Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 3.8.3 vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-1585
The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 3.8.3 due to insufficient input sanitization and output escaping on user supplied attributes. This...
7.5
CVSSv3
CVE-2023-5949
The SmartCrawl WordPress plugin prior to 3.8.3 does not prevent unauthorised users from accessing password-protected posts' content.
Wpmudev Smartcrawl
5.4
CVSSv3
CVE-2022-4115
The Editorial Calendar WordPress plugin prior to 3.8.3 does not sanitise and escape its settings, allowing users with roles as low as contributor to inject arbitrary web scripts in the plugin admin panel, enabling a Stored Cross-Site Scripting vulnerability targeting higher privi...
Editorial Calendar Project Editorial Calendar
7.5
CVSSv3
CVE-2017-14719
Before version 4.8.2, WordPress was vulnerable to a directory traversal attack during unzip operations in the ZipArchive and PclZip components.
Wordpress Wordpress 4.7.1
Wordpress Wordpress 4.7.2
Wordpress Wordpress 4.6.6
Wordpress Wordpress 4.6.5
Wordpress Wordpress 4.6.4
Wordpress Wordpress 4.5.7
Wordpress Wordpress 4.5.6
Wordpress Wordpress 4.5
Wordpress Wordpress 4.4.9
Wordpress Wordpress 4.4.11
Wordpress Wordpress 4.4.10
Wordpress Wordpress 4.3.5
Wordpress Wordpress 4.3.4
Wordpress Wordpress 4.3
Wordpress Wordpress 4.2.9
Wordpress Wordpress 4.2.16
Wordpress Wordpress 4.2.15
Wordpress Wordpress 4.2
Wordpress Wordpress 4.1.9
Wordpress Wordpress 4.1.2
Wordpress Wordpress 4.1.19
Wordpress Wordpress 4.1.11
2 Github repositories
NA
CVE-2014-9037
WordPress prior to 3.7.5, 3.8.x prior to 3.8.5, 3.9.x prior to 3.9.3, and 4.x prior to 4.0.1 might allow remote malicious users to obtain access to an account idle since 2008 by leveraging an improper PHP dynamic type comparison for an MD5 hash.
Mageia Project Mageia 4
Mageia Project Mageia 3
Wordpress Wordpress 3.8
Wordpress Wordpress 3.9
Wordpress Wordpress 3.9.2
Wordpress Wordpress 3.8.1
Wordpress Wordpress 3.8.2
Wordpress Wordpress 3.8.3
Wordpress Wordpress 3.8.4
Wordpress Wordpress
Wordpress Wordpress 3.9.1
Wordpress Wordpress 4.0
Debian Debian Linux 7.0
Debian Debian Linux 8.0
NA
CVE-2014-9038
wp-includes/http.php in WordPress prior to 3.7.5, 3.8.x prior to 3.8.5, 3.9.x prior to 3.9.3, and 4.x prior to 4.0.1 allows remote malicious users to conduct server-side request forgery (SSRF) attacks by referring to a 127.0.0.0/8 resource.
Wordpress Wordpress
Wordpress Wordpress 3.8
Wordpress Wordpress 3.8.1
Wordpress Wordpress 3.9.1
Wordpress Wordpress 3.9.2
Wordpress Wordpress 4.0
Wordpress Wordpress 3.8.2
Wordpress Wordpress 3.8.4
Wordpress Wordpress 3.8.3
Wordpress Wordpress 3.9
NA
CVE-2014-9039
wp-login.php in WordPress prior to 3.7.5, 3.8.x prior to 3.8.5, 3.9.x prior to 3.9.3, and 4.x prior to 4.0.1 might allow remote malicious users to reset passwords by leveraging access to an e-mail account that received a password-reset message.
Debian Debian Linux 7.0
Debian Debian Linux 8.0
Mageia Project Mageia 4
Mageia Project Mageia 3
Wordpress Wordpress 3.9.1
Wordpress Wordpress 3.9.2
Wordpress Wordpress 4.0
Wordpress Wordpress 3.8.1
Wordpress Wordpress 3.8.3
Wordpress Wordpress 3.9
Wordpress Wordpress
Wordpress Wordpress 3.8
Wordpress Wordpress 3.8.2
Wordpress Wordpress 3.8.4
NA
CVE-2014-9031
Cross-site scripting (XSS) vulnerability in the wptexturize function in WordPress prior to 3.7.5, 3.8.x prior to 3.8.5, and 3.9.x prior to 3.9.3 allows remote malicious users to inject arbitrary web script or HTML via crafted use of shortcode brackets in a text field, as demonstr...
Wordpress Wordpress
Wordpress Wordpress 3.8
Wordpress Wordpress 3.8.1
Wordpress Wordpress 3.8.2
Wordpress Wordpress 3.9.2
Wordpress Wordpress 3.8.4
Wordpress Wordpress 3.9.1
Wordpress Wordpress 3.8.3
Wordpress Wordpress 3.9
1 Github repository
NA
CVE-2014-9035
Cross-site scripting (XSS) vulnerability in Press This in WordPress prior to 3.7.5, 3.8.x prior to 3.8.5, 3.9.x prior to 3.9.3, and 4.x prior to 4.0.1 allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Wordpress Wordpress
Wordpress Wordpress 3.8.4
Wordpress Wordpress 3.9
Wordpress Wordpress 3.9.1
Wordpress Wordpress 3.9.2
Wordpress Wordpress 3.8.1
Wordpress Wordpress 3.8.3
Wordpress Wordpress 4.0
Wordpress Wordpress 3.8
Wordpress Wordpress 3.8.2
Debian Debian Linux 8.0
Debian Debian Linux 7.0
NA
CVE-2014-9036
Cross-site scripting (XSS) vulnerability in WordPress prior to 3.7.5, 3.8.x prior to 3.8.5, 3.9.x prior to 3.9.3, and 4.x prior to 4.0.1 allows remote malicious users to inject arbitrary web script or HTML via a crafted Cascading Style Sheets (CSS) token sequence in a post.
Wordpress Wordpress
Wordpress Wordpress 3.8
Wordpress Wordpress 3.8.1
Wordpress Wordpress 3.8.2
Wordpress Wordpress 3.9.1
Wordpress Wordpress 4.0
Wordpress Wordpress 3.8.3
Wordpress Wordpress 3.9
Wordpress Wordpress 3.8.4
Wordpress Wordpress 3.9.2
Debian Debian Linux 8.0
Debian Debian Linux 7.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-32976
CVE-2024-33557
CVE-2024-36801
CVE-2024-35654
authentication bypass
CVE-2024-24919
CSRF
code execution
CVE-2024-27348
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »