Skip to main content
CVE-2013-4340 LOW POC PATCH Monitor

wp-admin/includes/post.php in WordPress before 3.6.1 allows remote authenticated users to spoof the authorship of a post by leveraging the Author role and providing a modified user_ID parameter. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. Public exploit code available.

WordPress Privilege Escalation PHP
NVD
CVSS 2.0
3.5
EPSS
1.0%
CVE-2013-5739 LOW POC PATCH Monitor

The default configuration of WordPress before 3.6.1 does not prevent uploads of .swf and .exe files, which might make it easier for remote authenticated users to conduct cross-site scripting (XSS). Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. Public exploit code available.

WordPress PHP XSS
NVD
CVSS 2.0
3.5
EPSS
0.2%
CVE-2013-5724 LOW Monitor

Phpbb3 before 3.0.11-4 for Debian GNU/Linux uses world-writable permissions for cache files, which allows local users to modify the file contents via standard filesystem write operations. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Debian Phpbb3
NVD
CVSS 2.0
2.1
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy