CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2012-6707 – WordPress Core - Informational - All known Versions - Weak Hashing Algorithm
https://notcve.org/view.php?id=CVE-2012-6707
WordPress through 4.8.2 uses a weak MD5-based password hashing algorithm, which makes it easier for attackers to determine cleartext values by leveraging access to the hash values. NOTE: the approach to changing this may not be fully compatible with certain use cases, such as migration of a WordPress site from a web host that uses a recent PHP version to a different web host that uses PHP 5.2. These use cases are plausible (but very unlikely) based on statistics showing widespread deployment of WordPress with obsolete PHP versions. WordPress hasta la versión 4.8.2 emplea un algoritmo débil de hash de contraseñas basado en MD5, lo que facilita que atacantes determinen valores en texto claro aprovechando el acceso a los valores hash. NOTA: la forma de cambiar esto puede no ser totalmente compatible con ciertos casos de uso, como la migración de un sitio de WordPress desde un host web que emplee una versión reciente de PHP a un host web diferente que emplee PHP 5.2. • https://core.trac.wordpress.org/ticket/21022 • CWE-261: Weak Encoding for Password CWE-326: Inadequate Encryption Strength •
CVSS: 10.0EPSS: 7%CPEs: 2EXPL: 3CVE-2012-3575 – RBX Gallery < 3.1 - Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2012-3575
Unrestricted file upload vulnerability in uploader.php in the RBX Gallery plugin 2.1 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in uploads/rbxslider. Vulnerabilidad de subida de fichero sin restricción en uploader.php del complemento RBX Gallery 2.1 de WordPress. Permite a usuarios remotos ejecutar código arbitrario subiendo un archivo con una extensión de ejecutable y, después, accediendo a él a través de una petición directa al fichero en uploads/rbxslider. Unrestricted file upload vulnerability in uploader.php in the RBX Gallery plugin before 3.1 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in uploads/rbxslider. • https://www.exploit-db.com/exploits/19019 http://secunia.com/advisories/49463 http://www.exploit-db.com/exploits/19019 http://www.opensyscom.fr/Actualites/wordpress-plugins-rbx-gallery-multiple-arbitrary-file-upload-vulnerability.html https://exchange.xforce.ibmcloud.com/vulnerabilities/76170 • CWE-264: Permissions, Privileges, and Access Controls CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.8EPSS: 20%CPEs: 3EXPL: 4CVE-2012-3574 – MM Forms Community <= 2.2.6 - Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2012-3574
Unrestricted file upload vulnerability in includes/doajaxfileupload.php in the MM Forms Community plugin 2.2.5 and 2.2.6 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in upload/temp. Vulnerabilidad de subida de fichero sin restricción en includes/doajaxfileupload.php del complemento MM Forms Community 2.2.5 y 2.2.6 de WordPress. Permite a usuarios remotos ejecutar código arbitrario subiendo un archivo con una extensión de ejecutable y, después, accediendo a él a través de una petición directa al fichero en upload/temp. • https://www.exploit-db.com/exploits/18997 http://secunia.com/advisories/49411 http://www.exploit-db.com/exploits/18997 http://www.opensyscom.fr/Actualites/wordpress-plugins-mm-forms-community-shell-upload-vulnerability.html http://www.securityfocus.com/bid/53852 https://exchange.xforce.ibmcloud.com/vulnerabilities/76133 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.8EPSS: 13%CPEs: 2EXPL: 4CVE-2012-3578 – FCChat Widget < 2.2.13.7 - Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2012-3578
Unrestricted file upload vulnerability in html/Upload.php in the FCChat Widget plugin 2.2.13.1 and earlier for WordPress allows remote attackers to execute arbitrary code by uploading a file with a file with an executable extension followed by a safe extension, then accessing it via a direct request to the file in html/images. Vulnerabilidad de carga de fichero sin restriciciones en html/Upload.php en el widget del plugin FCChat v2.2.13.1 y anteriores para Wordpress que permite a atacantes remotos ejecutar código de su elección mediante la subida de un archivo con un fichero con una extensión ejecutable seguido de una extensión segura, lo que provoca el acceso a través de una solicitud directa al archivo en html/images. Unrestricted file upload vulnerability in html/Upload.php in the FCChat Widget plugin 2.2.13.6 and earlier for WordPress allows remote attackers to execute arbitrary code by uploading a file with a file with an executable extension followed by a safe extension, then accessing it via a direct request to the file in html/images. • https://www.exploit-db.com/exploits/37370 http://packetstormsecurity.org/files/113323/WordPress-FCChat-Widget-2.x-Shell-Upload.html http://secunia.com/advisories/49419 http://www.opensyscom.fr/Actualites/wordpress-plugins-fcchat-widget-shell-upload-vulnerability.html http://www.securityfocus.com/bid/53855 https://exchange.xforce.ibmcloud.com/vulnerabilities/76123 • CWE-264: Permissions, Privileges, and Access Controls CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.8EPSS: 20%CPEs: 4EXPL: 4CVE-2012-3577 – Nmedia WordPress Member Conversation < 1.4 - Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2012-3577
Unrestricted file upload vulnerability in doupload.php in the Nmedia Member Conversation plugin before 1.4 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in wp-content/uploads/user_uploads. Vulnerabilidad de carba de archivo sin restricciones en doupload.php en el plugin Nmedia Member Conversation antes de v1.4 para WordPress que permite a atacantes remotos ejecutar código arbitrario mediante la subida de un archivo con una extensión ejecutable, para a continuación, acceder a través de una solicitud directa al archivo en wp-content/uploads/user_uploads. • https://www.exploit-db.com/exploits/37353 http://packetstormsecurity.org/files/113287/WordPress-Nmedia-WP-Member-Conversation-1.35.0-Shell-Upload.html http://secunia.com/advisories/49375 http://wordpress.org/extend/plugins/wordpress-member-private-conversation/changelog http://www.opensyscom.fr/Actualites/wordpress-plugins-nmedia-wordpress-member-conversation-shell-upload-vulnerability.html http://www.securityfocus.com/bid/53790 https://exchange.xforce.ibmcloud.com/vulnerabilities/76076 • CWE-264: Permissions, Privileges, and Access Controls CWE-434: Unrestricted Upload of File with Dangerous Type •