Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 3.9 vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2021-24829
The Visitor Traffic Real Time Statistics WordPress plugin prior to 3.9 does not validate and escape user input passed to the today_traffic_index AJAX action (available to any authenticated users) before using it in a SQL statement, leading to an SQL injection issue
Wp-buy Visitor Traffic Real Time Statistics
7.5
CVSSv3
CVE-2017-14719
Before version 4.8.2, WordPress was vulnerable to a directory traversal attack during unzip operations in the ZipArchive and PclZip components.
Wordpress Wordpress 4.7.1
Wordpress Wordpress 4.7.2
Wordpress Wordpress 4.6.6
Wordpress Wordpress 4.6.5
Wordpress Wordpress 4.6.4
Wordpress Wordpress 4.5.7
Wordpress Wordpress 4.5.6
Wordpress Wordpress 4.5
Wordpress Wordpress 4.4.9
Wordpress Wordpress 4.4.11
Wordpress Wordpress 4.4.10
Wordpress Wordpress 4.3.5
Wordpress Wordpress 4.3.4
Wordpress Wordpress 4.3
Wordpress Wordpress 4.2.9
Wordpress Wordpress 4.2.16
Wordpress Wordpress 4.2.15
Wordpress Wordpress 4.2
Wordpress Wordpress 4.1.9
Wordpress Wordpress 4.1.2
Wordpress Wordpress 4.1.19
Wordpress Wordpress 4.1.11
2 Github repositories
6.1
CVSSv3
CVE-2022-0780
The SearchIQ WordPress plugin prior to 3.9 contains a flag to disable the verification of CSRF nonces, granting unauthenticated attackers access to the siq_ajax AJAX action and allowing them to perform Cross-Site Scripting attacks due to the lack of sanitisation and escaping in t...
Searchiq Searchiq
6.1
CVSSv3
CVE-2018-6002
The Soundy Background Music plugin 3.9 and below for WordPress has Cross-Site Scripting via soundy-background-music\templates\front-end.php (war_soundy_preview parameter).
Webartisan Soundy Background Music
4.3
CVSSv3
CVE-2022-32587
Cross-Site Request Forgery (CSRF) vulnerability in CodeAndMore WP Page Widget plugin <= 3.9 on WordPress leading to plugin settings change.
Codeandmore Wp Page Widget
NA
CVE-2015-3439
Cross-site scripting (XSS) vulnerability in the Ephox (formerly Moxiecode) plupload.flash.swf shim 2.1.2 in Plupload, as used in WordPress 3.9.x, 4.0.x, and 4.1.x prior to 4.1.2 and other products, allows remote malicious users to execute same-origin JavaScript functions via the ...
Debian Debian Linux 8.0
Debian Debian Linux 7.0
Wordpress Wordpress 3.9.3
Wordpress Wordpress 4.0
Wordpress Wordpress 3.9.0
Wordpress Wordpress 4.1.1
Wordpress Wordpress 3.9.1
Wordpress Wordpress 3.9.2
Wordpress Wordpress 4.0.1
Wordpress Wordpress 4.1
NA
CVE-2014-9032
Cross-site scripting (XSS) vulnerability in the media-playlists feature in WordPress prior to 3.9.x prior to 3.9.3 and 4.x prior to 4.0.1 allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Wordpress Wordpress 3.9.1
Wordpress Wordpress 4.0
Wordpress Wordpress 3.9
Wordpress Wordpress 3.9.2
NA
CVE-2014-9031
Cross-site scripting (XSS) vulnerability in the wptexturize function in WordPress prior to 3.7.5, 3.8.x prior to 3.8.5, and 3.9.x prior to 3.9.3 allows remote malicious users to inject arbitrary web script or HTML via crafted use of shortcode brackets in a text field, as demonstr...
Wordpress Wordpress
Wordpress Wordpress 3.8
Wordpress Wordpress 3.8.1
Wordpress Wordpress 3.8.2
Wordpress Wordpress 3.9.2
Wordpress Wordpress 3.8.4
Wordpress Wordpress 3.9.1
Wordpress Wordpress 3.8.3
Wordpress Wordpress 3.9
1 Github repository
NA
CVE-2014-9034
wp-includes/class-phpass.php in WordPress prior to 3.7.5, 3.8.x prior to 3.8.5, 3.9.x prior to 3.9.3, and 4.x prior to 4.0.1 allows remote malicious users to cause a denial of service (CPU consumption) via a long password that is improperly handled during hashing, a similar issue...
Wordpress Wordpress 3.9.2
Wordpress Wordpress 4.0
Wordpress Wordpress
Wordpress Wordpress 3.8
Wordpress Wordpress 3.8.1
Wordpress Wordpress 3.8.2
Wordpress Wordpress 3.8.3
Wordpress Wordpress 3.9
Wordpress Wordpress 3.8.4
Wordpress Wordpress 3.9.1
2 EDB exploits
1 Github repository
NA
CVE-2014-9039
wp-login.php in WordPress prior to 3.7.5, 3.8.x prior to 3.8.5, 3.9.x prior to 3.9.3, and 4.x prior to 4.0.1 might allow remote malicious users to reset passwords by leveraging access to an e-mail account that received a password-reset message.
Debian Debian Linux 7.0
Debian Debian Linux 8.0
Mageia Project Mageia 4
Mageia Project Mageia 3
Wordpress Wordpress 3.9.1
Wordpress Wordpress 3.9.2
Wordpress Wordpress 4.0
Wordpress Wordpress 3.8.1
Wordpress Wordpress 3.8.3
Wordpress Wordpress 3.9
Wordpress Wordpress
Wordpress Wordpress 3.8
Wordpress Wordpress 3.8.2
Wordpress Wordpress 3.8.4
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-29895
inject
CVE-2023-52689
CVE-2024-5049
CVE-2024-5051
privilege escalation
physical
CVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »