Max CVSS | 7.5 | Min CVSS | 2.1 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2014-5240 | 2.1 |
Cross-site scripting (XSS) vulnerability in wp-includes/pluggable.php in WordPress before 3.9.2, when Multisite is enabled, allows remote authenticated administrators to inject arbitrary web script or HTML, and obtain Super Admin privileges, via a cr
|
25-11-2015 - 20:22 | 18-08-2014 - 11:15 | |
CVE-2014-5204 | 6.8 |
wp-includes/pluggable.php in WordPress before 3.9.2 rejects invalid CSRF nonces with a different timing depending on which characters in the nonce are incorrect, which makes it easier for remote attackers to bypass a CSRF protection mechanism via a b
|
25-11-2015 - 20:21 | 18-08-2014 - 11:15 | |
CVE-2014-5205 | 6.8 |
wp-includes/pluggable.php in WordPress before 3.9.2 does not use delimiters during concatenation of action values and uid values in CSRF tokens, which makes it easier for remote attackers to bypass a CSRF protection mechanism via a brute-force attack
|
14-11-2014 - 03:06 | 18-08-2014 - 11:15 | |
CVE-2014-5203 | 7.5 |
wp-includes/class-wp-customize-widgets.php in the widget implementation in WordPress 3.9.x before 3.9.2 might allow remote attackers to execute arbitrary code via crafted serialized data.
|
28-08-2014 - 18:06 | 18-08-2014 - 11:15 |