NotCVE - vendor:"WordPress"

Page 72 of 701 results (0.006 seconds)

CVSS: 8.8EPSS: 0%CPEs: 46EXPL: 0

CVE-2013-0736 – Mingle Forum <= 1.0.34 - Cross-Site Request Forgery

https://notcve.org/view.php?id=CVE-2013-0736

Multiple cross-site request forgery (CSRF) vulnerabilities in the Mingle Forum plugin 1.0.34 and possibly earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) modify user privileges or (2) conduct cross-site scripting (XSS) attacks via unspecified vectors. Múltiples vulnerabilidades CSRF en el plugin Mingle Forum 1.0.34 y posiblemente versiones anteriores para WordPress permite a atacantes remotos secuestrar la autenticación de los administradores con peticiones que (1) modifiquen los privilegios del usuario o (2) llevan a cabo ataques XSS a través de vectores sin especificar. • http://osvdb.org/96905 http://secunia.com/advisories/47687 http://secunia.com/secunia_research/2013-6 http://www.securityfocus.com/bid/62133 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0

CVE-2012-5868 – WordPress Core < 4.0 - Missing Session Cookie Expiration

https://notcve.org/view.php?id=CVE-2012-5868

WordPress 3.4.2 does not invalidate a wordpress_sec session cookie upon an administrator's logout action, which makes it easier for remote attackers to discover valid session identifiers via a brute-force attack, or modify data via a replay attack. WordPress v3.4.2 no invalida una cookie de sesión wordpress_sec cookie en una acción de desconexió del administrador, lo que hace que sea más fácil para los atacantes remotos a la hora de descubrir identificadores de sesión válidos a través de un ataque de fuerza bruta, o modificar datos a través de un ataque de reproducción. WordPress Core before 4.0 does not invalidate a wordpress_sec session cookie upon an administrator's logout action, which makes it easier for remote attackers to discover valid session identifiers via a brute-force attack, or modify data via a replay attack. • http://whiteoaksecurity.com/blog/2012/12/17/cve-2012-5868-wordpress-342-sessions-not-terminated-upon-explicit-user-logout • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-613: Insufficient Session Expiration •

CVSS: 6.1EPSS: 0%CPEs: 5EXPL: 0

CVE-2012-5177 – Welcart e-Commerce < 1.2.2 - Cross-Site Scripting

https://notcve.org/view.php?id=CVE-2012-5177

Cross-site scripting (XSS) vulnerability in the Welcart plugin before 1.2.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Una vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en el plugin Welcart antes de v1.2.2 para WordPress permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores no especificados. • http://jvn.jp/en/jp/JVN18731696/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2012-000108 http://www.welcart.com/community/archives/4524 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0

CVE-2012-5178 – Welcart e-Commerce < 1.2.2 - Cross-Site Request Forgery

https://notcve.org/view.php?id=CVE-2012-5178

Cross-site request forgery (CSRF) vulnerability in the Welcart plugin before 1.2.2 for WordPress allows remote attackers to hijack the authentication of arbitrary users for requests that complete a purchase. Una vulnerabilidad de falsificación de peticiones en sitios cruzados (CSRF) en el plugin Welcart v1.2.2 para WordPress permite a atacantes remotos secuestrar la autenticación de usuarios de su elección para solicitudes que completan una compra. • http://jvn.jp/en/jp/JVN53269985/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2012-000109 http://www.welcart.com/community/archives/4524 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 7.5EPSS: 1%CPEs: 30EXPL: 2

CVE-2012-5469 – Portable phpMyAdmin <= 1.3.0 - Authentication Bypass

https://notcve.org/view.php?id=CVE-2012-5469

The Portable phpMyAdmin plugin before 1.3.1 for WordPress allows remote attackers to bypass authentication and obtain phpMyAdmin console access via a direct request to wp-content/plugins/portable-phpmyadmin/wp-pma-mod. El complemento phpMyAdmin Portable antes de v1.3.1 para WordPress permite a atacantes remotos evitar la autenticación y obtener acceso a la consola de phpMyAdmin a través de una solicitud directa al wp-content/plugins/portable-phpmyadmin/wp-pma-mod. The Portable phpMyAdmin plugin before 1.3.0 for WordPress allows remote attackers to bypass authentication and obtain phpMyAdmin console access via a direct request to wp-content/plugins/portable-phpmyadmin/wp-pma-mod. WordPress portable-phpMyAdmin plugin version 1.3.0 fails to validate the existing session allowing a user to navigate directly to the interface. • https://www.exploit-db.com/exploits/23356 http://archives.neohapsis.com/archives/bugtraq/2012-12/0092.html http://wordpress.org/extend/plugins/portable-phpmyadmin/changelog • CWE-264: Permissions, Privileges, and Access Controls CWE-287: Improper Authentication •

1...70 71 72 73 74