Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 3.4.2 vulnerabilities and exploits
(subscribe to this query)
2.6
CVSSv2
CVE-2012-3383
The map_meta_cap function in wp-includes/capabilities.php in WordPress 3.4.x prior to 3.4.2, when the multisite feature is enabled, does not properly assign the unfiltered_html capability, which allows remote authenticated users to bypass intended access restrictions and conduct ...
Wordpress Wordpress 3.4.0
7.5
CVSSv2
CVE-2013-1852
SQL injection vulnerability in leaguemanager.php in the LeagueManager plugin prior to 3.8.1 for WordPress allows remote malicious users to execute arbitrary SQL commands via the league_id parameter in the leaguemanager-export page to wp-admin/admin.php.
Kolja Schleich Leaguemanager
Kolja Schleich Leaguemanager 3.7
Kolja Schleich Leaguemanager 3.6.9
Kolja Schleich Leaguemanager 3.5.2
Kolja Schleich Leaguemanager 3.5.1
Kolja Schleich Leaguemanager 3.5
Kolja Schleich Leaguemanager 3.4.2
Kolja Schleich Leaguemanager 3.1.7
Kolja Schleich Leaguemanager 3.1.6
Kolja Schleich Leaguemanager 3.1.5
Kolja Schleich Leaguemanager 3.1.4
Kolja Schleich Leaguemanager 2.9
Kolja Schleich Leaguemanager 2.8
Kolja Schleich Leaguemanager 2.7.1
Kolja Schleich Leaguemanager 2.1
Kolja Schleich Leaguemanager 2.0
Kolja Schleich Leaguemanager 1.5
Kolja Schleich Leaguemanager 1.4.2
Kolja Schleich Leaguemanager 3.6.7
Kolja Schleich Leaguemanager 3.6.5
Kolja Schleich Leaguemanager 3.6
Kolja Schleich Leaguemanager 3.5.5
1 EDB exploit
1 Github repository
4.3
CVSSv2
CVE-2016-10961
The colorway theme prior to 3.4.2 for WordPress has XSS via the contactName parameter.
Inkthemes Colorway
NA
CVE-2023-1478
The Hummingbird WordPress plugin prior to 3.4.2 does not validate the generated file path for page cache files before writing them, leading to a path traversal vulnerability in the page cache module.
Incsub Hummingbird
5.5
CVSSv2
CVE-2021-24739
The Logo Carousel WordPress plugin prior to 3.4.2 allows users with a role as low as Contributor to duplicate and view arbitrary private posts made by other users via the Carousel Duplication feature
Shapedplugin Logo Carousel
3.5
CVSSv2
CVE-2021-24738
The Logo Carousel WordPress plugin prior to 3.4.2 does not validate and escape the "Logo Margin" carousel option, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks
Shapedplugin Logo Carousel
4
CVSSv2
CVE-2021-24199
The wpDataTables – Tables & Table Charts premium WordPress plugin prior to 3.4.2 allows a low privilege authenticated user to perform Boolean-based blind SQL Injection in the table list page on the endpoint /wp-admin/admin-ajax.php?action=get_wdtable&table_id=1, on ...
4
CVSSv2
CVE-2021-24200
The wpDataTables – Tables & Table Charts premium WordPress plugin prior to 3.4.2 allows a low privilege authenticated user to perform Boolean-based blind SQL Injection in the table list page on the endpoint /wp-admin/admin-ajax.php?action=get_wdtable&table_id=1, on ...
NA
CVE-2022-3926
The WP OAuth Server (OAuth Authentication) WordPress plugin prior to 3.4.2 does not have CSRF check when regenerating secrets, which could allow malicious users to make logged in admins regenerate the secret of an arbitrary client given they know the client ID
Wp-oauth Wp Oauth Server
5
CVSSv2
CVE-2021-24651
The Poll Maker WordPress plugin prior to 3.4.2 allows unauthenticated users to perform SQL injection via the ays_finish_poll AJAX action. While the result is not disclosed in the response, it is possible to use a timing attack to exfiltrate data such as password hash.
Ays-pro Poll Maker
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33228
CVE-2024-20361
log injection
bypass
CVE-2024-4985
CVE-2024-35223
CVE-2024-29849
CVE-2024-31893
IMAP
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »