Skip to main content
CVE-2014-9034 MEDIUM POC PATCH THREAT This Month

wp-includes/class-phpass.php in WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 allows remote attackers to cause a denial of service (CPU consumption) via a long. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 72.5%.

Denial Of Service WordPress PHP
NVD Exploit-DB
CVSS 2.0
5.0
EPSS
72.5%
Threat
4.7
CVE-2014-8558 MEDIUM POC This Month

JExperts Channel Platform 5.0.33_CCB allows remote authenticated users to bypass access restrictions via crafted action and key parameters. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Channel Platform
NVD
CVSS 2.0
6.5
EPSS
0.2%
CVE-2014-9037 MEDIUM PATCH This Month

WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 might allow remote attackers to obtain access to an account idle since 2008 by leveraging an improper PHP dynamic. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

WordPress PHP Information Disclosure Mageia Debian Linux
NVD
CVSS 2.0
6.8
EPSS
2.6%
CVE-2014-9033 MEDIUM PATCH This Month

Cross-site request forgery (CSRF) vulnerability in wp-login.php in WordPress 3.7.4, 3.8.4, 3.9.2, and 4.0 allows remote attackers to hijack the authentication of arbitrary users for requests that. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

CSRF WordPress PHP
NVD
CVSS 2.0
6.8
EPSS
0.8%
CVE-2014-7839 MEDIUM PATCH This Month

DocumentProvider in RESTEasy 2.3.7 and 3.0.9 does not configure the (1) external-general-entities or (2) external-parameter-entities features, which allows remote attackers to conduct XML external. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity.

XXE Resteasy
NVD
CVSS 2.0
6.4
EPSS
1.3%
CVE-2014-9038 MEDIUM PATCH This Month

wp-includes/http.php in WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 allows remote attackers to conduct server-side request forgery (SSRF) attacks by referring. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity.

WordPress PHP SSRF
NVD
CVSS 2.0
6.4
EPSS
1.2%
CVE-2014-8004 MEDIUM This Month

Cisco IOS XR allows remote attackers to cause a denial of service (LISP process reload) by establishing many LISP TCP sessions, aka Bug ID CSCuq90378. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Cisco Denial Of Service Ios Xr
NVD
CVSS 2.0
5.0
EPSS
0.9%
CVE-2014-9039 MEDIUM PATCH This Month

wp-login.php in WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 might allow remote attackers to reset passwords by leveraging access to an e-mail account that. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

WordPress PHP Information Disclosure Debian Linux Mageia
NVD
CVSS 2.0
4.3
EPSS
1.7%
CVE-2014-9031 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the wptexturize function in WordPress before 3.7.5, 3.8.x before 3.8.5, and 3.9.x before 3.9.3 allows remote attackers to inject arbitrary web script or. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS WordPress
NVD
CVSS 2.0
4.3
EPSS
0.6%
CVE-2014-9036 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 allows remote attackers to inject arbitrary web script or HTML via a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS WordPress Debian Linux
NVD
CVSS 2.0
4.3
EPSS
0.6%
CVE-2014-9035 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in Press This in WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 allows remote attackers to inject arbitrary web script. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS WordPress Debian Linux
NVD
CVSS 2.0
4.3
EPSS
0.6%
CVE-2014-9032 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the media-playlists feature in WordPress before 3.9.x before 3.9.3 and 4.x before 4.0.1 allows remote attackers to inject arbitrary web script or HTML via. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS WordPress
NVD
CVSS 2.0
4.3
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy