Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 3.9.0 vulnerabilities and exploits
(subscribe to this query)
6.8
CVSSv2
CVE-2014-5205
wp-includes/pluggable.php in WordPress prior to 3.9.2 does not use delimiters during concatenation of action values and uid values in CSRF tokens, which makes it easier for remote malicious users to bypass a CSRF protection mechanism via a brute-force attack.
Wordpress Wordpress 3.9.0
Wordpress Wordpress
7.5
CVSSv2
CVE-2014-5203
wp-includes/class-wp-customize-widgets.php in the widget implementation in WordPress 3.9.x prior to 3.9.2 might allow remote malicious users to execute arbitrary code via crafted serialized data.
Wordpress Wordpress 3.9.0
Wordpress Wordpress 3.9.1
6.8
CVSSv2
CVE-2014-5204
wp-includes/pluggable.php in WordPress prior to 3.9.2 rejects invalid CSRF nonces with a different timing depending on which characters in the nonce are incorrect, which makes it easier for remote malicious users to bypass a CSRF protection mechanism via a brute-force attack.
Debian Debian Linux 7.0
Wordpress Wordpress 3.9.0
Wordpress Wordpress
4.3
CVSSv2
CVE-2015-3439
Cross-site scripting (XSS) vulnerability in the Ephox (formerly Moxiecode) plupload.flash.swf shim 2.1.2 in Plupload, as used in WordPress 3.9.x, 4.0.x, and 4.1.x prior to 4.1.2 and other products, allows remote malicious users to execute same-origin JavaScript functions via the ...
Debian Debian Linux 8.0
Debian Debian Linux 7.0
Wordpress Wordpress 3.9.3
Wordpress Wordpress 4.0
Wordpress Wordpress 3.9.0
Wordpress Wordpress 4.1.1
Wordpress Wordpress 3.9.1
Wordpress Wordpress 3.9.2
Wordpress Wordpress 4.0.1
Wordpress Wordpress 4.1
2.1
CVSSv2
CVE-2014-5240
Cross-site scripting (XSS) vulnerability in wp-includes/pluggable.php in WordPress prior to 3.9.2, when Multisite is enabled, allows remote authenticated administrators to inject arbitrary web script or HTML, and obtain Super Admin privileges, via a crafted avatar URL.
Wordpress Wordpress 3.0.5
Wordpress Wordpress 3.0.6
Wordpress Wordpress 3.1
Wordpress Wordpress 3.1.1
Wordpress Wordpress 3.5.0
Wordpress Wordpress 3.5.1
Wordpress Wordpress 3.6
Wordpress Wordpress 3.6.1
Wordpress Wordpress 3.0.1
Wordpress Wordpress 3.0.3
Wordpress Wordpress 3.1.3
Wordpress Wordpress 3.2
Wordpress Wordpress 3.3.2
Wordpress Wordpress 3.4.0
Wordpress Wordpress 3.4.2
Wordpress Wordpress 3.7
Wordpress Wordpress 3.8
Wordpress Wordpress 3.0
Wordpress Wordpress 3.2.1
Wordpress Wordpress 3.3
Wordpress Wordpress 3.3.1
Wordpress Wordpress 3.9.0
5
CVSSv2
CVE-2014-5266
The Incutio XML-RPC (IXR) Library, as used in WordPress prior to 3.9.2 and Drupal 6.x prior to 6.33 and 7.x prior to 7.31, does not limit the number of elements in an XML document, which allows remote malicious users to cause a denial of service (CPU consumption) via a large docu...
Wordpress Wordpress 3.0
Wordpress Wordpress 3.0.1
Wordpress Wordpress 3.0.2
Wordpress Wordpress 3.0.3
Wordpress Wordpress 3.3.1
Wordpress Wordpress 3.3.2
Wordpress Wordpress 3.3.3
Wordpress Wordpress 3.4.0
Wordpress Wordpress 3.0.4
Wordpress Wordpress 3.0.6
Wordpress Wordpress 3.2
Wordpress Wordpress 3.3
Wordpress Wordpress 3.4.1
Wordpress Wordpress 3.5.0
Wordpress Wordpress 3.8.1
Wordpress Wordpress
Wordpress Wordpress 3.1.1
Wordpress Wordpress 3.1.2
Wordpress Wordpress 3.1.3
Wordpress Wordpress 3.1.4
Wordpress Wordpress 3.6
Wordpress Wordpress 3.6.1
5
CVSSv2
CVE-2014-5265
The Incutio XML-RPC (IXR) Library, as used in WordPress prior to 3.9.2 and Drupal 6.x prior to 6.33 and 7.x prior to 7.31, permits entity declarations without considering recursion during entity expansion, which allows remote malicious users to cause a denial of service (memory a...
Wordpress Wordpress 3.0
Wordpress Wordpress 3.0.1
Wordpress Wordpress 3.0.2
Wordpress Wordpress 3.3.1
Wordpress Wordpress 3.3.2
Wordpress Wordpress 3.3.3
Wordpress Wordpress 3.4.0
Wordpress Wordpress 3.1
Wordpress Wordpress 3.1.1
Wordpress Wordpress 3.1.2
Wordpress Wordpress 3.1.3
Wordpress Wordpress 3.1.4
Wordpress Wordpress 3.6
Wordpress Wordpress 3.6.1
Wordpress Wordpress 3.7
Wordpress Wordpress 3.7.1
Wordpress Wordpress 3.0.4
Wordpress Wordpress 3.0.6
Wordpress Wordpress 3.2
Wordpress Wordpress 3.3
Wordpress Wordpress 3.4.1
Wordpress Wordpress 3.5.0
6.8
CVSSv2
CVE-2015-0895
Cross-site request forgery (CSRF) vulnerability in the All In One WP Security & Firewall plugin prior to 3.9.0 for WordPress allows remote malicious users to hijack the authentication of administrators for requests that delete logs of 404 (aka Not Found) HTTP status codes.
Tips And Tricks Hq All In One Wordpress Security And Firewall
NA
CVE-2023-0814
The Profile Builder – User Profile & User Registration Forms plugin for WordPress is vulnerable to sensitive information disclosure via the [user_meta] shortcode in versions up to, and including 3.9.0. This is due to insufficient restriction on sensitive user meta value...
Cozmoslabs Profile Builder
NA
CVE-2023-2733
The MStore API plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.9.0. This is due to insufficient verification on the user being supplied during the coupon redemption REST API request through the plugin. This makes it possible for una...
Inspireui Mstore Api
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
cross-site request forgery
CVE-2024-34351
CVE-2024-1076
CVE-2024-25522
CVE-2024-34547
CVE-2024-4644
unauthorized
remote
CVE-2024-4671
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »