Page 91 of 701 results (0.012 seconds)

CVSS: 8.8EPSS: 9%CPEs: 16EXPL: 0

Multiple unrestricted file upload vulnerabilities in the WP Symposium plugin before 11.12.24 for WordPress allow remote attackers to execute arbitrary code by uploading a file with an executable extension using (1) uploadify/upload_admin_avatar.php or (2) uploadify/upload_profile_avatar.php, then accessing it via a direct request to the file in an unspecified directory inside the webroot. Múltiples vulnerabilidades de subida de ficheros sin restricción en el complemento WP Symposium antes de v11.12.24 para WordPress, permite a atacantes remotos ejecutar código de su elección subiendo un fichero con una extensión ejecutable usando (1) uploadify/upload_admin_avatar.php o (2) uploadify/upload_profile_avatar.php, y accediendo posteriormente a él a través de una petición directa al fichero en un directorio no especificado dentro del webroot. • http://osvdb.org/78041 http://osvdb.org/78042 http://secunia.com/advisories/46097 http://secunia.com/secunia_research/2011-91 https://exchange.xforce.ibmcloud.com/vulnerabilities/72012 https://wpsymposium-trac.sourcerepo.com/wpsymposium_trac/ticket/265 • CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0

Cross-site request forgery (CSRF) vulnerability in wordpress_sentinel.php in the Sentinel plugin 1.0.0 for WordPress allows remote attackers to hijack the authentication of an administrator for requests that trigger snapshots. Múltiples vulnerabilidades de falsificación de petición en sitios cruzados (CSRF) en wordpress_sentinel.php en el plugin Sentinel v1.0.0 para WordPress, permite a atacantes remotos secuestrar la autenticación de los administradores para peticiones que provocan instantáneas. Cross-site request forgery (CSRF) vulnerability in wordpress_sentinel.php in the Sentinel plugin 1.0.0 for WordPress allows remote attackers to hijack the authentication of an administrator for requests that trigger snapshots. The WordPress Sentinel plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.0. This is due to missing nonce validation on several functions. This makes it possible for unauthenticated attackers to perform administrative actions like modifying the plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. • http://osvdb.org/77778 http://plugins.trac.wordpress.org/changeset?reponame=&new=475315%40wordpress-sentinel&old=474998%40wordpress-sentinel http://secunia.com/advisories/47020 http://wordpress.org/extend/plugins/wordpress-sentinel/changelog http://www.boiteaweb.fr/wordpress-sentinel-v1-0-0-3104.html http://www.securityfocus.com/bid/51089 https://exchange.xforce.ibmcloud.com/vulnerabilities/71857 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0

Cross-site scripting (XSS) vulnerability in wordpress_sentinel.php in the Sentinel plugin 1.0.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via unknown vectors. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en wordpress_sentinel.php en el plugin Sentinel v1.0.0 para WordPress, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores desconocidos. • http://osvdb.org/77777 http://plugins.trac.wordpress.org/changeset?reponame=&new=475315%40wordpress-sentinel&old=474998%40wordpress-sentinel http://secunia.com/advisories/47020 http://wordpress.org/extend/plugins/wordpress-sentinel/changelog http://www.boiteaweb.fr/wordpress-sentinel-v1-0-0-3104.html http://www.securityfocus.com/bid/51089 https://exchange.xforce.ibmcloud.com/vulnerabilities/71854 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0

SQL injection vulnerability in the Sentinel plugin 1.0.0 for WordPress allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Vulnerabilidad de inyección SQL en Sentinel plugin v1.0.0 para WordPress, permite a atacantes remotos ejecutar comandos SQL de su elección a través de vectores desconocidos. • http://osvdb.org/77779 http://plugins.trac.wordpress.org/changeset?reponame=&new=475315%40wordpress-sentinel&old=474998%40wordpress-sentinel http://wordpress.org/extend/plugins/wordpress-sentinel/changelog http://www.boiteaweb.fr/wordpress-sentinel-v1-0-0-3104.html http://www.securityfocus.com/bid/51089 https://exchange.xforce.ibmcloud.com/vulnerabilities/71858 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 6.1EPSS: 0%CPEs: 46EXPL: 1

Cross-site scripting (XSS) vulnerability in pretty-bar.php in Pretty Link Lite plugin before 1.5.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the slug parameter, a different vulnerability than CVE-2011-5192. Vulnerabilidad de ejecución de secuencias de comandos (XSS) en pretty-bar.php en Pretty Link Lite plugin antes de v1.5.4 para WordPress, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro slug, una vulnerabilidad diferente de CVE-2011-5192. • http://plugins.trac.wordpress.org/changeset/473693/pretty-link http://wordpress.org/extend/plugins/pretty-link/changelog • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •