Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 3.4 vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2019-17236
includes/class-coming-soon-creator.php in the igniteup plugin up to and including 3.4 for WordPress is vulnerable to stored XSS.
Getigniteup Igniteup
NA
CVE-2023-4950
The Interactive Contact Form and Multi Step Form Builder WordPress plugin prior to 3.4 does not sanitise and escape some parameters, which could allow unauthenticated users to perform Cross-Site Scripting attacks
Funnelforms Funnelforms
6.5
CVSSv2
CVE-2014-5324
Unrestricted file upload vulnerability in the N-Media file uploader plugin prior to 3.4 for WordPress allows remote authenticated users to execute arbitrary PHP code by leveraging Author privileges to store a file.
Najeebmedia N-media File Uploader 3.0
Najeebmedia N-media File Uploader 3.1
Najeebmedia N-media File Uploader
Najeebmedia N-media File Uploader 3.2
NA
CVE-2023-7085
The Scalable Vector Graphics (SVG) WordPress plugin up to and including 3.4 does not sanitize uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads.
NA
CVE-2022-4790
The WP Google My Business Auto Publish WordPress plugin prior to 3.4 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack.
Auto Publish For Google My Business Project Auto Publish For Google My Business
NA
CVE-2023-5415
The Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnsf_add_category function in versions up to, and including, 3.4. This makes it possible for authenticated attackers, with subscriber-level permis...
Funnelforms Funnelforms
NA
CVE-2023-5416
The Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnsf_delete_category function in versions up to, and including, 3.4. This makes it possible for authenticated attackers, with subscriber-level per...
Funnelforms Funnelforms
NA
CVE-2023-5385
The Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnsf_copy_posts function in versions up to, and including, 3.4. This makes it possible for authenticated attackers, with subscriber-level permissi...
Funnelforms Funnelforms
NA
CVE-2023-5387
The Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnsf_af2_trigger_dark_mode function in versions up to, and including, 3.4. This makes it possible for authenticated attackers, with subscriber-lev...
Funnelforms Funnelforms
NA
CVE-2023-5417
The Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnsf_update_category function in versions up to, and including, 3.4. This makes it possible for authenticated attackers, with subscriber-level per...
Funnelforms Funnelforms
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7073
CVE-2024-5496
CVE-2024-5495
XPath injection
bypass
CVE-2024-30043
CVE-2024-24919
denial of service
CVE-2024-35468
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »