VulnerableCode Package Details - pkg:deb/debian/wordpress@3.4.1%2Bdfsg-1?distro=trixie

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-2b99-baqh-3ker	Cross-site request forgery (CSRF) vulnerability in the customizer in WordPress before 3.4.1 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.	CVE-2012-3384
VCID-janm-1e9e-abb5	WordPress before 3.4.1 does not properly restrict access to post contents such as private or draft posts, which allows remote authors or contributors to obtain sensitive information via unknown vectors.	CVE-2012-3385
VCID-tr8v-5ee5-aqfp	The map_meta_cap function in wp-includes/capabilities.php in WordPress 3.4.x before 3.4.2, when the multisite feature is enabled, does not properly assign the unfiltered_html capability, which allows remote authenticated users to bypass intended access restrictions and conduct cross-site scripting (XSS) attacks by leveraging the Administrator or Editor role and composing crafted text.	CVE-2012-3383

Vulnerability

Summary

Aliases

VCID-2b99-baqh-3ker

Cross-site request forgery (CSRF) vulnerability in the customizer in WordPress before 3.4.1 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.

CVE-2012-3384

VCID-janm-1e9e-abb5

WordPress before 3.4.1 does not properly restrict access to post contents such as private or draft posts, which allows remote authors or contributors to obtain sensitive information via unknown vectors.

CVE-2012-3385

VCID-tr8v-5ee5-aqfp

The map_meta_cap function in wp-includes/capabilities.php in WordPress 3.4.x before 3.4.2, when the multisite feature is enabled, does not properly assign the unfiltered_html capability, which allows remote authenticated users to bypass intended access restrictions and conduct cross-site scripting (XSS) attacks by leveraging the Administrator or Editor role and composing crafted text.

CVE-2012-3383

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T11:21:05.805829+00:00	Debian Importer	Fixing	VCID-tr8v-5ee5-aqfp	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T11:15:23.101357+00:00	Debian Importer	Fixing	VCID-janm-1e9e-abb5	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T08:39:36.848282+00:00	Debian Importer	Fixing	VCID-2b99-baqh-3ker	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-13T07:43:40.341848+00:00	Debian Importer	Fixing	VCID-tr8v-5ee5-aqfp	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T07:39:20.357791+00:00	Debian Importer	Fixing	VCID-janm-1e9e-abb5	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-11T17:49:17.563050+00:00	Debian Importer	Fixing	VCID-2b99-baqh-3ker	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-03T07:57:51.594231+00:00	Debian Importer	Fixing	VCID-janm-1e9e-abb5	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:57:51.546790+00:00	Debian Importer	Fixing	VCID-2b99-baqh-3ker	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:57:51.498445+00:00	Debian Importer	Fixing	VCID-tr8v-5ee5-aqfp	https://security-tracker.debian.org/tracker/data/json	38.1.0