CVSS: 6.1EPSS: 0%CPEs: 48EXPL: 1CVE-2011-5192 – Pretty Link Lite < 1.5.6 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2011-5192
Cross-site scripting (XSS) vulnerability in pretty-bar.php in Pretty Link Lite plugin before 1.5.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via the slug parameter, a different vulnerability than CVE-2011-5191. Una vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en pretty-Bar.php en el plugin para WordPress Pretty Link Lite antes de v1.5.6 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro slug. Se trata de una vulnerabilidad diferente a CVE-2011-5191a • http://plugins.trac.wordpress.org/changeset/485819/pretty-link http://secunia.com/advisories/47456 http://wordpress.org/extend/plugins/pretty-link/changelog http://www.securityfocus.com/bid/51306 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 2EXPL: 1CVE-2012-0287 – WordPress Core <= 3.3 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2012-0287
Cross-site scripting (XSS) vulnerability in wp-comments-post.php in WordPress 3.3.x before 3.3.1, when Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via the query string in a POST operation that is not properly handled by the "Duplicate comment detected" feature. Una vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en wp-comments-post.php en WordPress v3.3.x antes de v3.3.1, cuando se utiliza Internet Explorer, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de la query string en una operación POST que no correctamente manejada por la característica "comentario duplicado detectado". • http://oldmanlab.blogspot.com/2012/01/wordpress-33-xss-vulnerability.html http://www.securityfocus.com/bid/51237 http://www.securitytracker.com/id?1026542 https://wordpress.org/news/2012/01/wordpress-3-3-1 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 3CVE-2012-5346 – WP Live.php <= 1.2.1 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2012-5346
Cross-site scripting (XSS) vulnerability in wp-live.php in the WP Live.php module 1.2.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter. NOTE: some of these details are obtained from third party information. Una vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en wp-live.php en el módulo WP Live.php v1.2.1 de WordPress permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro 's'. NOTA: algunos de estos detalles han sido obtenidos a partir de información de terceros. • https://www.exploit-db.com/exploits/36483 http://packetstormsecurity.org/files/108282/wplivephp-xss.txt http://www.securityfocus.com/bid/51220 https://exchange.xforce.ibmcloud.com/vulnerabilities/72080 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 18EXPL: 3CVE-2011-5207 – TheCartPress eCommerce Shopping Cart <= 1.1.5 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2011-5207
Cross-site scripting (XSS) vulnerability in admin/OptionsPostsList.php in the TheCartPress plugin for WordPress before 1.1.6 before 2011-12-31 allows remote attackers to inject arbitrary web script or HTML via the tcp_name_post_XXXXX parameter. Una vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en admin/OptionsPostsList.php en el plugin para WordPress TheCartPress antes de v1.1.6 anterior al 31/12/2011, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro tcp_name_post_XXXXX. • https://www.exploit-db.com/exploits/36481 http://packetstormsecurity.org/files/view/108272/wpcartpress-xss.txt http://plugins.trac.wordpress.org/changeset/482746/thecartpress http://secunia.com/advisories/47427 http://www.securityfocus.com/bid/51216 https://exchange.xforce.ibmcloud.com/vulnerabilities/72070 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 31EXPL: 0CVE-2011-5254 – Connections Business Directory < 0.7.1.6 - Authorization Bypass
https://notcve.org/view.php?id=CVE-2011-5254
Unspecified vulnerability in the Connections plugin before 0.7.1.6 for WordPress has unknown impact and attack vectors. Vulnerabilidad sin especificar en el plugin Connections anterior a v0.7.1.6 para WordPress tiene un impacto y vectores de ataque desconocidos. The Connections plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 0.7.1.5 due to insufficient authorization checks. • http://secunia.com/advisories/47390 http://wordpress.org/extend/plugins/connections/changelog http://www.osvdb.org/78063 http://www.securityfocus.com/bid/51204 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •