CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 1CVE-2012-0898 – myEASYbackup < 1.0.9 - Directory Traversal
https://notcve.org/view.php?id=CVE-2012-0898
Directory traversal vulnerability in meb_download.php in the myEASYbackup plugin 1.0.8.1 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the dwn_file parameter. Vulnerabilidad de salto de directorio en meb_download.php en el complemento myEASYbackup v1.0.8.1 para WordPress, permite a atacantes remotos leer archivos de su elección a través de .. (punto punto) en el parámetro dwn_file. • http://packetstormsecurity.org/files/view/108711/wpmyeasybackup-traversal.txt http://secunia.com/advisories/47594 https://exchange.xforce.ibmcloud.com/vulnerabilities/72404 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 1%CPEs: 7EXPL: 4CVE-2012-0896 – Count per Day <= 3.1 - Arbitrary File Download
https://notcve.org/view.php?id=CVE-2012-0896
Absolute path traversal vulnerability in download.php in the Count Per Day module before 3.1.1 for WordPress allows remote attackers to read arbitrary files via the f parameter. Una vulnerabilidad de salto de directorio abosluto en download.php en el modulo de Wordpress llamado "Count Per Day" antes de su versión v3.1.1, permite a atacantes remotos leer ficheros de su elección mediante el parámetro 'f'. • https://www.exploit-db.com/exploits/18355 http://osvdb.org/78270 http://packetstormsecurity.org/files/108631/countperday-downloadxss.txt http://plugins.trac.wordpress.org/changeset/488883/count-per-day http://secunia.com/advisories/47529 http://wordpress.org/extend/plugins/count-per-day/changelog http://www.exploit-db.com/exploits/18355 http://www.securityfocus.com/bid/51402 https://exchange.xforce.ibmcloud.com/vulnerabilities/72385 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 4CVE-2012-6499 – Age Verification <= 0.4 - Open Redirect
https://notcve.org/view.php?id=CVE-2012-6499
Open redirect vulnerability in age-verification.php in the Age Verification plugin 0.4 and earlier for WordPress allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirect_to parameter. Vulnerabilidad de redirección abierta en age-verification.php en el plugin Age Verification v0.4 y anteriores para WordPress permite a atacantes remotos redirigir usuarios a sitios Web Arbitrarios y llevar a cabo ataques de phishing mediante una URL en el parámetro "redirect_to". • https://www.exploit-db.com/exploits/36540 https://www.exploit-db.com/exploits/18350 http://www.exploit-db.com/exploits/18350 http://www.osvdb.org/82584 http://www.securityfocus.com/bid/51357 • CWE-20: Improper Input Validation CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 3CVE-2012-5349 – Pay With Tweet <= 1.1 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2012-5349
Multiple cross-site scripting (XSS) vulnerabilities in pay.php in the Pay With Tweet plugin before 1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) link, (2) title, or (3) dl parameter. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en pay.php en el complemento Pay With Tweet antes de v1.2, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro (1) link, (2) title, o (3) dl. • https://www.exploit-db.com/exploits/18330 http://secunia.com/advisories/47475 http://wordpress.org/extend/plugins/pay-with-tweet/changelog http://www.exploit-db.com/exploits/18330 http://www.osvdb.org/78205 http://www.securityfocus.com/bid/51308 https://exchange.xforce.ibmcloud.com/vulnerabilities/72166 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 3CVE-2012-5350 – Pay With Tweet <= 1.1 - Authenticated SQL Injection
https://notcve.org/view.php?id=CVE-2012-5350
SQL injection vulnerability in the Pay With Tweet plugin before 1.2 for WordPress allows remote authenticated users with certain permissions to execute arbitrary SQL commands via the id parameter in a paywithtweet shortcode. Vulnerabilidad de inyección SQL en el plugin Pay With Tweet anteriores a v1.2 para Wordpress, permite a usuarios autenticados remotos con ciertos permisos ejecutar comandos SQL de su elección a través del parámetro id en un "paywithtweet shortcode". • https://www.exploit-db.com/exploits/18330 http://secunia.com/advisories/47475 http://wordpress.org/extend/plugins/pay-with-tweet/changelog http://www.exploit-db.com/exploits/18330 http://www.osvdb.org/78204 http://www.securityfocus.com/bid/51308 https://exchange.xforce.ibmcloud.com/vulnerabilities/72165 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •