CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 3CVE-2012-5350 – Pay With Tweet <= 1.1 - Authenticated SQL Injection
https://notcve.org/view.php?id=CVE-2012-5350
SQL injection vulnerability in the Pay With Tweet plugin before 1.2 for WordPress allows remote authenticated users with certain permissions to execute arbitrary SQL commands via the id parameter in a paywithtweet shortcode. Vulnerabilidad de inyección SQL en el plugin Pay With Tweet anteriores a v1.2 para Wordpress, permite a usuarios autenticados remotos con ciertos permisos ejecutar comandos SQL de su elección a través del parámetro id en un "paywithtweet shortcode". • https://www.exploit-db.com/exploits/18330 http://secunia.com/advisories/47475 http://wordpress.org/extend/plugins/pay-with-tweet/changelog http://www.exploit-db.com/exploits/18330 http://www.osvdb.org/78204 http://www.securityfocus.com/bid/51308 https://exchange.xforce.ibmcloud.com/vulnerabilities/72165 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 48EXPL: 1CVE-2011-5192 – Pretty Link Lite < 1.5.6 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2011-5192
Cross-site scripting (XSS) vulnerability in pretty-bar.php in Pretty Link Lite plugin before 1.5.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via the slug parameter, a different vulnerability than CVE-2011-5191. Una vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en pretty-Bar.php en el plugin para WordPress Pretty Link Lite antes de v1.5.6 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro slug. Se trata de una vulnerabilidad diferente a CVE-2011-5191a • http://plugins.trac.wordpress.org/changeset/485819/pretty-link http://secunia.com/advisories/47456 http://wordpress.org/extend/plugins/pretty-link/changelog http://www.securityfocus.com/bid/51306 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 2EXPL: 1CVE-2012-0287 – WordPress Core <= 3.3 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2012-0287
Cross-site scripting (XSS) vulnerability in wp-comments-post.php in WordPress 3.3.x before 3.3.1, when Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via the query string in a POST operation that is not properly handled by the "Duplicate comment detected" feature. Una vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en wp-comments-post.php en WordPress v3.3.x antes de v3.3.1, cuando se utiliza Internet Explorer, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de la query string en una operación POST que no correctamente manejada por la característica "comentario duplicado detectado". • http://oldmanlab.blogspot.com/2012/01/wordpress-33-xss-vulnerability.html http://www.securityfocus.com/bid/51237 http://www.securitytracker.com/id?1026542 https://wordpress.org/news/2012/01/wordpress-3-3-1 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 3CVE-2012-5346 – WP Live.php <= 1.2.1 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2012-5346
Cross-site scripting (XSS) vulnerability in wp-live.php in the WP Live.php module 1.2.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter. NOTE: some of these details are obtained from third party information. Una vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en wp-live.php en el módulo WP Live.php v1.2.1 de WordPress permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro 's'. NOTA: algunos de estos detalles han sido obtenidos a partir de información de terceros. • https://www.exploit-db.com/exploits/36483 http://packetstormsecurity.org/files/108282/wplivephp-xss.txt http://www.securityfocus.com/bid/51220 https://exchange.xforce.ibmcloud.com/vulnerabilities/72080 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 18EXPL: 3CVE-2011-5207 – TheCartPress eCommerce Shopping Cart <= 1.1.5 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2011-5207
Cross-site scripting (XSS) vulnerability in admin/OptionsPostsList.php in the TheCartPress plugin for WordPress before 1.1.6 before 2011-12-31 allows remote attackers to inject arbitrary web script or HTML via the tcp_name_post_XXXXX parameter. Una vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en admin/OptionsPostsList.php en el plugin para WordPress TheCartPress antes de v1.1.6 anterior al 31/12/2011, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro tcp_name_post_XXXXX. • https://www.exploit-db.com/exploits/36481 http://packetstormsecurity.org/files/view/108272/wpcartpress-xss.txt http://plugins.trac.wordpress.org/changeset/482746/thecartpress http://secunia.com/advisories/47427 http://www.securityfocus.com/bid/51216 https://exchange.xforce.ibmcloud.com/vulnerabilities/72070 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •