CVSS: 6.4EPSS: 0%CPEs: 89EXPL: 1CVE-2013-0237 – WordPress Core < 3.5.1 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2013-0237
24 Jan 2013 — Cross-site scripting (XSS) vulnerability in Plupload.as in Moxiecode plupload before 1.5.5, as used in WordPress before 3.5.1 and other products, allows remote attackers to inject arbitrary web script or HTML via the id parameter. Vulnerabilidad de ejecución de comandos en sitios cruzados en Plupload.as en Moxiecode Plupload anteriores a v1.5.5, como el usado en WordPress anteriores a v3.5.1 y otros productos, permiten a atacantes remotos inyectar comandos web o HTML a través del parámetro id. • http://codex.wordpress.org/Version_3.5.1 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.1EPSS: 1%CPEs: 89EXPL: 0CVE-2012-2401 – WordPress Core <= 3.3.1 - Same Origin Policy Bypass
https://notcve.org/view.php?id=CVE-2012-2401
20 Apr 2012 — Plupload before 1.5.4, as used in wp-includes/js/plupload/ in WordPress before 3.3.2 and other products, enables scripting regardless of the domain from which the SWF content was loaded, which allows remote attackers to bypass the Same Origin Policy via crafted content. Plupload antes de v1.5.4, tal y como se utiliza en wp-includes/js/plupload/ en WordPress antes de v3.3.2 y otros productos, permite ejecutar secuencias de comandos, independientemente del dominio desde el que se cargó el contenido SWF, lo qu... • http://core.trac.wordpress.org/browser/branches/3.3/wp-includes/js/plupload/changelog.txt?rev=20487 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2005-4599
https://notcve.org/view.php?id=CVE-2005-4599
31 Dec 2005 — Cross-site scripting (XSS) vulnerability in tiny_mce_gzip.php in TinyMCE Compressor PHP before 1.06 allows remote attackers to inject arbitrary web script or HTML via the index parameter. • http://secunia.com/advisories/18262 •
CVSS: 7.5EPSS: 12%CPEs: 1EXPL: 1CVE-2005-4600 – iziContents rc6 - Local/Remote File Inclusion
https://notcve.org/view.php?id=CVE-2005-4600
31 Dec 2005 — Directory traversal vulnerability in tiny_mce_gzip.php in TinyMCE Compressor PHP before 1.06 allows remote attackers to read or include arbitrary files via a trailing null byte (%00) in the (1) theme, (2) language, (3) plugins, or (4) lang parameter. • https://www.exploit-db.com/exploits/4441 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •