Dave Cummo

Pesquisador deNorthrup Grumman subcontractor for the U.S. Centers for Disease Control and Prevention
#21040de 53,635
11.8CVSS total
Vulnerabilidades · 2
Média
1
Alta
1
PT-2013-4961
7.5
2013-09-12
WordPress · Wordpress · CVE-2013-4339
**Name of the Vulnerable Software and Affected Versions** WordPress versions prior to 3.6.1 **Description** The issue allows remote attackers to bypass intended redirection restrictions by using a crafted string, due to improper validation of URLs before use in an HTTP redirect. **Recommendations** For versions prior to 3.6.1, update to version 3.6.1 or later to resolve the issue.
PT-2013-5760
4.3
2013-09-12
WordPress · Wordpress · CVE-2013-5738
**Name of the Vulnerable Software and Affected Versions** WordPress versions prior to 3.6.1 **Description** The issue allows remote authenticated users to potentially conduct cross-site scripting (XSS) attacks via a crafted file. This is due to the `get allowed mime types` function not requiring the `unfiltered html` capability for uploads of `.htm` and `.html` files. **Recommendations** For versions prior to 3.6.1, update to version 3.6.1 or later to resolve the issue.