Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 4.3.1 vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2023-28662
The Gift Cards (Gift Vouchers and Packages) WordPress Plugin, version <= 4.3.1, is affected by an unauthenticated SQL injection vulnerability in the template parameter in the wpgv_doajax_voucher_pdf_save_func action.
Codemenschen Gift Vouchers
9.8
CVSSv3
CVE-2019-20361
There was a flaw in the WordPress plugin, Email Subscribers & Newsletters prior to 4.3.1, that allowed SQL statements to be passed to the database in the hash parameter (a blind SQL injection vulnerability).
Icegram Email Subscribers \\& Newsletters
1 Github repository
8.8
CVSSv3
CVE-2016-10876
The wp-database-backup plugin prior to 4.3.1 for WordPress has CSRF.
Wpseeds Wp Database Backup
7.5
CVSSv3
CVE-2017-14719
Before version 4.8.2, WordPress was vulnerable to a directory traversal attack during unzip operations in the ZipArchive and PclZip components.
Wordpress Wordpress 4.7.1
Wordpress Wordpress 4.7.2
Wordpress Wordpress 4.6.6
Wordpress Wordpress 4.6.5
Wordpress Wordpress 4.6.4
Wordpress Wordpress 4.5.7
Wordpress Wordpress 4.5.6
Wordpress Wordpress 4.5
Wordpress Wordpress 4.4.9
Wordpress Wordpress 4.4.11
Wordpress Wordpress 4.4.10
Wordpress Wordpress 4.3.5
Wordpress Wordpress 4.3.4
Wordpress Wordpress 4.3
Wordpress Wordpress 4.2.9
Wordpress Wordpress 4.2.16
Wordpress Wordpress 4.2.15
Wordpress Wordpress 4.2
Wordpress Wordpress 4.1.9
Wordpress Wordpress 4.1.2
Wordpress Wordpress 4.1.19
Wordpress Wordpress 4.1.11
2 Github repositories
6.1
CVSSv3
CVE-2022-1617
The WP-Invoice WordPress plugin up to and including 4.3.1 does not have CSRF check in place when updating its settings, and is lacking sanitisation as well as escaping in some of them, allowing malicious user to make a logged in admin change them and add XSS payload in them
Usabilitydynamics Wp-invoice
6.1
CVSSv3
CVE-2016-10875
The wp-database-backup plugin prior to 4.3.1 for WordPress has XSS.
Wpseeds Wp Database Backup
6.1
CVSSv3
CVE-2015-5714
Cross-site scripting (XSS) vulnerability in WordPress prior to 4.3.1 allows remote malicious users to inject arbitrary web script or HTML by leveraging the mishandling of unclosed HTML elements during processing of shortcode tags.
Wordpress Wordpress
9 Github repositories
5.4
CVSSv3
CVE-2022-45816
Auth. Stored Cross-Site Scripting (XSS) vulnerability in GD bbPress Attachments plugin <= 4.3.1 on WordPress.
Dev4press Gd Bbpress Attachments
5.4
CVSSv3
CVE-2015-7989
Cross-site scripting (XSS) vulnerability in the user list table in WordPress prior to 4.3.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted e-mail address, a different vulnerability than CVE-2015-5714.
Wordpress Wordpress
2 Github repositories
4.3
CVSSv3
CVE-2022-0313
The Float menu WordPress plugin prior to 4.3.1 does not have CSRF check in place when deleting menu, which could allow malicious users to make a logged in admin delete them via a CSRF attack
Wow-estore Float Menu
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4671
unauthorized
CVE-2024-4776
CVE-2024-3407
CVE-2024-26026
CVE-2024-32888
wireless
CVE-2024-4656
template injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »