CVSS: 9.8EPSS: 0%CPEs: 48EXPL: 4CVE-2011-4671 – AdRotate – Ad manager & AdSense Ads < 3.6.8 - SQL Injection
https://notcve.org/view.php?id=CVE-2011-4671
SQL injection vulnerability in adrotate/adrotate-out.php in the AdRotate plugin 3.6.6, and other versions before 3.6.8, for WordPress allows remote attackers to execute arbitrary SQL commands via the track parameter (aka redirect URL). Vulnerabilidad de inyección SQL en adrotate/adrotate-out.php en el complemento AdRotate v3.6.6, y otras versiones anteriores a v3.6.8 para WordPress, permite a atacantes remotos ejecutar comandos SQL a través del parámetro track (también conocido como URL). • https://www.exploit-db.com/exploits/17888 https://www.exploit-db.com/exploits/18114 http://downloads.wordpress.org/plugin/adrotate.3.6.8.zip http://secunia.com/advisories/46814 http://unconciousmind.blogspot.com/2011/11/wordpress-adrotate-plugin-366-sql.html http://www.exploit-db.com/exploits/18114 http://www.securityfocus.com/bid/50674 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 54EXPL: 2CVE-2011-4803 – WPtouch <= 1.9.8 - SQL Injection
https://notcve.org/view.php?id=CVE-2011-4803
SQL injection vulnerability in wptouch/ajax.php in the WPTouch plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter. Vulnerabilidad de inyección SQL en wptouch/ajax.php en el complemento WPTouch para WordPress, permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro id • https://www.exploit-db.com/exploits/18039 http://www.exploit-db.com/exploits/18039 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 7EXPL: 1CVE-2011-4669 – WordPress Users <= 1.3 - SQL Injection
https://notcve.org/view.php?id=CVE-2011-4669
SQL injection vulnerability in wp-users.php in WordPress Users plugin 1.3 and possibly earlier for WordPress allows remote attackers to execute arbitrary SQL commands via the uid parameter to index.php. Vulnerabilidad de inyección SQL en wp-users.php de WordPress Users plugin v1.3 y posiblemente anterior para WordPress permite a atacantes remotos ejecutar comandos SQL a través del parámetro index.php. • http://plugins.trac.wordpress.org/changeset/448261/wordpress-users http://secunia.com/advisories/46442 http://wordpress.org/extend/plugins/wordpress-users http://www.securityfocus.com/bid/50174 https://exchange.xforce.ibmcloud.com/vulnerabilities/70683 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.4EPSS: 0%CPEs: 6EXPL: 2CVE-2011-5257 – Classipress <= 3.1.4 - Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2011-5257
Multiple cross-site scripting (XSS) vulnerabilities in the Classipress theme before 3.1.5 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) twitter_id parameter related to the Twitter widget and (2) facebook_id parameter related to the Facebook widget. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en el tema ClassiPress antes de v3.1.5 para WordPress que permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro (1) twitter_id relacionado con el widget de Twitter y (2) facebook_id parámetro relacionado con la Facebook widget. • https://www.exploit-db.com/exploits/18053 http://docs.appthemes.com/classipress/classipress-version-3-1-5 http://secunia.com/advisories/46658 http://www.exploit-db.com/exploits/18053 http://www.osvdb.org/76712 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 1CVE-2011-4646 – WP-PostRatings <= 1.61 - SQL Injection
https://notcve.org/view.php?id=CVE-2011-4646
SQL injection vulnerability in wp-postratings.php in the WP-PostRatings plugin 1.50, 1.61, and probably other versions before 1.62 for WordPress allows remote authenticated users with the Author role to execute arbitrary SQL commands via the id attribute of the ratings shortcode when creating a post. NOTE: some of these details are obtained from third party information. Vulnerabilidad de inyección SQL en wp-postratings.php del complemento WP-PostRatings 1.50, 1.61 y problablemente otras versiones anteriores a la 1.62 de WordPress. Permite a usuarios remotos autenticados con el perfil de autor ejecutar comandos SQL de su elección a través del atributo id del código de evaluación ("ratings shortcode") al crear un post. NOTA: algunos de estos detalles han sido obtenidos de información procedente de terceras partes. • http://plugins.trac.wordpress.org/changeset/430970/wp-postratings/trunk/wp-postratings.php?old=355076&old_path=wp-postratings%2Ftrunk%2Fwp-postratings.php http://secunia.com/advisories/46328 http://wordpress.org/extend/plugins/wp-postratings/changelog http://www.securityfocus.com/bid/49986 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') CWE-94: Improper Control of Generation of Code ('Code Injection') •