CVSS: 6.1EPSS: 0%CPEs: 8EXPL: 0CVE-2012-2633 – WassUp Real Time Analytics < 1.8.3.1 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2012-2633
Cross-site scripting (XSS) vulnerability in wassup.php in the WassUp plugin before 1.8.3.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the User-Agent HTTP header. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el complemento WassUp anteriores a 1.8.3.1 de WordPress permite a atacantes remotos inyectar codigo de script web o código HTML de su elección a través de una cabecera HTTP User-Agent. • http://jvn.jp/en/jp/JVN15646988/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2012-000058 http://osvdb.org/82017 http://plugins.trac.wordpress.org/changeset?old_path=%2Fwassup&old=545369&new_path=%2Fwassup&new=545369 http://wordpress.org/extend/plugins/wassup/changelog http://www.wpwp.org/archives/wassup-1-8-3-1 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 20%CPEs: 3EXPL: 4CVE-2012-3574 – MM Forms Community <= 2.2.6 - Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2012-3574
Unrestricted file upload vulnerability in includes/doajaxfileupload.php in the MM Forms Community plugin 2.2.5 and 2.2.6 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in upload/temp. Vulnerabilidad de subida de fichero sin restricción en includes/doajaxfileupload.php del complemento MM Forms Community 2.2.5 y 2.2.6 de WordPress. Permite a usuarios remotos ejecutar código arbitrario subiendo un archivo con una extensión de ejecutable y, después, accediendo a él a través de una petición directa al fichero en upload/temp. • https://www.exploit-db.com/exploits/18997 http://secunia.com/advisories/49411 http://www.exploit-db.com/exploits/18997 http://www.opensyscom.fr/Actualites/wordpress-plugins-mm-forms-community-shell-upload-vulnerability.html http://www.securityfocus.com/bid/53852 https://exchange.xforce.ibmcloud.com/vulnerabilities/76133 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.8EPSS: 13%CPEs: 2EXPL: 4CVE-2012-3578 – FCChat Widget < 2.2.13.7 - Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2012-3578
Unrestricted file upload vulnerability in html/Upload.php in the FCChat Widget plugin 2.2.13.1 and earlier for WordPress allows remote attackers to execute arbitrary code by uploading a file with a file with an executable extension followed by a safe extension, then accessing it via a direct request to the file in html/images. Vulnerabilidad de carga de fichero sin restriciciones en html/Upload.php en el widget del plugin FCChat v2.2.13.1 y anteriores para Wordpress que permite a atacantes remotos ejecutar código de su elección mediante la subida de un archivo con un fichero con una extensión ejecutable seguido de una extensión segura, lo que provoca el acceso a través de una solicitud directa al archivo en html/images. Unrestricted file upload vulnerability in html/Upload.php in the FCChat Widget plugin 2.2.13.6 and earlier for WordPress allows remote attackers to execute arbitrary code by uploading a file with a file with an executable extension followed by a safe extension, then accessing it via a direct request to the file in html/images. • https://www.exploit-db.com/exploits/37370 http://packetstormsecurity.org/files/113323/WordPress-FCChat-Widget-2.x-Shell-Upload.html http://secunia.com/advisories/49419 http://www.opensyscom.fr/Actualites/wordpress-plugins-fcchat-widget-shell-upload-vulnerability.html http://www.securityfocus.com/bid/53855 https://exchange.xforce.ibmcloud.com/vulnerabilities/76123 • CWE-264: Permissions, Privileges, and Access Controls CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.8EPSS: 20%CPEs: 4EXPL: 4CVE-2012-3577 – Nmedia WordPress Member Conversation < 1.4 - Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2012-3577
Unrestricted file upload vulnerability in doupload.php in the Nmedia Member Conversation plugin before 1.4 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in wp-content/uploads/user_uploads. Vulnerabilidad de carba de archivo sin restricciones en doupload.php en el plugin Nmedia Member Conversation antes de v1.4 para WordPress que permite a atacantes remotos ejecutar código arbitrario mediante la subida de un archivo con una extensión ejecutable, para a continuación, acceder a través de una solicitud directa al archivo en wp-content/uploads/user_uploads. • https://www.exploit-db.com/exploits/37353 http://packetstormsecurity.org/files/113287/WordPress-Nmedia-WP-Member-Conversation-1.35.0-Shell-Upload.html http://secunia.com/advisories/49375 http://wordpress.org/extend/plugins/wordpress-member-private-conversation/changelog http://www.opensyscom.fr/Actualites/wordpress-plugins-nmedia-wordpress-member-conversation-shell-upload-vulnerability.html http://www.securityfocus.com/bid/53790 https://exchange.xforce.ibmcloud.com/vulnerabilities/76076 • CWE-264: Permissions, Privileges, and Access Controls CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 3CVE-2012-3588 – Plugin: Newsletter <= 1.5 - Arbitrary File Read
https://notcve.org/view.php?id=CVE-2012-3588
Directory traversal vulnerability in preview.php in the Plugin Newsletter plugin 1.5 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the data parameter. Vulnerabilidad de salto de directorio en preview.php en el complemento Plugin Newsletter v1.5 para WordPress, permite a atacantes remotos leer archivos de su elección a través de .. (punto punto) en el parámetro data. • https://www.exploit-db.com/exploits/19018 http://secunia.com/advisories/49464 http://www.exploit-db.com/exploits/19018 http://www.opensyscom.fr/Actualites/wordpress-plugins-plugin-newsletter-remote-file-disclosure-vulnerability.html https://exchange.xforce.ibmcloud.com/vulnerabilities/76171 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •