Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 3.9.2 vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2014-5205
wp-includes/pluggable.php in WordPress prior to 3.9.2 does not use delimiters during concatenation of action values and uid values in CSRF tokens, which makes it easier for remote malicious users to bypass a CSRF protection mechanism via a brute-force attack.
Wordpress Wordpress 3.9.0
Wordpress Wordpress
NA
CVE-2014-5266
The Incutio XML-RPC (IXR) Library, as used in WordPress prior to 3.9.2 and Drupal 6.x prior to 6.33 and 7.x prior to 7.31, does not limit the number of elements in an XML document, which allows remote malicious users to cause a denial of service (CPU consumption) via a large docu...
Wordpress Wordpress 3.0
Wordpress Wordpress 3.0.1
Wordpress Wordpress 3.0.2
Wordpress Wordpress 3.0.3
Wordpress Wordpress 3.3.1
Wordpress Wordpress 3.3.2
Wordpress Wordpress 3.3.3
Wordpress Wordpress 3.4.0
Wordpress Wordpress 3.0.4
Wordpress Wordpress 3.0.6
Wordpress Wordpress 3.2
Wordpress Wordpress 3.3
Wordpress Wordpress 3.4.1
Wordpress Wordpress 3.5.0
Wordpress Wordpress 3.8.1
Wordpress Wordpress
Wordpress Wordpress 3.1.1
Wordpress Wordpress 3.1.2
Wordpress Wordpress 3.1.3
Wordpress Wordpress 3.1.4
Wordpress Wordpress 3.6
Wordpress Wordpress 3.6.1
NA
CVE-2014-2053
getID3() prior to 1.9.8, as used in ownCloud Server prior to 5.0.15 and 6.0.x prior to 6.0.2, allows remote malicious users to read arbitrary files, cause a denial of service, or possibly have other impact via an XML External Entity (XXE) attack.
Getid3 Getid3 1.9.1
Getid3 Getid3 1.9.0
Owncloud Owncloud 5.0.14
Owncloud Owncloud
Owncloud Owncloud 5.0.2
Owncloud Owncloud 5.0.9
Getid3 Getid3 1.9.3
Getid3 Getid3 1.9.2
Owncloud Owncloud 5.0.12
Owncloud Owncloud 5.0.13
Owncloud Owncloud 5.0.7
Owncloud Owncloud 5.0.8
Getid3 Getid3
Getid3 Getid3 1.9.6
Owncloud Owncloud 5.0.0
Owncloud Owncloud 5.0.1
Owncloud Owncloud 5.0.3
Owncloud Owncloud 5.0.4
Getid3 Getid3 1.9.5
Getid3 Getid3 1.9.4
Owncloud Owncloud 5.0.10
Owncloud Owncloud 5.0.11
NA
CVE-2014-1854
SQL injection vulnerability in library/clicktracker.php in the AdRotate Pro plugin 3.9 up to and including 3.9.5 and AdRotate Free plugin 3.9 up to and including 3.9.4 for WordPress allows remote malicious users to execute arbitrary SQL commands via the track parameter.
Adrotateplugin Adrotate 3.9.3
Adrotateplugin Adrotate 3.9.2
Adrotateplugin Adrotate 3.9.
Adrotateplugin Adrotate 3.9.1
Adrotateplugin Adrotate 3.9.5
Adrotateplugin Adrotate 3.9.4
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-30310
CVE-2024-21683
CVE-2024-22187
chrome
deserialization
XPath injection
CVE-2024-27842
denial of service
CVE-2024-24851
google
CVE-2024-35400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3