Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 3.9.1 vulnerabilities and exploits
(subscribe to this query)
755
VMScore
CVE-2014-1854
SQL injection vulnerability in library/clicktracker.php in the AdRotate Pro plugin 3.9 up to and including 3.9.5 and AdRotate Free plugin 3.9 up to and including 3.9.4 for WordPress allows remote malicious users to execute arbitrary SQL commands via the track parameter.
Adrotateplugin Adrotate 3.9.3
Adrotateplugin Adrotate 3.9.2
Adrotateplugin Adrotate 3.9.
Adrotateplugin Adrotate 3.9.1
Adrotateplugin Adrotate 3.9.5
Adrotateplugin Adrotate 3.9.4
1 EDB exploit
668
VMScore
CVE-2015-9310
The all-in-one-wp-security-and-firewall plugin prior to 3.9.1 for WordPress has multiple SQL injection issues.
Tipsandtricks-hq All In One Wp Security \\& Firewall
668
VMScore
CVE-2014-5203
wp-includes/class-wp-customize-widgets.php in the widget implementation in WordPress 3.9.x prior to 3.9.2 might allow remote malicious users to execute arbitrary code via crafted serialized data.
Wordpress Wordpress 3.9.0
Wordpress Wordpress 3.9.1
605
VMScore
CVE-2014-9037
WordPress prior to 3.7.5, 3.8.x prior to 3.8.5, 3.9.x prior to 3.9.3, and 4.x prior to 4.0.1 might allow remote malicious users to obtain access to an account idle since 2008 by leveraging an improper PHP dynamic type comparison for an MD5 hash.
Mageia Project Mageia 4
Mageia Project Mageia 3
Wordpress Wordpress 3.8
Wordpress Wordpress 3.9
Wordpress Wordpress 3.9.2
Wordpress Wordpress 3.8.1
Wordpress Wordpress 3.8.2
Wordpress Wordpress 3.8.3
Wordpress Wordpress 3.8.4
Wordpress Wordpress
Wordpress Wordpress 3.9.1
Wordpress Wordpress 4.0
Debian Debian Linux 7.0
Debian Debian Linux 8.0
570
VMScore
CVE-2014-9038
wp-includes/http.php in WordPress prior to 3.7.5, 3.8.x prior to 3.8.5, 3.9.x prior to 3.9.3, and 4.x prior to 4.0.1 allows remote malicious users to conduct server-side request forgery (SSRF) attacks by referring to a 127.0.0.0/8 resource.
Wordpress Wordpress
Wordpress Wordpress 3.8
Wordpress Wordpress 3.8.1
Wordpress Wordpress 3.9.1
Wordpress Wordpress 3.9.2
Wordpress Wordpress 4.0
Wordpress Wordpress 3.8.2
Wordpress Wordpress 3.8.4
Wordpress Wordpress 3.8.3
Wordpress Wordpress 3.9
510
VMScore
CVE-2014-9034
wp-includes/class-phpass.php in WordPress prior to 3.7.5, 3.8.x prior to 3.8.5, 3.9.x prior to 3.9.3, and 4.x prior to 4.0.1 allows remote malicious users to cause a denial of service (CPU consumption) via a long password that is improperly handled during hashing, a similar issue...
Wordpress Wordpress 3.9.2
Wordpress Wordpress 4.0
Wordpress Wordpress
Wordpress Wordpress 3.8
Wordpress Wordpress 3.8.1
Wordpress Wordpress 3.8.2
Wordpress Wordpress 3.8.3
Wordpress Wordpress 3.9
Wordpress Wordpress 3.8.4
Wordpress Wordpress 3.9.1
2 EDB exploits
1 Github repository
446
VMScore
CVE-2017-14719
Before version 4.8.2, WordPress was vulnerable to a directory traversal attack during unzip operations in the ZipArchive and PclZip components.
Wordpress Wordpress 4.7.1
Wordpress Wordpress 4.7.2
Wordpress Wordpress 4.6.6
Wordpress Wordpress 4.6.5
Wordpress Wordpress 4.6.4
Wordpress Wordpress 4.5.7
Wordpress Wordpress 4.5.6
Wordpress Wordpress 4.5
Wordpress Wordpress 4.4.9
Wordpress Wordpress 4.4.11
Wordpress Wordpress 4.4.10
Wordpress Wordpress 4.3.5
Wordpress Wordpress 4.3.4
Wordpress Wordpress 4.3
Wordpress Wordpress 4.2.9
Wordpress Wordpress 4.2.16
Wordpress Wordpress 4.2.15
Wordpress Wordpress 4.2
Wordpress Wordpress 4.1.9
Wordpress Wordpress 4.1.2
Wordpress Wordpress 4.1.19
Wordpress Wordpress 4.1.11
2 Github repositories
383
VMScore
CVE-2015-3439
Cross-site scripting (XSS) vulnerability in the Ephox (formerly Moxiecode) plupload.flash.swf shim 2.1.2 in Plupload, as used in WordPress 3.9.x, 4.0.x, and 4.1.x prior to 4.1.2 and other products, allows remote malicious users to execute same-origin JavaScript functions via the ...
Debian Debian Linux 8.0
Debian Debian Linux 7.0
Wordpress Wordpress 3.9.3
Wordpress Wordpress 4.0
Wordpress Wordpress 3.9.0
Wordpress Wordpress 4.1.1
Wordpress Wordpress 3.9.1
Wordpress Wordpress 3.9.2
Wordpress Wordpress 4.0.1
Wordpress Wordpress 4.1
383
VMScore
CVE-2014-9032
Cross-site scripting (XSS) vulnerability in the media-playlists feature in WordPress prior to 3.9.x prior to 3.9.3 and 4.x prior to 4.0.1 allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Wordpress Wordpress 3.9.1
Wordpress Wordpress 4.0
Wordpress Wordpress 3.9
Wordpress Wordpress 3.9.2
383
VMScore
CVE-2014-9031
Cross-site scripting (XSS) vulnerability in the wptexturize function in WordPress prior to 3.7.5, 3.8.x prior to 3.8.5, and 3.9.x prior to 3.9.3 allows remote malicious users to inject arbitrary web script or HTML via crafted use of shortcode brackets in a text field, as demonstr...
Wordpress Wordpress
Wordpress Wordpress 3.8
Wordpress Wordpress 3.8.1
Wordpress Wordpress 3.8.2
Wordpress Wordpress 3.9.2
Wordpress Wordpress 3.8.4
Wordpress Wordpress 3.9.1
Wordpress Wordpress 3.8.3
Wordpress Wordpress 3.9
1 Github repository
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-29895
inject
CVE-2023-52689
CVE-2024-5049
CVE-2024-5051
privilege escalation
physical
CVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »