CVSS: 7.2EPSS: 0%CPEs: 78EXPL: 2CVE-2012-4263 – iThemes Security < 3.2.5 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2012-4263
11 May 2012 — Cross-site scripting (XSS) vulnerability in inc/admin/content.php in the Better WP Security (better_wp_security) plugin before 3.2.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the HTTP_USER_AGENT header. Una vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en inc/admin/content.php en el plugin 'Better WP Security' (better_wp_security) para WordPress antes de v3.2.5 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de la cabe... • http://bit51.com/software/better-wp-security/changelog • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 78EXPL: 1CVE-2012-4264 – Better WP Security <= 3.2.4 - Multiple Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2012-4264
11 May 2012 — Multiple cross-site scripting (XSS) vulnerabilities in the Better WP Security (better_wp_security) plugin before 3.2.5 for WordPress allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "server variables," a different vulnerability than CVE-2012-4263. Múltiples vulnerabilidades de ejecución de comandos en sitios cruzados (XSS) en el plugin 'Better WP Security' (better_wp_security) para WordPress antes de v3.2.5 permite a atacantes remotos inyectar secuencias de co... • http://bit51.com/software/better-wp-security/changelog • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •