CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 3CVE-2012-2371 – WP-FaceThumb < 0.2 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2012-2371
Cross-site scripting (XSS) vulnerability in index.php in the WP-FaceThumb plugin 0.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the pagination_wp_facethumb parameter. Una vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en index.php en el plugin WP-FaceThumb v0.1 para WordPress permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro pagination_wp_facethumb. • https://www.exploit-db.com/exploits/37155 http://packetstormsecurity.org/files/112658/WordPress-WP-FaceThumb-Gallery-0.1-Cross-Site-Scripting.html http://secunia.com/advisories/49143 http://wordpress.org/support/topic/plugin-wp-facethumb-reflected-xss-vulnerability-cwe-79 http://www.openwall.com/lists/oss-security/2012/05/15/12 http://www.openwall.com/lists/oss-security/2012/05/16/1 http://www.securityfocus.com/bid/53497 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 2CVE-2012-4268 – BulletProof Security < .47.1 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2012-4268
Cross-site scripting (XSS) vulnerability in bulletproof-security/admin/options.php in the BulletProof Security plugin before .47.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the HTTP_ACCEPT_ENCODING header. Una vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en bulletproof-security/admin/options.php en el complemento 'BulletProof Security' antes de v.47.1 para WordPress permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de la cabecera HTTP_ACCEPT_ENCODING. • http://packetstormsecurity.org/files/112618/WordPress-BulletProof-Security-Cross-Site-Scripting.html http://plugins.trac.wordpress.org/changeset?old_path=%2Fbulletproof-security&old=543044&new_path=%2Fbulletproof-security&new=543044 http://wordpress.org/extend/plugins/bulletproof-security/changelog http://www.securityfocus.com/bid/53478 https://exchange.xforce.ibmcloud.com/vulnerabilities/75522 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.2EPSS: 0%CPEs: 78EXPL: 2CVE-2012-4263 – iThemes Security < 3.2.5 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2012-4263
Cross-site scripting (XSS) vulnerability in inc/admin/content.php in the Better WP Security (better_wp_security) plugin before 3.2.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the HTTP_USER_AGENT header. Una vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en inc/admin/content.php en el plugin 'Better WP Security' (better_wp_security) para WordPress antes de v3.2.5 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de la cabecera HTTP_USER_AGENT. Cross-site scripting (XSS) vulnerability in inc/admin/content.php in the Better WP Security (iThemes) plugin before 3.2.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the HTTP_USER_AGENT header. • http://bit51.com/software/better-wp-security/changelog http://packetstormsecurity.org/files/112617/WordPress-Better-WP-Security-Cross-Site-Scripting.html http://plugins.trac.wordpress.org/changeset?old_path=%2Fbetter-wp-security&old=542852&new_path=%2Fbetter-wp-security&new=542852 http://www.securityfocus.com/bid/53480 https://exchange.xforce.ibmcloud.com/vulnerabilities/75523 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 39EXPL: 1CVE-2012-4272 – 2 Click Social Media Buttons <= 0.33 - Multiple Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2012-4272
Multiple cross-site scripting (XSS) vulnerabilities in the 2 Click Social Media Buttons plugin before 0.34 for WordPress allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the "processing of the buttons of Xing and Pinterest". Múltiples vulnerabilidades de ejecución de comandos en sitios cruzados (XSS) en el plugin '2 Click Social Media Buttons' antes de v0.34 para WordPress permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores no especificados relacionados con el "tratamiento de los botones de Xing y Pinterest". • http://plugins.trac.wordpress.org/changeset?old_path=%2F2-click-socialmedia-buttons&old=532798&new_path=%2F2-click-socialmedia-buttons&new=532798 http://wordpress.org/extend/plugins/2-click-socialmedia-buttons/changelog • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 39EXPL: 2CVE-2012-4273 – 2 Click Social Media Buttons < 0.34 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2012-4273
Cross-site scripting (XSS) vulnerability in libs/xing.php in the 2 Click Social Media Buttons plugin before 0.34 for WordPress allows remote attackers to inject arbitrary web script or HTML via the xing-url parameter. Una vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en libs/xing.php en el plugin '2 Click Social Media Buttons' antes de v0.34 para WordPress permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro xing-url. • http://packetstormsecurity.org/files/112615/WordPress-2-Click-Socialmedia-Buttons-Cross-Site-Scripting.html http://plugins.trac.wordpress.org/changeset?old_path=%2F2-click-socialmedia-buttons&old=532798&new_path=%2F2-click-socialmedia-buttons&new=532798 http://wordpress.org/extend/plugins/2-click-socialmedia-buttons/changelog https://exchange.xforce.ibmcloud.com/vulnerabilities/75518 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •