Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
By Recent Activity
wordpress wordpress 3.4.2 vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2016-10961
The colorway theme before 3.4.2 for WordPress has XSS via the contactName parameter....
6.8
CVSSv2
CVE-2012-4448
Cross-site request forgery (CSRF) vulnerability in wp-admin/index.php in WordPress 3.4.2 allows remote attackers to hijack the authentication of administrators for requests that modify an RSS URL via a dashboard_incoming_links edit action....
4
CVSSv2
CVE-2021-24200
The wpDataTables – Tables & Table Charts premium WordPress plugin before 3.4.2 allows a low privilege authenticated user to perform Boolean-based blind SQL Injection in the table list page on the endpoint /wp-admin/admin-ajax.php?action=get_wdtable&table_id=1, on...
2.6
CVSSv2
CVE-2012-5868
WordPress 3.4.2 does not invalidate a wordpress_sec session cookie upon an administrator's logout action, which makes it easier for remote attackers to discover valid session identifiers via a brute-force attack, or modify data via a replay attack....
4
CVSSv2
CVE-2021-24199
The wpDataTables – Tables & Table Charts premium WordPress plugin before 3.4.2 allows a low privilege authenticated user to perform Boolean-based blind SQL Injection in the table list page on the endpoint /wp-admin/admin-ajax.php?action=get_wdtable&table_id=1, on...
3.5
CVSSv2
CVE-2012-4422
wp-admin/plugins.php in WordPress before 3.4.2, when the multisite feature is enabled, does not check for network-administrator privileges before performing a network-wide activation of an installed plugin, which might allow remote authenticated users to make unintended plugin...
4
CVSSv2
CVE-2012-4421
The create_post function in wp-includes/class-wp-atom-server.php in WordPress before 3.4.2 does not perform a capability check, which allows remote authenticated users to bypass intended access restrictions and publish new posts by leveraging the Contributor role and using the...
2.6
CVSSv2
CVE-2012-3383
The map_meta_cap function in wp-includes/capabilities.php in WordPress 3.4.x before 3.4.2, when the multisite feature is enabled, does not properly assign the unfiltered_html capability, which allows remote authenticated users to bypass intended access restrictions and conduct...
5.5
CVSSv2
CVE-2021-24198
The wpDataTables – Tables & Table Charts premium WordPress plugin before 3.4.2 has Improper Access Control. A low privilege authenticated user that visits the page where the table is published can tamper the parameters to delete the data of another user that are...
5.5
CVSSv2
CVE-2021-24197
The wpDataTables – Tables & Table Charts premium WordPress plugin before 3.4.2 has Improper Access Control. A low privilege authenticated user that visits the page where the table is published can tamper the parameters to access the data of another user that are...
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-27833
firewall
malicious code
CVE-2021-28482
file upload
CVE-2021-1079
CVE-2021-29606
CVE-2021-29596
CVE-2021-32054
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
Vulmon