Vulnerabilities > Wordpress > Wordpress > 3.3.2
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2013-07-08 | CVE-2013-0236 | Cross-Site Scripting vulnerability in Wordpress Multiple cross-site scripting (XSS) vulnerabilities in WordPress before 3.5.1 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) gallery shortcodes or (2) the content of a post. | 4.3 |
2013-07-08 | CVE-2013-0235 | Unspecified vulnerability in Wordpress The XMLRPC API in WordPress before 3.5.1 allows remote attackers to send HTTP requests to intranet servers, and conduct port-scanning attacks, by specifying a crafted source URL for a pingback, related to a Server-Side Request Forgery (SSRF) issue. | 6.4 |
2012-09-14 | CVE-2012-4422 | Permissions, Privileges, and Access Controls vulnerability in Wordpress wp-admin/plugins.php in WordPress before 3.4.2, when the multisite feature is enabled, does not check for network-administrator privileges before performing a network-wide activation of an installed plugin, which might allow remote authenticated users to make unintended plugin changes by leveraging the Administrator role. | 3.5 |
2012-09-14 | CVE-2012-4421 | Permissions, Privileges, and Access Controls vulnerability in Wordpress The create_post function in wp-includes/class-wp-atom-server.php in WordPress before 3.4.2 does not perform a capability check, which allows remote authenticated users to bypass intended access restrictions and publish new posts by leveraging the Contributor role and using the Atom Publishing Protocol (aka AtomPub) feature. | 4.0 |
2012-07-22 | CVE-2012-3385 | Permissions, Privileges, and Access Controls vulnerability in Wordpress WordPress before 3.4.1 does not properly restrict access to post contents such as private or draft posts, which allows remote authors or contributors to obtain sensitive information via unknown vectors. | 5.0 |
2012-07-22 | CVE-2012-3384 | Cross-Site Request Forgery (CSRF) vulnerability in Wordpress Cross-site request forgery (CSRF) vulnerability in the customizer in WordPress before 3.4.1 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | 6.8 |