CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2012-5178 – Welcart e-Commerce < 1.2.2 - Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-2012-5178
Cross-site request forgery (CSRF) vulnerability in the Welcart plugin before 1.2.2 for WordPress allows remote attackers to hijack the authentication of arbitrary users for requests that complete a purchase. Una vulnerabilidad de falsificación de peticiones en sitios cruzados (CSRF) en el plugin Welcart v1.2.2 para WordPress permite a atacantes remotos secuestrar la autenticación de usuarios de su elección para solicitudes que completan una compra. • http://jvn.jp/en/jp/JVN53269985/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2012-000109 http://www.welcart.com/community/archives/4524 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.5EPSS: 1%CPEs: 30EXPL: 2CVE-2012-5469 – Portable phpMyAdmin <= 1.3.0 - Authentication Bypass
https://notcve.org/view.php?id=CVE-2012-5469
The Portable phpMyAdmin plugin before 1.3.1 for WordPress allows remote attackers to bypass authentication and obtain phpMyAdmin console access via a direct request to wp-content/plugins/portable-phpmyadmin/wp-pma-mod. El complemento phpMyAdmin Portable antes de v1.3.1 para WordPress permite a atacantes remotos evitar la autenticación y obtener acceso a la consola de phpMyAdmin a través de una solicitud directa al wp-content/plugins/portable-phpmyadmin/wp-pma-mod. The Portable phpMyAdmin plugin before 1.3.0 for WordPress allows remote attackers to bypass authentication and obtain phpMyAdmin console access via a direct request to wp-content/plugins/portable-phpmyadmin/wp-pma-mod. WordPress portable-phpMyAdmin plugin version 1.3.0 fails to validate the existing session allowing a user to navigate directly to the interface. • https://www.exploit-db.com/exploits/23356 http://archives.neohapsis.com/archives/bugtraq/2012-12/0092.html http://wordpress.org/extend/plugins/portable-phpmyadmin/changelog • CWE-264: Permissions, Privileges, and Access Controls CWE-287: Improper Authentication •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 1CVE-2012-6312 – Video Lead Form < 0.6 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2012-6312
Cross-site scripting (XSS) vulnerability in the Video Lead Form plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via the errMsg parameter in a video-lead-form action to wp-admin/admin.php. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en el complemento Video Lead Form para WordPress permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro errMsg en una acción video-lead-form a wp-admin/admin.php WordPress Video Lead Form plugin version 0.5 suffers from a cross site scripting vulnerability. • https://www.exploit-db.com/exploits/38066 http://archives.neohapsis.com/archives/bugtraq/2012-12/0060.html http://wordpress.org/extend/plugins/video-lead-form/changelog • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 1CVE-2012-6313 – Simple Gmail Login < 1.1.4 - Sensitive Information Disclosure
https://notcve.org/view.php?id=CVE-2012-6313
simple-gmail-login.php in the Simple Gmail Login plugin before 1.1.4 for WordPress allows remote attackers to obtain sensitive information via a request that lacks a timezone, leading to disclosure of the installation path in a stack trace. simple-gmail-login.php en el complemento Simple Gmail Login antes de v1.1.4 para WordPress permite a atacantes remotos obtener información sensible a través de una petición que carece de una zona horaria, lo que lleva a la divulgación de la ruta de instalación en una traza de pila. WordPress Simple Gmail Login plugin suffers from a stack trace error condition that can lead to full path disclosure. • https://www.exploit-db.com/exploits/38111 http://archives.neohapsis.com/archives/bugtraq/2012-12/0061.html http://wordpress.org/extend/plugins/simple-gmail-login/changelog • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 1%CPEs: 2EXPL: 4CVE-2011-4618 – Advanced Text Widget <= 2.0.1 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2011-4618
Cross-site scripting (XSS) vulnerability in advancedtext.php in Advanced Text Widget plugin before 2.0.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the page parameter. Vulnerabilidad Cross-site scripting (XSS) en advancedtext.php en el plugin Advanced Text Widget anterior a v2.0.2 para WordPress permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro "page". • https://www.exploit-db.com/exploits/36324 http://archives.neohapsis.com/archives/bugtraq/2012-04/0119.html http://plugins.trac.wordpress.org/changeset?reponame=&new=466102%40advanced-text-widget&old=465828%40advanced-text-widget http://wordpress.org/extend/plugins/advanced-text-widget/changelog http://wordpress.org/support/topic/wordpress-advanced-text-widget-plugin-cross-site-scripting-vulnerabilities http://www.openwall.com/lists/oss-security/2011/12/19/6 http://www.securityfocus.com/archive/1/520589 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •