Medium 6.1
2026-03-10
WordPress <= 6.9.1 - Authenticated (Author+) XML External Entity Injection via getID3 Library Media Upload
WordPress 2.0.5 Vulnerabilities
Vulnerabilities 193
Medium 5.4
2024-10-16
CVE-2022-4973
Critical 9.8
2022-06-30
CVE-2013-4144
High 8.8
2022-05-17
Medium 6.5
2022-05-14
Medium 6.1
2022-05-14
Medium 5.4
2022-05-14
Medium 5.4
2022-05-14
High 7.5
2022-05-13
Medium 6.5
2022-04-18
CVE-2011-1762
N/A
2022-03-11
WordPress <= 5.9.1 - Stored Cross-Site Scripting (XSS) vulnerability
N/A
2021-11-10
WordPress core <= 5.8.1 - Expired DST Root CA X3 Certificate issue
N/A
2021-09-09
WordPress core <= 5.8 - Command injection vulnerability in the Lodash library
N/A
2021-05-13
WordPress <= 5.7.1 - Object injection in PHPMailer vulnerability
Critical 9.8
2021-04-28
CVE-2020-36326
N/A
2021-04-15
WordPress core 4.7-5.7 - Sensitive Data Exposure vulnerability
N/A
2020-10-29
WordPress <= 5.5.1 - XML-RPC Privilege Escalation vulnerability
N/A
2019-12-13
WordPress <= 5.3 - Stored Cross-Site Scripting (XSS) vulnerability
N/A
2019-10-15
WordPress <= 5.2.3 - Multiple security issues (XSS, SSRF, Cache Poisoning)
N/A
2019-09-05
WordPress core <= 5.2.2 - Cross-Site Scripting (XSS) vulnerability
N/A
2019-03-13
WordPress 3.9-5.1 - Cross-Site Scripting (XSS) vulnerability
N/A
2018-12-13
WordPress <= 5.0 - Authenticated File Delete vulnerability
N/A
2018-12-13
WordPress <= 5.0 - Authenticated Post Type Bypass vulnerability
N/A
2018-12-13
WordPress <= 5.0 - PHP Object Injection via Meta Data vulnerability
N/A
2018-12-13
WordPress <= 5.0 - Authenticated Cross-Site Scripting (XSS) vulnerability
N/A
2018-12-13
WordPress <= 5.0 - Cross-Site Scripting (XSS) vulnerability that could affect plugins
N/A
2018-12-13
WordPress <= 5.0 - User Activation Screen Search Engine Indexing
N/A
2018-12-13
WordPress <= 5.0 - File Upload to XSS on Apache Web Servers vulnerability
N/A
2018-04-05
WordPress <=4.9.4 - Vulnerable due to "localhost" default parameter
N/A
2018-04-05
WordPress <=4.9.4 - Use Safe Redirect for Login
N/A
2018-04-05
WordPress <=4.9.4 - Escape Version in Generator Tag
N/A
2018-01-17
WordPress 3.7-4.9.1 - Cross-Site Scripting vulnerability
N/A
2017-12-01
WordPress <=4.9 - Authenticated JavaScript File Upload vulnerability
N/A
2017-10-31
WordPress <=4.8.2 - potential SQL injection (SQLi), $wpdb->prepare() issue, possible unsafe queries
N/A
2017-09-19
WordPress <=4.8.1 - SQL injection (SQLi) vulnerability
N/A
2017-09-19
WordPress <=4.8.1 - Cross-Site Scripting (XSS) vulnerability (oEmbed)
N/A
2017-09-19
WordPress <=4.8.1 - Cross-Site Scripting (XSS) vulnerability (visual editor)
N/A
2017-09-19
WordPress <=4.8.1 - Cross-Site Scripting (XSS) vulnerability (plugin editor)
N/A
2017-09-19
WordPress <=4.8.1 - Cross-Site Scripting (XSS) vulnerability (template names)
N/A
2017-09-19
WordPress <=4.8.1 - Cross-Site Scripting (XSS) vulnerability (link modal)
N/A
2017-09-19
WordPress <=4.8.1 - Path traversal vulnerability (file unzipping code)
N/A
2017-09-19
WordPress <=4.8.1 - Path traversal vulnerability (customizer)
N/A
2017-09-19
WordPress <=4.8.1 - Open redirect vulnerability (user and term edit screens)
N/A
2016-07-12
WordPress <= 4.5.3 - Path traversal
N/A
2015-04-27
WordPress <= 4.2 - Stored XSS
N/A
2014-04-09
WordPress Core < 3.8.2 - SQL Injection
N/A
2014-01-21
CVE-2012-6633
N/A
2014-01-21
CVE-2011-5270
N/A
2014-01-21
CVE-2010-5293
N/A
2014-01-21
CVE-2010-5294
N/A
2014-01-21
CVE-2010-5295
N/A
2014-01-21
CVE-2010-5296
N/A
2014-01-21
CVE-2010-5297
N/A
2014-01-21
CVE-2012-6634
N/A
2014-01-21
CVE-2012-6635
N/A
2013-12-30
CVE-2013-7233
N/A
2013-10-14
WordPress <=3.6 - URL Redirect Restriction Bypass
N/A
2013-09-12
CVE-2013-4338
N/A
2013-09-12
CVE-2013-5738
N/A
2013-09-12
CVE-2013-5739
N/A
2013-09-12
CVE-2013-4339
N/A
2013-09-12
CVE-2013-4340
N/A
2013-07-26
WordPress vulnerable to cross-site scripting
N/A
2013-07-19
CVE-2012-3414
N/A
2013-07-08
CVE-2013-2199
N/A
2013-07-08
CVE-2013-0235
N/A
2013-07-08
CVE-2013-2201
N/A
2013-07-08
CVE-2013-2202
N/A
2013-07-08
CVE-2013-2200
N/A
2013-07-08
CVE-2013-0236
N/A
2013-07-08
CVE-2013-0237
N/A
2013-07-08
CVE-2013-2203
N/A
2013-07-08
CVE-2013-2204
N/A
2013-07-08
CVE-2013-2205
N/A
2013-06-21
CVE-2013-2173
N/A
2012-12-27
CVE-2012-5868
N/A
2012-09-28
CVE-2012-4448
N/A
2012-09-18
WordPress 3.4.2 - Multiple Path Dislosure Vulnerabilities
N/A
2012-09-14
CVE-2010-5106
N/A
2012-09-14
CVE-2012-4421
N/A
2012-09-14
CVE-2012-4422
N/A
2012-09-06
WordPress Core < 3.4.2 - Cross-Site Scripting
N/A
2012-07-22
CVE-2012-3384
N/A
2012-07-22
CVE-2012-3385
N/A
2012-06-27
CVE-2011-4956
N/A
2012-06-27
CVE-2011-4957
N/A
2012-05-03
CVE-2012-1936
N/A
2012-04-21
CVE-2012-2400
N/A
2012-04-21
CVE-2012-2401
N/A
2012-04-21
CVE-2012-2402
N/A
2012-04-21
CVE-2012-2403
N/A
2012-04-21
CVE-2012-2404
N/A
2012-01-30
CVE-2012-0782
N/A
2012-01-30
CVE-2012-0937
N/A
2012-01-30
CVE-2011-4898
N/A
2012-01-30
CVE-2011-4899
N/A
2012-01-06
CVE-2012-0287
N/A
2011-12-26
WordPress vulnerable to arbitrary PHP code execution
N/A
2011-12-26
WordPress Japanese vulnerable to cross-site scripting
N/A
2011-09-26
WordPress DEV Blogs MU 1.2.6 - HTML Injection Vulnerability
N/A
2011-09-26
WordPress Regular Subscriber Plugin 3.1.x - HTML Injection Vulnerability
N/A
2011-08-10
CVE-2011-3122
N/A
2011-08-10
CVE-2011-3125
N/A
2011-08-10
CVE-2011-3126
N/A
2011-08-10
CVE-2011-3127
N/A
2011-08-10
CVE-2011-3128
N/A
2011-08-10
CVE-2011-3129
N/A
2011-08-10
CVE-2011-3130
N/A
2011-07-01
WordPress 3.1.3 - SQL Injection Vulnerabilities
N/A
2011-03-14
CVE-2011-0700
N/A
2011-03-14
CVE-2011-0701
N/A
2011-01-03
CVE-2010-4536
N/A
2010-12-29
WordPress 3.0.3 - Stored XSS (IE6/7 NS8.1)
N/A
2010-12-07
CVE-2010-4257
N/A
2010-02-23
CVE-2010-0682
N/A
2009-12-31
WordPress <= 2.9 - DoS (0day)
N/A
2009-12-12
WordPress Core <= 2.8.5 - Arbitrary File Upload
N/A
2009-12-12
WordPress Core <= 2.8.5 - Cross-Site Scripting
N/A
2009-11-10
WordPress 2.0 - 2.7.1 - Module Configuration Security Bypass Vulnerability
N/A
2009-10-23
CVE-2009-3622
N/A
2009-09-08
WordPress Core & WordPress MU < 2.8.1 - Full Path Disclosure
N/A
2009-08-18
CVE-2009-2854
N/A
2009-08-18
CVE-2009-2851
N/A
2009-08-18
CVE-2009-2853
N/A
2009-08-13
CVE-2009-2762
N/A
2009-07-10
CVE-2009-2334
N/A
2009-07-10
CVE-2009-2431
N/A
2009-07-10
CVE-2009-2336
N/A
2009-07-10
CVE-2009-2335
N/A
2009-04-28
CVE-2008-6762
N/A
2009-04-28
CVE-2008-6767
N/A
2009-03-20
CVE-2009-1030
N/A
2008-12-25
WordPress Core < 2.6.5 - Cross-Site Scripting
N/A
2008-12-19
CVE-2008-5695
N/A
2008-11-17
CVE-2008-5113
N/A
2008-10-28
CVE-2008-4769
N/A
2008-10-22
CVE-2008-4671
N/A
2008-09-18
CVE-2008-4106
N/A
2008-09-18
CVE-2008-4107
N/A
2008-08-27
CVE-2008-3747
N/A
2008-07-18
CVE-2008-3233
N/A
2008-05-29
CVE-2008-2510
N/A
2008-05-21
CVE-2008-2392
N/A
2008-05-12
CVE-2008-2146
N/A
2008-05-02
CVE-2008-2068
N/A
2008-04-28
CVE-2008-1930
N/A
2008-03-12
CVE-2008-1304
N/A
2008-02-08
CVE-2008-0664
N/A
2008-01-10
CVE-2008-0191
N/A
2008-01-10
CVE-2008-0192
N/A
2008-01-10
CVE-2008-0193
N/A
2008-01-10
CVE-2008-0195
N/A
2008-01-10
CVE-2008-0196
Critical 9.8
2007-12-29
WordPress Core 1.5 - 2.3.1 - Authorization Bypass
N/A
2007-12-12
CVE-2007-6318
N/A
2007-10-30
CVE-2007-5710
N/A
2007-09-14
CVE-2007-4893
N/A
2007-09-14
CVE-2007-4894
N/A
2007-08-08
WordPress Core < 2.2.2 - Open Redirect
N/A
2007-08-05
WordPress Core <= 2.2.1 - Cross-Site Scripting
N/A
2007-08-05
WordPress Core <= 2.2.1 - Authenticated (Admin+) Cross-Site Scripting
N/A
2007-08-05
WordPress Core <= 2.2.1 - SQL Injection
N/A
2007-08-05
WordPress Core <= 2.2 - Arbitrary File Upload
N/A
2007-08-05
WordPress Core <= 2.2.1 - Arbitrary File Upload
N/A
2007-06-21
WordPress Core <= 2.2 - SQL Injection
N/A
2007-06-21
WordPress Core <= 2.2 - Cross-Site Scripting
N/A
2007-06-15
CVE-2007-3238
N/A
2007-05-22
CVE-2007-2821
N/A
2007-04-09
CVE-2007-1893
N/A
2007-04-09
CVE-2007-1894
N/A
2007-04-09
CVE-2007-1897
N/A
2007-04-03
WordPress Core < 2.0.10 - Open Redirect
N/A
2007-04-03
WordPress Core <= 2.1.2 - Cross-Site Scripting
N/A
2007-03-28
CVE-2007-1732
N/A
2007-03-10
CVE-2007-1409
N/A
2007-03-05
CVE-2007-1277
N/A
2007-03-03
CVE-2007-1244
N/A
2007-03-02
CVE-2007-1230
N/A
2007-03-02
WordPress Core 2.1.1 - Supply Chain Compromise
N/A
2007-02-21
CVE-2007-1049
N/A
2007-01-29
CVE-2007-0539
N/A
2007-01-29
CVE-2007-0540
N/A
2007-01-29
CVE-2007-0541
N/A
2007-01-16
CVE-2007-0262
N/A
2007-01-15
WordPress Core < 2.0.7 - SQL Injection
N/A
2007-01-09
CVE-2007-0106
N/A
2007-01-09
CVE-2007-0107
N/A
2007-01-09
CVE-2007-0109
N/A
2007-01-05
WordPress Core <= 2.0.5 - Cross-Site Scripting
N/A
2007-01-05
WordPress Core 2.0.2 - 2.0.5 - Sensitive Information Disclosure
Medium 6.5
2006-11-21
CVE-2006-6016
Medium 6.5
2006-11-21
CVE-2006-6017
N/A
2006-11-04
CVE-2006-5705