CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 1CVE-2011-5264 – Lazyest Backup < 0.2.2 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2011-5264
Cross-site scripting (XSS) vulnerability in lazyest-backup.php in the Lazyest Backup plugin before 0.2.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the xml_or_all parameter. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en lazyest-backup.php en el Lazyest Backup plugin anterior a v0.2.2 para WordPress, permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través del parámetro xml_or_all. The Lazyest Backup plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'xml_or_all' parameter found in the lazyest-backup.php file in versions up to 0.2.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. • http://plugins.trac.wordpress.org/changeset?reponame=&new=470737%40lazyest-backup&old=468541%40lazyest-backup http://secunia.com/advisories/47092 http://wordpress.org/extend/plugins/lazyest-backup/changelog http://www.osvdb.org/77493 http://www.securityfocus.com/bid/50900 https://exchange.xforce.ibmcloud.com/vulnerabilities/71650 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 3CVE-2011-4673 – WordPress Plugin jetpack - 'sharedaddy.php' ID SQL Injection
https://notcve.org/view.php?id=CVE-2011-4673
SQL injection vulnerability in modules/sharedaddy.php in the Jetpack plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter. Vulnerabilidad de inyección SQL en modules/sharedaddy.php en el complemento Jetpack para WordPress, permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro id. • https://www.exploit-db.com/exploits/18126 http://www.exploit-db.com/exploits/18126 http://www.securityfocus.com/bid/50730 https://exchange.xforce.ibmcloud.com/vulnerabilities/71404 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 3CVE-2011-5180 – ZooEffect Plugin for Video player, Photo Gallery Slideshow jQuery and audio / music / podcast – HTML5 <= 1.11 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2011-5180
Cross-site scripting (XSS) vulnerability in wp-1pluginjquery.php in the ZooEffect plugin 1.01 for WordPress allows remote attackers to inject arbitrary web script or HTML via the page parameter. NOTE: some of these details are obtained from third party information. NOTE: this has been disputed by a third party. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en wp-1pluginjquery.php en el plugin ZooEffect v1.01 para WordPress, permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través del parámetro page. NOTA: algunos de estos detalles han sido obtenidos a partir de información de terceros. • https://www.exploit-db.com/exploits/36382 http://www.osvdb.org/77648 http://www.securityfocus.com/archive/1/520690/100/0/threaded http://www.securityfocus.com/bid/50860 https://exchange.xforce.ibmcloud.com/vulnerabilities/71572 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 1CVE-2011-4562 – Redirection <= 2.2.9 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2011-4562
Multiple cross-site scripting (XSS) vulnerabilities in (1) view/admin/log_item.php and (2) view/admin/log_item_details.php in the Redirection plugin 2.2.9 for WordPress allow remote attackers to inject arbitrary web script or HTML via the Referer HTTP header in a request to a post that does not exist. Multiples vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en (1) view/admin/log_item.php y (2) view/admin/log_item_details.php en el componente Redirection para WordPress v2.2.9 permiten a atacantes remotos inyectar HTML o secuencias de comandos web a través de la cabecera HTTP Referer en una solicitud a una entrada que no existe. • http://dotxed.net/2011/websicherheit/lazy-xss-wenn-statistiken-und-loggs-zur-gefahr-werden.html http://osvdb.org/76092 http://packetstormsecurity.org/files/view/105573/wpredirection229-xss.txt http://plugins.trac.wordpress.org/changeset?reponame=&new=447262%40redirection&old=421721%40redirection http://secunia.com/advisories/46310 http://wordpress.org/extend/plugins/redirection/changelog http://www.securityfocus.com/bid/49985 https://exchange.xforce.ibmcloud.com/vulnerabilities/70373 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 2CVE-2011-5179 – Skysa App Bar Integration < 1.04 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2011-5179
Cross-site scripting (XSS) vulnerability in skysa-official/skysa.php in Skysa App Bar Integration plugin, possibly before 1.04, for WordPress allows remote attackers to inject arbitrary web script or HTML via the submit parameter. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en skysa-official/skysa.php en el plugin Skysa App Bar Integration, posiblemente anteriores a v1.04, para WordPress, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro submit. • https://www.exploit-db.com/exploits/36363 http://www.securityfocus.com/archive/1/520662/100/0/threaded http://www.securityfocus.com/bid/50824 https://exchange.xforce.ibmcloud.com/vulnerabilities/71486 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •