque de reproducción. WordPress Core before 4.0 does not invalidate a wordpress_sec session cookie upon an administrator's logout action, which makes it easier for remote attackers to discover valid session identifiers via a brute-force attack, or modify data via a replay attack. • http://whiteoaksecurity.com/blog/2012/12/17/cve-2012-5868-wordpress-342-sessions-not-terminated-upon-explicit-user-logout • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-613: Insufficient Session Expiration •

CVSS: 6.1EPSS: 0%CPEs: 5EXPL: 0

CVE-2012-5177 – Welcart e-Commerce < 1.2.2 - Cross-Site Scripting

https://notcve.org/view.php?id=CVE-2012-5177

Cross-site scripting (XSS) vulnerability in the Welcart plugin before 1.2.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Una vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en el plugin Welcart antes de v1.2.2 para WordPress permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores no especificados. • http://jvn.jp/en/jp/JVN18731696/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2012-000108 http://www.welcart.com/community/archives/4524 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •