NotCVE - vendor:"Wordpress" product:"Wordpress" version:"3.8.1"

Page 9 of 164 results (0.013 seconds)

CVSS: 6.4EPSS: 2%CPEs: 1EXPL: 0

CVE-2017-14720 – WordPress Core < 4.8.2 - Cross-Site Scripting via Template Name

https://notcve.org/view.php?id=CVE-2017-14720

19 Sep 2017 — Before version 4.8.2, WordPress allowed a Cross-Site scripting attack in the template list view via a crafted template name. Antes de la versión 4.8.2, WordPress permitía un ataque de Cross-Site Scripting (XSS) en la vista de plantilla de lista mediante un nombre de plantilla modificado. • http://www.securityfocus.com/bid/100912 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 2%CPEs: 1EXPL: 0

CVE-2017-14721 – WordPress Core < 4.8.2 - Stored Cross-Site Scripting via Plugin Names

https://notcve.org/view.php?id=CVE-2017-14721

19 Sep 2017 — Before version 4.8.2, WordPress allowed Cross-Site scripting in the plugin editor via a crafted plugin name. Antes de la versión 4.8.2, WordPress permitía un ataque de Cross-Site Scripting (XSS) en el editor de plugins mediante un nombre de plugin modificado. • http://www.securityfocus.com/bid/100912 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.4EPSS: 7%CPEs: 1EXPL: 0

CVE-2017-14724 – WordPress Core < 4.8.2 - Cross-Site Scripting in oEmbed

https://notcve.org/view.php?id=CVE-2017-14724

19 Sep 2017 — Before version 4.8.2, WordPress was vulnerable to cross-site scripting in oEmbed discovery. Antes de la versión 4.8.2, WordPress era vulnerable a Cross-Site Scripting (XSS) en oEmbed Discovery. • http://www.securityfocus.com/bid/100912 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.4EPSS: 4%CPEs: 1EXPL: 0

CVE-2017-14725 – WordPress Core < 4.8.2 - Open Redirect in Admin Dashboard

https://notcve.org/view.php?id=CVE-2017-14725

19 Sep 2017 — Before version 4.8.2, WordPress was susceptible to an open redirect attack in wp-admin/edit-tag-form.php and wp-admin/user-edit.php. Antes de la versión 4.8.2, WordPress era susceptible a un ataque de redirección abierta en wp-admin/edit-tag-form.php y wp-admin/user-edit.php. • http://www.securityfocus.com/bid/100912 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •

CVSS: 6.4EPSS: 2%CPEs: 1EXPL: 0

CVE-2017-14718 – WordPress Core < 4.8.2 - Cross-Site Scripting via Javascript: and Data: URLs

https://notcve.org/view.php?id=CVE-2017-14718

19 Sep 2017 — Before version 4.8.2, WordPress was susceptible to a Cross-Site Scripting attack in the link modal via a javascript: or data: URL. Antes de la versión 4.8.2, WordPress era susceptible a un ataque de Cross-Site Scripting (XSS) en el modal de enlace mediante una URL javascript: o data:. • http://www.securityfocus.com/bid/100912 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.5EPSS: 50%CPEs: 202EXPL: 1

CVE-2017-14719 – WordPress Core < 4.8.2 - Directory Traversal during unzip

https://notcve.org/view.php?id=CVE-2017-14719

19 Sep 2017 — Before version 4.8.2, WordPress was vulnerable to a directory traversal attack during unzip operations in the ZipArchive and PclZip components. Antes de la versión 4.8.2, WordPress era susceptible a un ataque de salto de directorio durante operaciones de descompresión en los componentes ZipArchive y PclZip. • https://github.com/PalmTreeForest/CodePath_Week_7-8 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 7.5EPSS: 3%CPEs: 3EXPL: 0

CVE-2017-9065 – WordPress Core < 4.7.5 - Authorization Bypass Allowing Post Meta Updates

https://notcve.org/view.php?id=CVE-2017-9065

16 May 2017 — In WordPress before 4.7.5, there is a lack of capability checks for post meta data in the XML-RPC API. En WordPress anteriores a 4.7.5, hay una falta de verificaciones de capacidad para el envío de metadatos en la API XML-RPC. Several vulnerabilities were discovered in wordpress, a web blogging tool. They would allow remote attackers to force password resets, and perform various cross-site scripting and cross-site request forgery attacks. • http://www.debian.org/security/2017/dsa-3870 • CWE-20: Improper Input Validation CWE-285: Improper Authorization •

CVSS: 8.6EPSS: 1%CPEs: 3EXPL: 0

CVE-2017-9062 – WordPress Core < 4.7.5 - Mishandling Post Meta Values via XML-RPC

https://notcve.org/view.php?id=CVE-2017-9062

16 May 2017 — In WordPress before 4.7.5, there is improper handling of post meta data values in the XML-RPC API. En WordPress anteriores a 4.7.5, existe una manipulación incorrecta de los valores meta-datos al hacer el post en la API XML-RPC. Several vulnerabilities were discovered in wordpress, a web blogging tool. They would allow remote attackers to force password resets, and perform various cross-site scripting and cross-site request forgery attacks. • http://www.debian.org/security/2017/dsa-3870 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-285: Improper Authorization CWE-352: Cross-Site Request Forgery (CSRF) CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •

CVSS: 8.6EPSS: 1%CPEs: 3EXPL: 0

CVE-2017-9066 – WordPress Core < 4.7.5 - Server-Side Request Forgery

https://notcve.org/view.php?id=CVE-2017-9066

16 May 2017 — In WordPress before 4.7.5, there is insufficient redirect validation in the HTTP class, leading to SSRF. En WordPress anterior a versión 4.7.5, no hay suficiente validación de redireccionamiento en la clase de HTTP, lo que conlleva a una vulnerabilidad de tipo SSRF. Several vulnerabilities were discovered in Wordpress, a web blogging tool. They allowed remote attackers to perform SQL injections and various Cross-Side Scripting (XSS) and Server-Side Request Forgery (SSRF) attacks, as well as bypass some acce... • http://www.securityfocus.com/bid/98509 • CWE-918: Server-Side Request Forgery (SSRF) •

CVSS: 6.4EPSS: 1%CPEs: 3EXPL: 0

CVE-2017-9061 – WordPress Core < 4.7.5 - Stored Cross-Site Scripting via filenames

https://notcve.org/view.php?id=CVE-2017-9061

16 May 2017 — In WordPress before 4.7.5, a cross-site scripting (XSS) vulnerability exists when attempting to upload very large files, because the error message does not properly restrict presentation of the filename. En WordPress anteriores a 4.7.5, existe una vulnerabilidad XSS (cross-site scripting) al intentar cargar archivos muy grandes, porque el mensaje de error no restringe adecuadamente la presentación del nombre de archivo. Several vulnerabilities were discovered in wordpress, a web blogging tool. They would al... • http://www.debian.org/security/2017/dsa-3870 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

1...7 8 9 10 11