CVSS: 5.4EPSS: 0%CPEs: 3EXPL: 1CVE-2012-5325 – Shortcode Redirect <= 1.0.01 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2012-5325
Multiple cross-site scripting (XSS) vulnerabilities in the scr_do_redirect function in scr.php in the Shortcode Redirect plugin 1.0.01 and earlier for WordPress allow remote authenticated users with certain permissions to inject arbitrary web script or HTML via the (1) url or (2) sec attributes in a redirect tag. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en la función scr_do_redirect en scr.php en el complemento Shortcode Redirect v1.0.01 y anteriores para WordPress, permite a usuarios autenticados remotamente con algunos permisos inyectar secuencias de comandos web o HTML a través de los atributos (1) url o (2) sec en una etiqueta redirect. • http://packetstormsecurity.org/files/view/108914/wpshortcoderedirect-xss.txt http://www.securityfocus.com/bid/51626 https://exchange.xforce.ibmcloud.com/vulnerabilities/72620 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 1CVE-2012-0898 – myEASYbackup < 1.0.9 - Directory Traversal
https://notcve.org/view.php?id=CVE-2012-0898
Directory traversal vulnerability in meb_download.php in the myEASYbackup plugin 1.0.8.1 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the dwn_file parameter. Vulnerabilidad de salto de directorio en meb_download.php en el complemento myEASYbackup v1.0.8.1 para WordPress, permite a atacantes remotos leer archivos de su elección a través de .. (punto punto) en el parámetro dwn_file. • http://packetstormsecurity.org/files/view/108711/wpmyeasybackup-traversal.txt http://secunia.com/advisories/47594 https://exchange.xforce.ibmcloud.com/vulnerabilities/72404 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 1%CPEs: 7EXPL: 4CVE-2012-0896 – Count per Day <= 3.1 - Arbitrary File Download
https://notcve.org/view.php?id=CVE-2012-0896
Absolute path traversal vulnerability in download.php in the Count Per Day module before 3.1.1 for WordPress allows remote attackers to read arbitrary files via the f parameter. Una vulnerabilidad de salto de directorio abosluto en download.php en el modulo de Wordpress llamado "Count Per Day" antes de su versión v3.1.1, permite a atacantes remotos leer ficheros de su elección mediante el parámetro 'f'. • https://www.exploit-db.com/exploits/18355 http://osvdb.org/78270 http://packetstormsecurity.org/files/108631/countperday-downloadxss.txt http://plugins.trac.wordpress.org/changeset/488883/count-per-day http://secunia.com/advisories/47529 http://wordpress.org/extend/plugins/count-per-day/changelog http://www.exploit-db.com/exploits/18355 http://www.securityfocus.com/bid/51402 https://exchange.xforce.ibmcloud.com/vulnerabilities/72385 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 4CVE-2012-6499 – Age Verification <= 0.4 - Open Redirect
https://notcve.org/view.php?id=CVE-2012-6499
Open redirect vulnerability in age-verification.php in the Age Verification plugin 0.4 and earlier for WordPress allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirect_to parameter. Vulnerabilidad de redirección abierta en age-verification.php en el plugin Age Verification v0.4 y anteriores para WordPress permite a atacantes remotos redirigir usuarios a sitios Web Arbitrarios y llevar a cabo ataques de phishing mediante una URL en el parámetro "redirect_to". • https://www.exploit-db.com/exploits/36540 https://www.exploit-db.com/exploits/18350 http://www.exploit-db.com/exploits/18350 http://www.osvdb.org/82584 http://www.securityfocus.com/bid/51357 • CWE-20: Improper Input Validation CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 3CVE-2012-5349 – Pay With Tweet <= 1.1 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2012-5349
Multiple cross-site scripting (XSS) vulnerabilities in pay.php in the Pay With Tweet plugin before 1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) link, (2) title, or (3) dl parameter. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en pay.php en el complemento Pay With Tweet antes de v1.2, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro (1) link, (2) title, o (3) dl. • https://www.exploit-db.com/exploits/18330 http://secunia.com/advisories/47475 http://wordpress.org/extend/plugins/pay-with-tweet/changelog http://www.exploit-db.com/exploits/18330 http://www.osvdb.org/78205 http://www.securityfocus.com/bid/51308 https://exchange.xforce.ibmcloud.com/vulnerabilities/72166 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •