CVSS: 9.8EPSS: 2%CPEs: 7EXPL: 1CVE-2012-0934 – Theme Tuner < 0.8 - Remote File Inclusion
https://notcve.org/view.php?id=CVE-2012-0934
PHP remote file inclusion vulnerability in ajax/savetag.php in the Theme Tuner plugin for WordPress before 0.8 allows remote attackers to execute arbitrary PHP code via a URL in the tt-abspath parameter. Una vulnerabilidad de inclusión de archivo PHP remoto en ajax/savetag.php en el plugin 'Theme Tuner' para Wordpress antes de v0.8 permite a atacantes remotos ejecutar código PHP de su elección a través de una URL en el parámetro TT-abspath. • http://plugins.trac.wordpress.org/changeset/492167/theme-tuner#file2 http://secunia.com/advisories/47722 http://spareclockcycles.org/2011/09/18/exploitring-the-wordpress-extension-repos http://wordpress.org/extend/plugins/theme-tuner/changelog http://www.securityfocus.com/bid/51636 https://exchange.xforce.ibmcloud.com/vulnerabilities/72626 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 9.8EPSS: 3%CPEs: 2EXPL: 3CVE-2012-1011 – AllWebMenus WordPress Menu Plugin <= 1.1.8 - Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2012-1011
actions.php in the AllWebMenus plugin 1.1.8 for WordPress allows remote attackers to bypass intended access restrictions to upload and execute arbitrary PHP code by setting the HTTP_REFERER to a certain value, then uploading a ZIP file containing a PHP file, then accessing it via a direct request to the file in an unspecified directory. actions.php en el complemento AllWebMenus v1.1.8 para WordPress, permite a atacantes remotos evitar restricciones de acceso intencionadas para subir y ejecutar código PHP de su elección estableciendo el HTTP_REFERER a un determinado valor, subiendo un archivo ZIP que contenga el archivo PHP y accediendo a este a través de una petición directa al archivo en un directorio no especificado. The "AllWebMenus WordPress Menu Plugin" plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the actions.php file in versions up to, and including, 1.1.8. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected sites server which may make remote code execution possible. In versions 1.1.8, it's required to set the HTTP_REFERER to a certain value in order to bypass the referer protection added in v1.1.8. • https://www.exploit-db.com/exploits/18407 http://archives.neohapsis.com/archives/bugtraq/2012-01/0137.html http://secunia.com/advisories/47659 http://wordpress.org/extend/plugins/allwebmenus-wordpress-menu-plugin/changelog http://www.exploit-db.com/exploits/18407 http://www.securityfocus.com/bid/51615 https://exchange.xforce.ibmcloud.com/vulnerabilities/72640 • CWE-264: Permissions, Privileges, and Access Controls CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 5CVE-2012-0895 – Count per Day <= 3.1 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2012-0895
Cross-site scripting (XSS) vulnerability in map/map.php in the Count Per Day module before 3.1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the map parameter. Vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en el map/map.php en el módulo "Count Per Day" de Wordpress antes de su versión v3.1.1, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro 'map'. The Count per Day plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘map’ parameter in versions up to, and including, 3.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. • https://www.exploit-db.com/exploits/18355 http://osvdb.org/78271 http://packetstormsecurity.org/files/108631/countperday-downloadxss.txt http://plugins.trac.wordpress.org/changeset/488883/count-per-day http://secunia.com/advisories/47529 http://wordpress.org/extend/plugins/count-per-day/changelog http://www.exploit-db.com/exploits/18355 http://www.securityfocus.com/bid/51402 https://exchange.xforce.ibmcloud.com/vulnerabilities/72384 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 1%CPEs: 23EXPL: 3CVE-2012-1010 – AllWebMenus WordPress Menu Plugin < 1.1.9 - Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2012-1010
Unrestricted file upload vulnerability in actions.php in the AllWebMenus plugin before 1.1.8 for WordPress allows remote attackers to execute arbitrary PHP code by uploading a ZIP file containing a PHP file, then accessing it via a direct request to the file in an unspecified directory. Subida de ficheros sin restricción en actions.php en el complemento AllWebMenus antes de v1.1.8 para WordPress, permite a atacantes remotos ejecutar código PHP de su elección subiendo un archivo ZIP que contenga el archivo PHP y accediendo a este a través de una petición directa al archivo en un directorio no especificado. Unrestricted file upload vulnerability in actions.php in the AllWebMenus plugin before 1.1.9 for WordPress allows remote attackers to execute arbitrary PHP code by uploading a ZIP file containing a PHP file, then accessing it via a direct request to the file in an unspecified directory. • https://www.exploit-db.com/exploits/18407 http://archives.neohapsis.com/archives/bugtraq/2012-01/0137.html http://secunia.com/advisories/47659 http://wordpress.org/extend/plugins/allwebmenus-wordpress-menu-plugin/changelog http://www.exploit-db.com/exploits/18407 http://www.securityfocus.com/bid/51615 https://exchange.xforce.ibmcloud.com/vulnerabilities/72640 • CWE-20: Improper Input Validation CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 6.1EPSS: 0%CPEs: 53EXPL: 1CVE-2012-6527 – My Calendar < 1.10.5 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2012-6527
Cross-site scripting (XSS) vulnerability in the My Calendar plugin before 1.10.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. Cross-site scripting (XSS) en el plug-in My Calendar antes de v1.10.2 para WordPress permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del PATH_INFO. Cross-site scripting (XSS) vulnerability in the My Calendar plugin before 1.10.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. • http://plugins.trac.wordpress.org/changeset/490070/my-calendar http://secunia.com/advisories/47579 http://wordpress.org/extend/plugins/my-calendar/changelog http://www.securityfocus.com/bid/51539 https://exchange.xforce.ibmcloud.com/vulnerabilities/72454 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •