Summary
Detail | |||
---|---|---|---|
Vendor | Wordpress | First view | 2013-07-08 |
Product | Wordpress | Last view | 2013-07-08 |
Version | 2.3 | Type | Application |
Update | * | ||
Edition | * | ||
Language | * | ||
Sofware Edition | * | ||
Target Software | * | ||
Target Hardware | * | ||
Other | * | ||
CPE Product | cpe:2.3:a:wordpress:wordpress |
Activity : Overall
Related : CVE
Date | Alert | Description | |
---|---|---|---|
4.3 | 2013-07-08 | CVE-2013-0237 | Cross-site scripting (XSS) vulnerability in Plupload.as in Moxiecode plupload before 1.5.5, as used in WordPress before 3.5.1 and other products, allows remote attackers to inject arbitrary web script or HTML via the id parameter. |
4.3 | 2013-07-08 | CVE-2013-0236 | Multiple cross-site scripting (XSS) vulnerabilities in WordPress before 3.5.1 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) gallery shortcodes or (2) the content of a post. |
6.4 | 2013-07-08 | CVE-2013-0235 | The XMLRPC API in WordPress before 3.5.1 allows remote attackers to send HTTP requests to intranet servers, and conduct port-scanning attacks, by specifying a crafted source URL for a pingback, related to a Server-Side Request Forgery (SSRF) issue. |
CWE : Common Weakness Enumeration
% | id | Name |
---|---|---|
100% (2) | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') |
Snort® IPS/IDS
Date | Description |
---|---|
2017-01-04 | WordPress XMLRPC pingback ddos attempt RuleID : 40883 - Type : SERVER-WEBAPP - Revision : 3 |
2014-01-10 | WordPress XMLRPC potential port-scan attempt RuleID : 28849 - Type : SERVER-WEBAPP - Revision : 4 |
Nessus® Vulnerability Scanner
id | Description |
---|---|
2013-07-03 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-2718.nasl - Type: ACT_GATHER_INFO |
2013-07-03 | Name: The remote Mandriva Linux host is missing a security update. File: mandriva_MDVSA-2013-189.nasl - Type: ACT_GATHER_INFO |
2013-02-11 | Name: The remote Fedora host is missing a security update. File: fedora_2013-1692.nasl - Type: ACT_GATHER_INFO |
2013-02-11 | Name: The remote Fedora host is missing a security update. File: fedora_2013-1774.nasl - Type: ACT_GATHER_INFO |
2013-02-04 | Name: The remote web server contains a PHP application that is affected by multiple... File: wordpress_3_5_1.nasl - Type: ACT_GATHER_INFO |
2013-02-04 | Name: The remote web server contains a PHP application that is affected by a server... File: wordpress_xmlrpc_pingback_request_forgery.nasl - Type: ACT_ATTACK |
2013-01-30 | Name: The remote FreeBSD host is missing one or more security-related updates. File: freebsd_pkg_559e00b76a4d11e2b6b010bf48230856.nasl - Type: ACT_GATHER_INFO |