CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2012-5856 – Uk Cookie <= 1.1 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2012-5856
Cross-site scripting (XSS) vulnerability in the Uk Cookie (aka uk-cookie) plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilida de ejecución de secuencias de comandos en sitios cruzados (XSS) en el complemento Uk Cookie (alias uk-cookie) para WordPress, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores no especificados. The WordPress UK Cookie third party plugin suffers from a cross site scripting vulnerability. • http://packetstormsecurity.org/files/118053/WordPress-UK-Cookie-Cross-Site-Scripting.html http://www.securityfocus.com/bid/56509 https://exchange.xforce.ibmcloud.com/vulnerabilities/80047 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 1%CPEs: 23EXPL: 4CVE-2012-3414 – SWFUpload <= 2.2.0.1 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2012-3414
Cross-site scripting (XSS) vulnerability in swfupload.swf in SWFUpload 2.2.0.1 and earlier, as used in WordPress before 3.3.2, TinyMCE Image Manager 1.1, and other products, allows remote attackers to inject arbitrary web script or HTML via the movieName parameter, related to the "ExternalInterface.call" function. Vulnerabilidad XSS (cross-site scripting) en swfupload.swf en SWFUpload v2.2.0.10 y anteriores, tal y como se utilizaba en Wordpress anterior a v3.3.2, TinyMCE Image Manager v1.1, y otros productos, permite a atacantes remotos inyectar web scripts arbitrarios o HTML mediante el parámetro movieName, relacionado con la función "ExternalInterface.call" Dotclear, InstantCMS, AionWeb, and Dolphin all include a version of swfupload.swf that suffers from a cross site scripting vulnerability. • https://www.exploit-db.com/exploits/37470 http://bot24.blogspot.ca/2013/04/swfupload-object-injectioncsrf.html http://code.google.com/p/swfupload/issues/detail?id=376 http://make.wordpress.org/core/2013/06/21/secure-swfupload http://packetstormsecurity.com/files/122399/TinyMCE-Image-Manager-1.1-Cross-Site-Scripting.html http://www.openwall.com/lists/oss-security/2012/07/16/4 http://www.openwall.com/lists/oss-security/2012/07/17/12 http://www.securityfocus.com/bid/54245 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 2CVE-2012-5388 – White Label CMS < 1.5.1 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2012-5388
Cross-site scripting (XSS) vulnerability in wlcms-plugin.php in the White Label CMS plugin 1.5 for WordPress allows remote authenticated administrators to inject arbitrary web script or HTML via the wlcms_o_developer_name parameter in a save action to wp-admin/admin.php, a related issue to CVE-2012-5387. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en wlcms-plugin.php en el plugin White Label CMS v1.5 para WordPress, permite a usuarios remotor atuenticados a inyectar secuencias de comandos web o HTML a través del parámetro wlcms_o_developer_name en una acción save sobre wp-admin/admin.php, está relacionado con CVE-2012-5387. White Label CMS version 1.5 suffers from cross site request forgery and cross site scripting vulnerabilities. • https://www.exploit-db.com/exploits/22156 http://packetstormsecurity.org/files/117590/White-Label-CMS-1.5-Cross-Site-Request-Forgery-Cross-Site-Scripting.html http://wordpress.org/extend/plugins/white-label-cms/changelog http://www.exploit-db.com/exploits/22156 http://www.securityfocus.com/bid/56166 https://exchange.xforce.ibmcloud.com/vulnerabilities/79522 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.1EPSS: 0%CPEs: 17EXPL: 2CVE-2012-5387 – White Label CMS < 1.5.1 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2012-5387
Cross-site request forgery (CSRF) vulnerability in wlcms-plugin.php in the White Label CMS plugin before 1.5.1 for WordPress allows remote attackers to hijack the authentication of administrators for requests that modify the developer name via the wlcms_o_developer_name parameter in a save action to wp-admin/admin.php, as demonstrated by a developer name containing XSS sequences. Múltiples vulnerabilidades de falsificación de petición en sitios cruzados (CSRF) en wlcms-plugin.php en el plugin White Label CMS anteriores a v1.5.1 para WordPress, permite a atacantes remotos secuestrar la autenticación de los administradores para peticiones que piden que modifique el nombre del desarrollador a través del parámetro wlcms_o_developer_name en una acción save sobre wp-admin/admin.php, como se demostró por el nombre de desarrollador que contiene secuencias XSS. White Label CMS version 1.5 suffers from cross site request forgery and cross site scripting vulnerabilities. • https://www.exploit-db.com/exploits/22156 http://osvdb.org/86568 http://packetstormsecurity.org/files/117590/White-Label-CMS-1.5-Cross-Site-Request-Forgery-Cross-Site-Scripting.html http://wordpress.org/extend/plugins/white-label-cms/changelog http://www.exploit-db.com/exploits/22156 http://www.securityfocus.com/bid/56166 https://exchange.xforce.ibmcloud.com/vulnerabilities/79520 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.8EPSS: 0%CPEs: 44EXPL: 1CVE-2012-5327 – Mingle Forum <= 1.0.32.1 - SQL Injection
https://notcve.org/view.php?id=CVE-2012-5327
Multiple SQL injection vulnerabilities in fs-admin/fs-admin.php in the Mingle Forum plugin 1.0.32.1 and other versions before 1.0.33 for WordPress allow remote authenticated users to execute arbitrary SQL commands via the (1) delete_usrgrp[] parameter in a delete_usergroups action, (2) usergroup parameter in an add_user_togroup action, or (3) add_forum_group_id parameter in an add_forum_submit action. Múltiples vulnerabilidades de inyección SQL en el complemento Mingle Forum v1.0.32.1 y otras versiones antes de v1.0.33 para WordPress podría permitir a usuarios remotos autenticados ejecutar comandos SQL a través de el parámetro(1) delete_usrgrp[] en una acción delete_usergroups, el parámetro (2) usergroup en una acción add_user_togroup, o el parámetro (3) add_forum_group_id en una acción add_forum_submit. • http://packetstormsecurity.org/files/view/108915/wpmingleforum-sqlxss.txt http://plugins.trac.wordpress.org/changeset?reponame=&new=492859%40mingle-forum&old=487353%40mingle-forum http://wordpress.org/extend/plugins/mingle-forum/changelog https://exchange.xforce.ibmcloud.com/vulnerabilities/72641 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •