Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 3.9 vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2021-24829
The Visitor Traffic Real Time Statistics WordPress plugin prior to 3.9 does not validate and escape user input passed to the today_traffic_index AJAX action (available to any authenticated users) before using it in a SQL statement, leading to an SQL injection issue
Wp-buy Visitor Traffic Real Time Statistics
7.5
CVSSv3
CVE-2017-14719
Before version 4.8.2, WordPress was vulnerable to a directory traversal attack during unzip operations in the ZipArchive and PclZip components.
Wordpress Wordpress 4.7.1
Wordpress Wordpress 4.7.2
Wordpress Wordpress 4.6.6
Wordpress Wordpress 4.6.5
Wordpress Wordpress 4.6.4
Wordpress Wordpress 4.5.7
Wordpress Wordpress 4.5.6
Wordpress Wordpress 4.5
Wordpress Wordpress 4.4.9
Wordpress Wordpress 4.4.11
Wordpress Wordpress 4.4.10
Wordpress Wordpress 4.3.5
Wordpress Wordpress 4.3.4
Wordpress Wordpress 4.3
Wordpress Wordpress 4.2.9
Wordpress Wordpress 4.2.16
Wordpress Wordpress 4.2.15
Wordpress Wordpress 4.2
Wordpress Wordpress 4.1.9
Wordpress Wordpress 4.1.2
Wordpress Wordpress 4.1.19
Wordpress Wordpress 4.1.11
2 Github repositories
6.1
CVSSv3
CVE-2022-0780
The SearchIQ WordPress plugin prior to 3.9 contains a flag to disable the verification of CSRF nonces, granting unauthenticated attackers access to the siq_ajax AJAX action and allowing them to perform Cross-Site Scripting attacks due to the lack of sanitisation and escaping in t...
Searchiq Searchiq
6.1
CVSSv3
CVE-2018-6002
The Soundy Background Music plugin 3.9 and below for WordPress has Cross-Site Scripting via soundy-background-music\templates\front-end.php (war_soundy_preview parameter).
Webartisan Soundy Background Music
4.3
CVSSv3
CVE-2022-32587
Cross-Site Request Forgery (CSRF) vulnerability in CodeAndMore WP Page Widget plugin <= 3.9 on WordPress leading to plugin settings change.
Codeandmore Wp Page Widget
NA
CVE-2015-3439
Cross-site scripting (XSS) vulnerability in the Ephox (formerly Moxiecode) plupload.flash.swf shim 2.1.2 in Plupload, as used in WordPress 3.9.x, 4.0.x, and 4.1.x prior to 4.1.2 and other products, allows remote malicious users to execute same-origin JavaScript functions via the ...
Debian Debian Linux 8.0
Debian Debian Linux 7.0
Wordpress Wordpress 3.9.3
Wordpress Wordpress 4.0
Wordpress Wordpress 3.9.0
Wordpress Wordpress 4.1.1
Wordpress Wordpress 3.9.1
Wordpress Wordpress 3.9.2
Wordpress Wordpress 4.0.1
Wordpress Wordpress 4.1
NA
CVE-2014-9031
Cross-site scripting (XSS) vulnerability in the wptexturize function in WordPress prior to 3.7.5, 3.8.x prior to 3.8.5, and 3.9.x prior to 3.9.3 allows remote malicious users to inject arbitrary web script or HTML via crafted use of shortcode brackets in a text field, as demonstr...
Wordpress Wordpress
Wordpress Wordpress 3.8
Wordpress Wordpress 3.8.1
Wordpress Wordpress 3.8.2
Wordpress Wordpress 3.9.2
Wordpress Wordpress 3.8.4
Wordpress Wordpress 3.9.1
Wordpress Wordpress 3.8.3
Wordpress Wordpress 3.9
1 Github repository
NA
CVE-2014-9032
Cross-site scripting (XSS) vulnerability in the media-playlists feature in WordPress prior to 3.9.x prior to 3.9.3 and 4.x prior to 4.0.1 allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Wordpress Wordpress 3.9.1
Wordpress Wordpress 4.0
Wordpress Wordpress 3.9
Wordpress Wordpress 3.9.2
NA
CVE-2014-9035
Cross-site scripting (XSS) vulnerability in Press This in WordPress prior to 3.7.5, 3.8.x prior to 3.8.5, 3.9.x prior to 3.9.3, and 4.x prior to 4.0.1 allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Wordpress Wordpress
Wordpress Wordpress 3.8.4
Wordpress Wordpress 3.9
Wordpress Wordpress 3.9.1
Wordpress Wordpress 3.9.2
Wordpress Wordpress 3.8.1
Wordpress Wordpress 3.8.3
Wordpress Wordpress 4.0
Wordpress Wordpress 3.8
Wordpress Wordpress 3.8.2
Debian Debian Linux 8.0
Debian Debian Linux 7.0
NA
CVE-2014-9036
Cross-site scripting (XSS) vulnerability in WordPress prior to 3.7.5, 3.8.x prior to 3.8.5, 3.9.x prior to 3.9.3, and 4.x prior to 4.0.1 allows remote malicious users to inject arbitrary web script or HTML via a crafted Cascading Style Sheets (CSS) token sequence in a post.
Wordpress Wordpress
Wordpress Wordpress 3.8
Wordpress Wordpress 3.8.1
Wordpress Wordpress 3.8.2
Wordpress Wordpress 3.9.1
Wordpress Wordpress 4.0
Wordpress Wordpress 3.8.3
Wordpress Wordpress 3.9
Wordpress Wordpress 3.8.4
Wordpress Wordpress 3.9.2
Debian Debian Linux 8.0
Debian Debian Linux 7.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30043
camera
CVE-2023-40404
CVE-2024-2793
client side
CVE-2024-4469
CVE-2024-3565
CVE-2024-29825
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »