CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 3CVE-2012-2917 – Share and Follow <= 1.80.3 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2012-2917
Cross-site scripting (XSS) vulnerability in the Share and Follow plugin 1.80.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the CDN API Key (cnd-key) in a share-and-follow-menu page to wp-admin/admin.php. Vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en el plugin Share and Follow v1.80.3 para Wordpress que permite a atacantes remotos inyectar código web or HTML arbitrario a través de CDN API Key (cnd-key) en una página de tipo share-and-follow-menu para wp-admin/admin.php. • https://www.exploit-db.com/exploits/37202 http://packetstormsecurity.org/files/112691/WordPress-Share-And-Follow-1.80.3-Cross-Site-Scripting.html http://www.securityfocus.com/bid/53533 https://exchange.xforce.ibmcloud.com/vulnerabilities/75616 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 15EXPL: 0CVE-2012-2759 – Login With Ajax <= 3.0.4 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2012-2759
Cross-site scripting (XSS) vulnerability in login-with-ajax.php in the Login With Ajax (aka login-with-ajax) plugin before 3.0.4.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the callback parameter in a lostpassword action to wp-login.php. Una vulnerabilidad de ejecución de comandos en sitios cruzados(XSS) en el plugin "Login With Ajax" (tambien conocido como login-with-ajax) antes de v3.0.4.1 para WordPress permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro 'callback' en una acción lostpassword a wp-login.php. • http://osvdb.org/81712 http://plugins.trac.wordpress.org/changeset/541069 http://wordpress.org/extend/plugins/login-with-ajax/changelog http://www.secureworks.com/research/advisories/SWRX-2012-003 http://www.securityfocus.com/bid/53423 https://exchange.xforce.ibmcloud.com/vulnerabilities/75470 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 23EXPL: 2CVE-2012-2916 – Sabre < 1.2.2 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2012-2916
Cross-site scripting (XSS) vulnerability in sabre_class_admin.php in the SABRE plugin before 2.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the active_option parameter to wp-admin/tools.php. vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en sabre_class_admin.php en el plugin SABRE anteriores a v2.1 para WordPress, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro active_option sobre wp-admin/tools.php. • http://packetstormsecurity.org/files/112692/WordPress-SABRE-1.2.0-Cross-Site-Scripting.html http://plugins.trac.wordpress.org/changeset?old_path=%2Fsabre&old=534490&new_path=%2Fsabre&new=534490 http://wordpress.org/extend/plugins/sabre/changelog http://www.securityfocus.com/bid/53528 https://exchange.xforce.ibmcloud.com/vulnerabilities/75615 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 2CVE-2012-2912 – LeagueManager <= 3.7 - Multiple Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2012-2912
Multiple cross-site scripting (XSS) vulnerabilities in the LeagueManager plugin 3.7 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) group parameter in the show-league page or (2) season parameter in the team page to wp-admin/admin.php. Múltiples vulnerabilidades de ejecución de comandos en sitios cruzados (XSS) en el plugin LeagueManager v3.7 para Wordpress que permite a atacantes remotos inyectar código web o html de su elección a través de (1) el parámetro group en la página show-league o (2) parámetro de sesión en la página team para wp-admin/admin.php. • http://packetstormsecurity.org/files/112698/WordPress-LeagueManager-3.7-Cross-Site-Scripting.html http://www.securityfocus.com/bid/53525 https://exchange.xforce.ibmcloud.com/vulnerabilities/75629 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 4CVE-2012-2913 – Leaflet Maps Marker (Google Maps, OpenStreetMap, Bing Maps) < 2.3.1 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2012-2913
Multiple cross-site scripting (XSS) vulnerabilities in the Leaflet plugin 0.0.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via the id parameter to (1) leaflet_layer.php or (2) leaflet_marker.php, as reachable through wp-admin/admin.php. Múltiples vulnerabilidades de ejecución de comandos en sitios cruzados(XSS) en el plugin Leaflet v0.0.1 para WordPress permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro id a (1) leaflet_layer.php o leaflet_marker.php (2), al cual se llega a través de wp-admin/admin.php. Multiple cross-site scripting (XSS) vulnerabilities in the Leaflet plugin before 2.3.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via the id parameter to (1) leaflet_layer.php or (2) leaflet_marker.php, as reachable through wp-admin/admin.php. • https://www.exploit-db.com/exploits/37191 https://www.exploit-db.com/exploits/37192 http://packetstormsecurity.org/files/112699/WordPress-Leaflet-0.0.1-Cross-Site-Scripting.html http://www.securityfocus.com/bid/53526 https://exchange.xforce.ibmcloud.com/vulnerabilities/75628 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •