Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

wordpress wordpress 3.4.0 vulnerabilities and exploits

(subscribe to this query)
4.3
CVSSv2
CVE-2015-9327
The flickr-justified-gallery plugin prior to 3.4.0 for WordPress has XSS.
Flickr Justified Gallery Project Flickr Justified Gallery
NA
CVE-2024-2309
The WP STAGING WordPress Backup Plugin WordPress plugin prior to 3.4.0, wp-staging-pro WordPress plugin prior to 5.4.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when ...
5
CVSSv2
CVE-2021-24677
The Find My Blocks WordPress plugin prior to 3.4.0 does not have authorisation checks in its REST API, which could allow unauthenticated users to enumerate private posts' titles.
Find My Blocks Project Find My Blocks
NA
CVE-2022-3420
The Official Integration for Billingo WordPress plugin prior to 3.4.0 does not sanitise and escape some of its settings, which could allow high privilege users with a role as low as Shop Manager to perform Stored Cross-Site Scripting attacks.
Official Integration For Billingo Project Official Integration For Billingo
NA
CVE-2022-3906
The Easy Form Builder WordPress plugin prior to 3.4.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in mult...
Whitestudio Easy Form Builder
NA
CVE-2022-4777
The Bootstrap Shortcodes WordPress plugin up to and including 3.4.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored...
Bootstrap Shortcodes Project Bootstrap Shortcodes
NA
CVE-2024-1385
The WP-Stateless – Google Cloud Storage plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the dismiss_notices() function in all versions up to, and including, 3.4.0. This makes it possible for authenticated attackers, with ...
4.3
CVSSv2
CVE-2020-11023
In jQuery versions greater than or equal to 1.0.3 and prior to 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted c...
Jquery JqueryDebian Debian Linux 9.0Fedoraproject Fedora 31Fedoraproject Fedora 32Fedoraproject Fedora 33Drupal DrupalOracle Weblogic Server 12.1.3.0.0Oracle Hyperion Financial Reporting 11.1.2.4Oracle Weblogic Server 12.2.1.3.0Oracle Webcenter Sites 12.2.1.3.0Oracle Application Testing Suite 13.3.0.1Oracle Communications Operations Monitor 3.4Oracle Weblogic Server 12.2.1.4.0Oracle Webcenter Sites 12.2.1.4.0Oracle Weblogic Server 14.1.1.0.0Oracle Communications Interactive Session RecorderOracle Communications Element Manager 8.2.0Oracle Communications Element Manager 8.2.1Oracle Communications Element Manager 8.1.1Oracle Application ExpressOracle Rest Data Services 12.2.0.1Oracle Rest Data Services 12.1.0.2
4.3
CVSSv2
CVE-2019-11358
jQuery prior to 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.
Jquery JqueryDebian Debian Linux 8.0Debian Debian Linux 9.0Debian Debian Linux 10.0Drupal DrupalBackdropcms BackdropFedoraproject Fedora 28Fedoraproject Fedora 29Fedoraproject Fedora 30Opensuse Leap 15.1Opensuse Backports Sle 15.0Netapp Snapcenter -Netapp Oncommand System ManagerRedhat Cloudforms 4.7Redhat Virtualization Manager 4.3Oracle Service Bus 12.1.3.0.0Oracle Primavera Unifier 16.2Oracle Jd Edwards Enterpriseone Tools 9.2Oracle Weblogic Server 12.1.3.0.0Oracle Service Bus 11.1.1.9.0Oracle Jdeveloper 11.1.1.9.0Oracle Primavera Unifier 16.1
4.3
CVSSv2
CVE-2020-11022
In jQuery versions greater than or equal to 1.2 and prior to 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuer...
Jquery JqueryDrupal DrupalDebian Debian Linux 9.0Fedoraproject Fedora 31Fedoraproject Fedora 32Fedoraproject Fedora 33Oracle Weblogic Server 12.1.3.0.0Oracle Jdeveloper 11.1.1.9.0Oracle Retail Back Office 14.1Oracle Retail Back Office 14.0Oracle Peoplesoft Enterprise Peopletools 8.56Oracle Weblogic Server 10.3.6.0.0Oracle Communications Webrtc Session Controller 7.2Oracle Weblogic Server 12.2.1.3.0Oracle Agile Product Lifecycle Management For Process 6.2.0.0Oracle Peoplesoft Enterprise Peopletools 8.57Oracle Application Testing Suite 13.3.0.1Oracle Retail Returns Management 14.0Oracle Retail Returns Management 14.1Oracle Jdeveloper 12.2.1.3.0Oracle Policy Automation Connector For Siebel 10.4.6Oracle Financial Services Market Risk Measurement And Management 8.0.6
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-3675CVE-2024-3400CVE-2024-23557mass assignmentCVE-2023-1389local file inclusionCVE-2024-32596file uploadCVE-2024-32593
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook