CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 1CVE-2012-6312 – Video Lead Form < 0.6 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2012-6312
Cross-site scripting (XSS) vulnerability in the Video Lead Form plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via the errMsg parameter in a video-lead-form action to wp-admin/admin.php. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en el complemento Video Lead Form para WordPress permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro errMsg en una acción video-lead-form a wp-admin/admin.php WordPress Video Lead Form plugin version 0.5 suffers from a cross site scripting vulnerability. • https://www.exploit-db.com/exploits/38066 http://archives.neohapsis.com/archives/bugtraq/2012-12/0060.html http://wordpress.org/extend/plugins/video-lead-form/changelog • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 1CVE-2012-6313 – Simple Gmail Login < 1.1.4 - Sensitive Information Disclosure
https://notcve.org/view.php?id=CVE-2012-6313
simple-gmail-login.php in the Simple Gmail Login plugin before 1.1.4 for WordPress allows remote attackers to obtain sensitive information via a request that lacks a timezone, leading to disclosure of the installation path in a stack trace. simple-gmail-login.php en el complemento Simple Gmail Login antes de v1.1.4 para WordPress permite a atacantes remotos obtener información sensible a través de una petición que carece de una zona horaria, lo que lleva a la divulgación de la ruta de instalación en una traza de pila. WordPress Simple Gmail Login plugin suffers from a stack trace error condition that can lead to full path disclosure. • https://www.exploit-db.com/exploits/38111 http://archives.neohapsis.com/archives/bugtraq/2012-12/0061.html http://wordpress.org/extend/plugins/simple-gmail-login/changelog • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 1%CPEs: 2EXPL: 4CVE-2011-4618 – Advanced Text Widget <= 2.0.1 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2011-4618
Cross-site scripting (XSS) vulnerability in advancedtext.php in Advanced Text Widget plugin before 2.0.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the page parameter. Vulnerabilidad Cross-site scripting (XSS) en advancedtext.php en el plugin Advanced Text Widget anterior a v2.0.2 para WordPress permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro "page". • https://www.exploit-db.com/exploits/36324 http://archives.neohapsis.com/archives/bugtraq/2012-04/0119.html http://plugins.trac.wordpress.org/changeset?reponame=&new=466102%40advanced-text-widget&old=465828%40advanced-text-widget http://wordpress.org/extend/plugins/advanced-text-widget/changelog http://wordpress.org/support/topic/wordpress-advanced-text-widget-plugin-cross-site-scripting-vulnerabilities http://www.openwall.com/lists/oss-security/2011/12/19/6 http://www.securityfocus.com/archive/1/520589 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2012-5856 – Uk Cookie <= 1.1 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2012-5856
Cross-site scripting (XSS) vulnerability in the Uk Cookie (aka uk-cookie) plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilida de ejecución de secuencias de comandos en sitios cruzados (XSS) en el complemento Uk Cookie (alias uk-cookie) para WordPress, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores no especificados. The WordPress UK Cookie third party plugin suffers from a cross site scripting vulnerability. • http://packetstormsecurity.org/files/118053/WordPress-UK-Cookie-Cross-Site-Scripting.html http://www.securityfocus.com/bid/56509 https://exchange.xforce.ibmcloud.com/vulnerabilities/80047 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 1%CPEs: 23EXPL: 4CVE-2012-3414 – SWFUpload <= 2.2.0.1 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2012-3414
Cross-site scripting (XSS) vulnerability in swfupload.swf in SWFUpload 2.2.0.1 and earlier, as used in WordPress before 3.3.2, TinyMCE Image Manager 1.1, and other products, allows remote attackers to inject arbitrary web script or HTML via the movieName parameter, related to the "ExternalInterface.call" function. Vulnerabilidad XSS (cross-site scripting) en swfupload.swf en SWFUpload v2.2.0.10 y anteriores, tal y como se utilizaba en Wordpress anterior a v3.3.2, TinyMCE Image Manager v1.1, y otros productos, permite a atacantes remotos inyectar web scripts arbitrarios o HTML mediante el parámetro movieName, relacionado con la función "ExternalInterface.call" Dotclear, InstantCMS, AionWeb, and Dolphin all include a version of swfupload.swf that suffers from a cross site scripting vulnerability. • https://www.exploit-db.com/exploits/37470 http://bot24.blogspot.ca/2013/04/swfupload-object-injectioncsrf.html http://code.google.com/p/swfupload/issues/detail?id=376 http://make.wordpress.org/core/2013/06/21/secure-swfupload http://packetstormsecurity.com/files/122399/TinyMCE-Image-Manager-1.1-Cross-Site-Scripting.html http://www.openwall.com/lists/oss-security/2012/07/16/4 http://www.openwall.com/lists/oss-security/2012/07/17/12 http://www.securityfocus.com/bid/54245 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •