Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 3.3 vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2022-4305
The Login as User or Customer WordPress plugin prior to 3.3 lacks authorization checks to ensure that users are allowed to log in as another one, which could allow unauthenticated malicious users to obtain a valid admin session.
Wp-buy Login As User Or Customer (user Switching)
9.8
CVSSv3
CVE-2019-14348
The BearDev JoomSport plugin 3.3 for WordPress allows SQL injection to steal, modify, or delete database information via the joomsport_season/new-yorkers/?action=playerlist sid parameter.
Beardev Joomsport 3.3
1 EDB exploit
8.8
CVSSv3
CVE-2023-0262
The WP Airbnb Review Slider WordPress plugin prior to 3.3 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as subscriber.
Ljapps Wp Airbnb Review Slider
7.5
CVSSv3
CVE-2017-14719
Before version 4.8.2, WordPress was vulnerable to a directory traversal attack during unzip operations in the ZipArchive and PclZip components.
Wordpress Wordpress 3.0.5
Wordpress Wordpress 4.0.1
Wordpress Wordpress 3.6.1
Wordpress Wordpress 4.1.1
Wordpress Wordpress 3.7
Wordpress Wordpress 3.9.3
Wordpress Wordpress 3.0.2
Wordpress Wordpress 3.2.1
Wordpress Wordpress 3.1.4
Wordpress Wordpress 3.0
Wordpress Wordpress 3.8.3
Wordpress Wordpress 3.2
Wordpress Wordpress 3.3.3
Wordpress Wordpress 3.0.1
Wordpress Wordpress 3.9.2
Wordpress Wordpress 3.7.1
Wordpress Wordpress 4.5.3
Wordpress Wordpress 3.1.3
Wordpress Wordpress 3.7.4
Wordpress Wordpress 3.8.2
Wordpress Wordpress 4.7.1
Wordpress Wordpress 3.0.4
2 Github repositories
7.5
CVSSv3
CVE-2015-5682
upload.php in the Powerplay Gallery plugin 3.3 for WordPress allows remote malicious users to create arbitrary directories via vectors related to the targetDir variable.
Powerplay Gallery Project Powerplay Gallery 3.3
5.4
CVSSv3
CVE-2023-5614
The Theme Switcha plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'theme_switcha_list' shortcode in all versions up to, and including, 3.3 due to insufficient input sanitization and output escaping on user supplied attributes. Thi...
Plugin-planet Theme Switcha
5.4
CVSSv3
CVE-2022-4792
The News & Blog Designer Pack WordPress plugin prior to 3.3 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack.
Infornweb News & Blog Designer Pack
4.3
CVSSv3
CVE-2023-2495
The Greeklish-permalink WordPress plugin up to and including 3.3 does not implement correct authorization or nonce checks in the cyrtrans_ajax_old AJAX action, allowing unauthenticated and low-privilege users to trigger the plugin's functionality to change Post slugs either ...
Greeklish-permalink Project Greeklish-permalink
NA
CVE-2024-1850
The AI Post Generator | AutoWriter plugin for WordPress is vulnerable to unauthorized access, modification or deletion of posts due to a missing capability check on functions hooked by AJAX actions in all versions up to, and including, 3.3. This makes it possible for authenticate...
NA
CVE-2015-5681
Unrestricted file upload vulnerability in upload.php in the Powerplay Gallery plugin 3.3 for WordPress allows remote malicious users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in *_uploadfolder/bi...
Wpslideshow Powerplay Gallery 3.3
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
type confusion
IMAP
CVE-2024-36103
CVE-2024-28995
CVE-2024-37325
CVE-2024-30078
CVE-2024-30082
SQL injection
CVE-2024-30052
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »