Max CVSS 7.5 Min CVSS 2.1 Total Count2
IDCVSSSummaryLast (major) updatePublished
CVE-2014-5240 2.1
Cross-site scripting (XSS) vulnerability in wp-includes/pluggable.php in WordPress before 3.9.2, when Multisite is enabled, allows remote authenticated administrators to inject arbitrary web script or HTML, and obtain Super Admin privileges, via a cr
25-11-2015 - 20:22 18-08-2014 - 11:15
CVE-2014-5204 6.8
wp-includes/pluggable.php in WordPress before 3.9.2 rejects invalid CSRF nonces with a different timing depending on which characters in the nonce are incorrect, which makes it easier for remote attackers to bypass a CSRF protection mechanism via a b
25-11-2015 - 20:21 18-08-2014 - 11:15
CVE-2014-5205 6.8
wp-includes/pluggable.php in WordPress before 3.9.2 does not use delimiters during concatenation of action values and uid values in CSRF tokens, which makes it easier for remote attackers to bypass a CSRF protection mechanism via a brute-force attack
14-11-2014 - 03:06 18-08-2014 - 11:15
CVE-2014-5203 7.5
wp-includes/class-wp-customize-widgets.php in the widget implementation in WordPress 3.9.x before 3.9.2 might allow remote attackers to execute arbitrary code via crafted serialized data.
28-08-2014 - 18:06 18-08-2014 - 11:15
Back to Top Mark selected
Back to Top