Wordpress » Wordpress : Security Vulnerabilities Published In 2013 (Bypass)
# |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
1 |
CVE-2013-4339 |
20 |
|
Bypass |
2013-09-12 |
2013-12-30 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
WordPress before 3.6.1 does not properly validate URLs before use in an HTTP redirect, which allows remote attackers to bypass intended redirection restrictions via a crafted string. |
2 |
CVE-2013-2205 |
79 |
|
XSS Bypass |
2013-07-08 |
2016-12-30 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
The default configuration of SWFUpload in WordPress before 3.5.2 has an unrestrictive security.allowDomain setting, which allows remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via a crafted web site. |
3 |
CVE-2013-2200 |
264 |
|
Bypass |
2013-07-08 |
2013-08-13 |
4.0 |
None |
Remote |
Low |
Single system |
None |
Partial |
None |
WordPress before 3.5.2 does not properly check the capabilities of roles, which allows remote authenticated users to bypass intended restrictions on publishing and authorship reassignment via unspecified vectors. |
Total number of vulnerabilities :
3
Page :
1
(This Page)