CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 1CVE-2011-4646 – WP-PostRatings <= 1.61 - SQL Injection
https://notcve.org/view.php?id=CVE-2011-4646
SQL injection vulnerability in wp-postratings.php in the WP-PostRatings plugin 1.50, 1.61, and probably other versions before 1.62 for WordPress allows remote authenticated users with the Author role to execute arbitrary SQL commands via the id attribute of the ratings shortcode when creating a post. NOTE: some of these details are obtained from third party information. Vulnerabilidad de inyección SQL en wp-postratings.php del complemento WP-PostRatings 1.50, 1.61 y problablemente otras versiones anteriores a la 1.62 de WordPress. Permite a usuarios remotos autenticados con el perfil de autor ejecutar comandos SQL de su elección a través del atributo id del código de evaluación ("ratings shortcode") al crear un post. NOTA: algunos de estos detalles han sido obtenidos de información procedente de terceras partes. • http://plugins.trac.wordpress.org/changeset/430970/wp-postratings/trunk/wp-postratings.php?old=355076&old_path=wp-postratings%2Ftrunk%2Fwp-postratings.php http://secunia.com/advisories/46328 http://wordpress.org/extend/plugins/wp-postratings/changelog http://www.securityfocus.com/bid/49986 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.1EPSS: 0%CPEs: 9EXPL: 1CVE-2011-3862 – Morning Coffee < 3.6 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2011-3862
Cross-site scripting (XSS) vulnerability in the Morning Coffee theme before 3.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php. vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en el tema Morning Coffee anterior a v3.6 para WordPress, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través dePATH_INFO sobre index.php. The Morning Coffee theme for WordPress is vulnerable to Reflected Cross-Site Scripting via the PATH_INFO to index.php in versions up to 3.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. • https://www.exploit-db.com/exploits/36186 http://secunia.com/advisories/46295 https://sitewat.ch/en/Advisories/20 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 22EXPL: 2CVE-2011-3860 – Cover WP <= 1.6.5 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2011-3860
Cross-site scripting (XSS) vulnerability in the Cover WP theme before 1.6.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter. vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en el tema Cover WP anteriores a v1.6.6 para WordPress, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro s. • https://www.exploit-db.com/exploits/36183 http://www.securityfocus.com/bid/50334 https://sitewat.ch/en/Advisories/18 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 32EXPL: 2CVE-2011-3858 – Pixiv Custom < 2.1.6 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2011-3858
Cross-site scripting (XSS) vulnerability in the Pixiv Custom theme before 2.1.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter. vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en el tema Pixiv Custom anterior a v2.1.6 para WordPress, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro s. Cross-site scripting (XSS) vulnerability in the Pixiv Custom theme before 2.1.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via the cpage parameter. • https://www.exploit-db.com/exploits/36185 https://sitewat.ch/en/Advisories/16 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 32EXPL: 2CVE-2011-3850 – Atahualpa < 3.6.8 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2011-3850
Cross-site scripting (XSS) vulnerability in the Atahualpa theme before 3.6.8 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter. vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en el tema Atahualpa anteriores a v3.6.8 para WordPress, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro s. • https://www.exploit-db.com/exploits/36178 http://secunia.com/advisories/46297 https://sitewat.ch/en/Advisories/8 https://wpvulndb.com/vulnerabilities/9788 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •