Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 3.8.2 vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2021-24772
The Stream WordPress plugin prior to 3.8.2 does not sanitise and validate the order GET parameter from the Stream Records admin dashboard before using it in a SQL statement, leading to an SQL injection issue.
Xwp Stream
7.5
CVSSv3
CVE-2020-20625
Sliced Invoices plugin for WordPress 3.8.2 and previous versions allows unauthenticated information disclosure and authenticated SQL injection via core/class-sliced.php.
Slicedinvoices Sliced Invoices 3.8.2
7.5
CVSSv3
CVE-2017-14719
Before version 4.8.2, WordPress was vulnerable to a directory traversal attack during unzip operations in the ZipArchive and PclZip components.
Wordpress Wordpress 3.0.5
Wordpress Wordpress 4.0.1
Wordpress Wordpress 3.6.1
Wordpress Wordpress 4.1.1
Wordpress Wordpress 3.7
Wordpress Wordpress 3.9.3
Wordpress Wordpress 3.0.2
Wordpress Wordpress 3.2.1
Wordpress Wordpress 3.1.4
Wordpress Wordpress 3.0
Wordpress Wordpress 3.8.3
Wordpress Wordpress 3.2
Wordpress Wordpress 3.3.3
Wordpress Wordpress 3.0.1
Wordpress Wordpress 3.9.2
Wordpress Wordpress 3.7.1
Wordpress Wordpress 4.5.3
Wordpress Wordpress 3.1.3
Wordpress Wordpress 3.7.4
Wordpress Wordpress 3.8.2
Wordpress Wordpress 4.7.1
Wordpress Wordpress 3.0.4
2 Github repositories
6.4
CVSSv3
CVE-2024-4710
The UberMenu plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ubermenu-col, ubermenu_mobile_close_button, ubermenu_toggle, ubermenu-search shortcodes in all versions up to, and including, 3.8.2 due to insufficient input sanitization and outp...
5.4
CVSSv3
CVE-2023-4283
The EmbedPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'embedpress_calendar' shortcode in versions up to, and including, 3.8.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possibl...
Wpdeveloper Embedpress
4.3
CVSSv3
CVE-2023-4282
The EmbedPress plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'admin_post_remove' and 'remove_private_data' functions in versions up to, and including, 3.8.2. This makes it possible for authenticated at...
Wpdeveloper Embedpress
NA
CVE-2015-0166
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none
NA
CVE-2014-9035
Cross-site scripting (XSS) vulnerability in Press This in WordPress prior to 3.7.5, 3.8.x prior to 3.8.5, 3.9.x prior to 3.9.3, and 4.x prior to 4.0.1 allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Wordpress Wordpress 3.8.3
Wordpress Wordpress 3.9.2
Wordpress Wordpress 3.8.2
Wordpress Wordpress 4.0
Wordpress Wordpress 3.8
Wordpress Wordpress 3.8.1
Wordpress Wordpress 3.9.1
Wordpress Wordpress 3.8.4
Wordpress Wordpress
Wordpress Wordpress 3.9
Debian Debian Linux 8.0
Debian Debian Linux 7.0
NA
CVE-2014-9036
Cross-site scripting (XSS) vulnerability in WordPress prior to 3.7.5, 3.8.x prior to 3.8.5, 3.9.x prior to 3.9.3, and 4.x prior to 4.0.1 allows remote malicious users to inject arbitrary web script or HTML via a crafted Cascading Style Sheets (CSS) token sequence in a post.
Wordpress Wordpress 3.8.3
Wordpress Wordpress 3.9.2
Wordpress Wordpress 3.8.2
Wordpress Wordpress 4.0
Wordpress Wordpress 3.8
Wordpress Wordpress 3.8.1
Wordpress Wordpress 3.9.1
Wordpress Wordpress 3.8.4
Wordpress Wordpress
Wordpress Wordpress 3.9
Debian Debian Linux 8.0
Debian Debian Linux 7.0
NA
CVE-2014-9039
wp-login.php in WordPress prior to 3.7.5, 3.8.x prior to 3.8.5, 3.9.x prior to 3.9.3, and 4.x prior to 4.0.1 might allow remote malicious users to reset passwords by leveraging access to an e-mail account that received a password-reset message.
Debian Debian Linux 8.0
Debian Debian Linux 7.0
Mageia Project Mageia 4
Mageia Project Mageia 3
Wordpress Wordpress 3.8.3
Wordpress Wordpress 3.9.2
Wordpress Wordpress 3.8.2
Wordpress Wordpress 4.0
Wordpress Wordpress 3.8
Wordpress Wordpress 3.8.1
Wordpress Wordpress 3.9.1
Wordpress Wordpress 3.8.4
Wordpress Wordpress
Wordpress Wordpress 3.9
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-30078
CVE-2024-37896
code injection
CVE-2024-3080
CVE-2024-5172
cross-site request forgery
CVE-2024-6111
firmware
CVE-2024-38504
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »