Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 3.9.2 vulnerabilities and exploits
(subscribe to this query)
755
VMScore
CVE-2014-1854
SQL injection vulnerability in library/clicktracker.php in the AdRotate Pro plugin 3.9 up to and including 3.9.5 and AdRotate Free plugin 3.9 up to and including 3.9.4 for WordPress allows remote malicious users to execute arbitrary SQL commands via the track parameter.
Adrotateplugin Adrotate 3.9.3
Adrotateplugin Adrotate 3.9.2
Adrotateplugin Adrotate 3.9.
Adrotateplugin Adrotate 3.9.1
Adrotateplugin Adrotate 3.9.5
Adrotateplugin Adrotate 3.9.4
1 EDB exploit
668
VMScore
CVE-2014-5203
wp-includes/class-wp-customize-widgets.php in the widget implementation in WordPress 3.9.x prior to 3.9.2 might allow remote malicious users to execute arbitrary code via crafted serialized data.
Wordpress Wordpress 3.9.0
Wordpress Wordpress 3.9.1
668
VMScore
CVE-2014-2053
getID3() prior to 1.9.8, as used in ownCloud Server prior to 5.0.15 and 6.0.x prior to 6.0.2, allows remote malicious users to read arbitrary files, cause a denial of service, or possibly have other impact via an XML External Entity (XXE) attack.
Getid3 Getid3 1.9.1
Getid3 Getid3 1.9.0
Owncloud Owncloud 5.0.14
Owncloud Owncloud
Owncloud Owncloud 5.0.2
Owncloud Owncloud 5.0.9
Getid3 Getid3 1.9.3
Getid3 Getid3 1.9.2
Owncloud Owncloud 5.0.12
Owncloud Owncloud 5.0.13
Owncloud Owncloud 5.0.7
Owncloud Owncloud 5.0.8
Getid3 Getid3
Getid3 Getid3 1.9.6
Owncloud Owncloud 5.0.0
Owncloud Owncloud 5.0.1
Owncloud Owncloud 5.0.3
Owncloud Owncloud 5.0.4
Getid3 Getid3 1.9.5
Getid3 Getid3 1.9.4
Owncloud Owncloud 5.0.10
Owncloud Owncloud 5.0.11
605
VMScore
CVE-2014-9033
Cross-site request forgery (CSRF) vulnerability in wp-login.php in WordPress 3.7.4, 3.8.4, 3.9.2, and 4.0 allows remote malicious users to hijack the authentication of arbitrary users for requests that reset passwords.
Wordpress Wordpress 3.7.4
Wordpress Wordpress 3.8.4
Wordpress Wordpress 3.9.2
Wordpress Wordpress 4.0
605
VMScore
CVE-2014-9037
WordPress prior to 3.7.5, 3.8.x prior to 3.8.5, 3.9.x prior to 3.9.3, and 4.x prior to 4.0.1 might allow remote malicious users to obtain access to an account idle since 2008 by leveraging an improper PHP dynamic type comparison for an MD5 hash.
Mageia Project Mageia 4
Mageia Project Mageia 3
Wordpress Wordpress 3.8
Wordpress Wordpress 3.9
Wordpress Wordpress 3.9.2
Wordpress Wordpress 3.8.1
Wordpress Wordpress 3.8.2
Wordpress Wordpress 3.8.3
Wordpress Wordpress 3.8.4
Wordpress Wordpress
Wordpress Wordpress 3.9.1
Wordpress Wordpress 4.0
Debian Debian Linux 7.0
Debian Debian Linux 8.0
605
VMScore
CVE-2014-5204
wp-includes/pluggable.php in WordPress prior to 3.9.2 rejects invalid CSRF nonces with a different timing depending on which characters in the nonce are incorrect, which makes it easier for remote malicious users to bypass a CSRF protection mechanism via a brute-force attack.
Debian Debian Linux 7.0
Wordpress Wordpress 3.9.0
Wordpress Wordpress
605
VMScore
CVE-2014-5205
wp-includes/pluggable.php in WordPress prior to 3.9.2 does not use delimiters during concatenation of action values and uid values in CSRF tokens, which makes it easier for remote malicious users to bypass a CSRF protection mechanism via a brute-force attack.
Wordpress Wordpress 3.9.0
Wordpress Wordpress
570
VMScore
CVE-2014-9038
wp-includes/http.php in WordPress prior to 3.7.5, 3.8.x prior to 3.8.5, 3.9.x prior to 3.9.3, and 4.x prior to 4.0.1 allows remote malicious users to conduct server-side request forgery (SSRF) attacks by referring to a 127.0.0.0/8 resource.
Wordpress Wordpress
Wordpress Wordpress 3.8
Wordpress Wordpress 3.8.1
Wordpress Wordpress 3.9.1
Wordpress Wordpress 3.9.2
Wordpress Wordpress 4.0
Wordpress Wordpress 3.8.2
Wordpress Wordpress 3.8.4
Wordpress Wordpress 3.8.3
Wordpress Wordpress 3.9
540
VMScore
CVE-2014-5266
The Incutio XML-RPC (IXR) Library, as used in WordPress prior to 3.9.2 and Drupal 6.x prior to 6.33 and 7.x prior to 7.31, does not limit the number of elements in an XML document, which allows remote malicious users to cause a denial of service (CPU consumption) via a large docu...
Wordpress Wordpress 3.0
Wordpress Wordpress 3.0.1
Wordpress Wordpress 3.0.2
Wordpress Wordpress 3.0.3
Wordpress Wordpress 3.3.1
Wordpress Wordpress 3.3.2
Wordpress Wordpress 3.3.3
Wordpress Wordpress 3.4.0
Wordpress Wordpress 3.0.4
Wordpress Wordpress 3.0.6
Wordpress Wordpress 3.2
Wordpress Wordpress 3.3
Wordpress Wordpress 3.4.1
Wordpress Wordpress 3.5.0
Wordpress Wordpress 3.8.1
Wordpress Wordpress
Wordpress Wordpress 3.1.1
Wordpress Wordpress 3.1.2
Wordpress Wordpress 3.1.3
Wordpress Wordpress 3.1.4
Wordpress Wordpress 3.6
Wordpress Wordpress 3.6.1
510
VMScore
CVE-2014-9034
wp-includes/class-phpass.php in WordPress prior to 3.7.5, 3.8.x prior to 3.8.5, 3.9.x prior to 3.9.3, and 4.x prior to 4.0.1 allows remote malicious users to cause a denial of service (CPU consumption) via a long password that is improperly handled during hashing, a similar issue...
Wordpress Wordpress 3.9.2
Wordpress Wordpress 4.0
Wordpress Wordpress
Wordpress Wordpress 3.8
Wordpress Wordpress 3.8.1
Wordpress Wordpress 3.8.2
Wordpress Wordpress 3.8.3
Wordpress Wordpress 3.9
Wordpress Wordpress 3.8.4
Wordpress Wordpress 3.9.1
2 EDB exploits
1 Github repository
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
camera
bypass
CVE-2024-3592
CVE-2024-37383
CVE-2024-24919
CVE-2024-27822
CVE-2024-36788
CVE-2024-36789
man-in-the-middle
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »