Page 9 of 131 results (0.018 seconds)

CVSS: 4.7EPSS: 1%CPEs: 1EXPL: 0

10 Oct 2017 — WordPress through 4.8.2, when domain-based flashmediaelement.swf sandboxing is not used, allows remote attackers to conduct cross-domain Flash injection (XSF) attacks by leveraging code contained within the wp-includes/js/mediaelement/flashmediaelement.swf file. WordPress hasta la versión 4.8.2, cuando no se utiliza el sandboxing flashmediaelement.swf basado en dominios, permite que atacantes remotos realicen ataques de inyección de código Flash en dominios cruzados (XSF) usando código contenido en el archi... • http://www.securityfocus.com/bid/101294 • CWE-20: Improper Input Validation •

CVSS: 6.4EPSS: 2%CPEs: 1EXPL: 0

19 Sep 2017 — Before version 4.8.2, WordPress was susceptible to a Cross-Site Scripting attack in the link modal via a javascript: or data: URL. Antes de la versión 4.8.2, WordPress era susceptible a un ataque de Cross-Site Scripting (XSS) en el modal de enlace mediante una URL javascript: o data:. • http://www.securityfocus.com/bid/100912 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.4EPSS: 7%CPEs: 1EXPL: 0

19 Sep 2017 — Before version 4.8.2, WordPress was vulnerable to a cross-site scripting attack via shortcodes in the TinyMCE visual editor. Antes de la versión 4.8.2, WordPress era vulnerable a un ataque de Cross-Site Scripting (XSS) mediante shortcodes en el editor visual TinyMCE. • http://www.securityfocus.com/bid/100912 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.8EPSS: 13%CPEs: 1EXPL: 2

19 Sep 2017 — Before version 4.8.2, WordPress mishandled % characters and additional placeholder values in $wpdb->prepare, and thus did not properly address the possibility of plugins and themes enabling SQL injection attacks. Antes de la versión 4.8.2, WordPress no gestionaba correctamente caracteres % y valores de sustitución adicionales en $wpdb->prepare, por lo que no abordaba correctamente la posibilidad de que los plugins o los temas permitiesen los ataques de inyección SQL. • http://www.securityfocus.com/bid/100912 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 5.4EPSS: 4%CPEs: 1EXPL: 0

19 Sep 2017 — Before version 4.8.2, WordPress was susceptible to an open redirect attack in wp-admin/edit-tag-form.php and wp-admin/user-edit.php. Antes de la versión 4.8.2, WordPress era susceptible a un ataque de redirección abierta en wp-admin/edit-tag-form.php y wp-admin/user-edit.php. • http://www.securityfocus.com/bid/100912 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •

CVSS: 7.5EPSS: 50%CPEs: 202EXPL: 1

19 Sep 2017 — Before version 4.8.2, WordPress was vulnerable to a directory traversal attack during unzip operations in the ZipArchive and PclZip components. Antes de la versión 4.8.2, WordPress era susceptible a un ataque de salto de directorio durante operaciones de descompresión en los componentes ZipArchive y PclZip. • https://github.com/PalmTreeForest/CodePath_Week_7-8 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 6.4EPSS: 2%CPEs: 1EXPL: 0

19 Sep 2017 — Before version 4.8.2, WordPress allowed a Cross-Site scripting attack in the template list view via a crafted template name. Antes de la versión 4.8.2, WordPress permitía un ataque de Cross-Site Scripting (XSS) en la vista de plantilla de lista mediante un nombre de plantilla modificado. • http://www.securityfocus.com/bid/100912 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 2%CPEs: 1EXPL: 0

19 Sep 2017 — Before version 4.8.2, WordPress allowed Cross-Site scripting in the plugin editor via a crafted plugin name. Antes de la versión 4.8.2, WordPress permitía un ataque de Cross-Site Scripting (XSS) en el editor de plugins mediante un nombre de plugin modificado. • http://www.securityfocus.com/bid/100912 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.4EPSS: 7%CPEs: 1EXPL: 0

19 Sep 2017 — Before version 4.8.2, WordPress was vulnerable to cross-site scripting in oEmbed discovery. Antes de la versión 4.8.2, WordPress era vulnerable a Cross-Site Scripting (XSS) en oEmbed Discovery. • http://www.securityfocus.com/bid/100912 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 8.8EPSS: 1%CPEs: 3EXPL: 0

16 May 2017 — In WordPress before 4.7.5, a Cross Site Request Forgery (CSRF) vulnerability exists in the filesystem credentials dialog because a nonce is not required for updating credentials. En WordPress antes de 4.7.5, existe una vulnerabilidad de Cross Site Request Forgery (CSRF) en el diálogo de credenciales del sistema de archivos porque no se requiere un nonce para actualizar las credenciales. Several vulnerabilities were discovered in wordpress, a web blogging tool. They would allow remote attackers to force pass... • http://www.debian.org/security/2017/dsa-3870 • CWE-352: Cross-Site Request Forgery (CSRF) •