Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 3.4 vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2017-18600
The formcraft3 plugin prior to 3.4 for WordPress has stored XSS via the "New Form > Heading > Heading Text" field.
Ncrafts Formcraft
6.1
CVSSv3
CVE-2023-4950
The Interactive Contact Form and Multi Step Form Builder WordPress plugin prior to 3.4 does not sanitise and escape some parameters, which could allow unauthenticated users to perform Cross-Site Scripting attacks
Funnelforms Funnelforms
NA
CVE-2014-5324
Unrestricted file upload vulnerability in the N-Media file uploader plugin prior to 3.4 for WordPress allows remote authenticated users to execute arbitrary PHP code by leveraging Author privileges to store a file.
Najeebmedia N-media File Uploader 3.0
Najeebmedia N-media File Uploader 3.1
Najeebmedia N-media File Uploader
Najeebmedia N-media File Uploader 3.2
NA
CVE-2023-7085
The Scalable Vector Graphics (SVG) WordPress plugin up to and including 3.4 does not sanitize uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads.
5.4
CVSSv3
CVE-2022-4790
The WP Google My Business Auto Publish WordPress plugin prior to 3.4 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack.
Auto Publish For Google My Business Project Auto Publish For Google My Business
4.3
CVSSv3
CVE-2023-5415
The Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnsf_add_category function in versions up to, and including, 3.4. This makes it possible for authenticated attackers, with subscriber-level permis...
Funnelforms Funnelforms
4.3
CVSSv3
CVE-2023-5416
The Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnsf_delete_category function in versions up to, and including, 3.4. This makes it possible for authenticated attackers, with subscriber-level per...
Funnelforms Funnelforms
4.3
CVSSv3
CVE-2023-5385
The Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnsf_copy_posts function in versions up to, and including, 3.4. This makes it possible for authenticated attackers, with subscriber-level permissi...
Funnelforms Funnelforms
4.3
CVSSv3
CVE-2023-5387
The Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnsf_af2_trigger_dark_mode function in versions up to, and including, 3.4. This makes it possible for authenticated attackers, with subscriber-lev...
Funnelforms Funnelforms
4.3
CVSSv3
CVE-2023-5417
The Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnsf_update_category function in versions up to, and including, 3.4. This makes it possible for authenticated attackers, with subscriber-level per...
Funnelforms Funnelforms
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injection
firmware
CVE-2006-4304
CVE-2024-32878
CVE-2024-31502
XSS
CVE-2024-3059
CVE-2024-33692
CVE-2024-3400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »