Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 3.3.3 vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-0662
The FancyBox for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions 3.0.2 to 3.3.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level perm...
NA
CVE-2024-3136
The MasterStudy LMS plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.3.3 via the 'template' parameter. This makes it possible for unauthenticated malicious users to include and execute arbitrary files on the server, allo...
1 Github repository
NA
CVE-2022-3911
The iubenda WordPress plugin prior to 3.3.3 does does not have authorisation and CSRF in an AJAX action, and does not ensure that the options to be updated belong to the plugin as long as they are arrays. As a result, any authenticated users, such as subscriber can grant themselv...
Iubenda Iubenda-cookie-law-solution
5
CVSSv2
CVE-2022-0656
The Web To Print Shop : uDraw WordPress plugin prior to 3.3.3 does not validate the url parameter in its udraw_convert_url_to_base64 AJAX action (available to both unauthenticated and authenticated users) before using it in the file_get_contents function and returning its content...
Webtoprint Web To Print Shop\\ Udraw
6.8
CVSSv2
CVE-2016-10884
The simple-membership plugin prior to 3.3.3 for WordPress has multiple CSRF issues.
Simple-membership-plugin Simple Membership
5
CVSSv2
CVE-2017-14719
Before version 4.8.2, WordPress was vulnerable to a directory traversal attack during unzip operations in the ZipArchive and PclZip components.
Wordpress Wordpress 4.7.1
Wordpress Wordpress 4.7.2
Wordpress Wordpress 4.6.6
Wordpress Wordpress 4.6.5
Wordpress Wordpress 4.6.4
Wordpress Wordpress 4.5.7
Wordpress Wordpress 4.5.6
Wordpress Wordpress 4.5
Wordpress Wordpress 4.4.9
Wordpress Wordpress 4.4.11
Wordpress Wordpress 4.4.10
Wordpress Wordpress 4.3.5
Wordpress Wordpress 4.3.4
Wordpress Wordpress 4.3
Wordpress Wordpress 4.2.9
Wordpress Wordpress 4.2.16
Wordpress Wordpress 4.2.15
Wordpress Wordpress 4.2
Wordpress Wordpress 4.1.9
Wordpress Wordpress 4.1.2
Wordpress Wordpress 4.1.19
Wordpress Wordpress 4.1.11
2 Github repositories
3.5
CVSSv2
CVE-2015-6535
Cross-site scripting (XSS) vulnerability in includes/options-profiles.php in the YouTube Embed plugin prior to 3.3.3 for WordPress allows remote administrators to inject arbitrary web script or HTML via the Profile name field (youtube_embed_name parameter).
Youtube Embed Project Youtube Embed
3 Github repositories
7.5
CVSSv2
CVE-2014-7228
Akeeba Restore (restore.php), as used in Joomla! 2.5.4 up to and including 2.5.25, 3.x up to and including 3.2.5, and 3.3.0 up to and including 3.3.4; Akeeba Backup for Joomla! Professional 3.0.0 up to and including 4.0.2; Backup Professional for WordPress 1.0.b1 up to and includ...
Joomla Joomla\\! 2.5.4
Joomla Joomla\\! 2.5.11
Joomla Joomla\\! 2.5.13
Joomla Joomla\\! 2.5.18
Joomla Joomla\\! 2.5.21
Joomla Joomla\\! 3.0.2
Joomla Joomla\\! 3.0.4
Joomla Joomla\\! 3.1.6
Joomla Joomla\\! 3.2.1
Joomla Joomla\\! 3.3.0
Joomla Joomla\\! 3.3.2
Joomla Joomla\\! 2.5.5
Joomla Joomla\\! 2.5.6
Joomla Joomla\\! 2.5.7
Joomla Joomla\\! 2.5.8
Joomla Joomla\\! 2.5.9
Joomla Joomla\\! 2.5.23
Joomla Joomla\\! 2.5.24
Joomla Joomla\\! 2.5.25
Joomla Joomla\\! 3.0.0
Joomla Joomla\\! 3.2.2
Joomla Joomla\\! 3.2.3
1 EDB exploit
3.5
CVSSv2
CVE-2014-2995
Multiple cross-site scripting (XSS) vulnerabilities in twitget.php in the Twitget plugin prior to 3.3.3 for WordPress allow remote authenticated administrators to inject arbitrary web script or HTML via unspecified vectors, as demonstrated by the twitget_consumer_key parameter to...
Twitget Project Twitget
1 EDB exploit
6.8
CVSSv2
CVE-2014-2559
Multiple cross-site request forgery (CSRF) vulnerabilities in twitget.php in the Twitget plugin prior to 3.3.3 for WordPress allow remote malicious users to hijack the authentication of administrators for requests that change unspecified plugin options via a request to wp-admin/o...
Twitget Project Twitget
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30043
camera
CVE-2023-40404
CVE-2024-2793
client side
CVE-2024-4469
CVE-2024-3565
CVE-2024-29825
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
NEXT »