WordPress 3.0.6 Vulnerabilities

WordPress <= 6.9.1 - Authenticated (Author+) XML External Entity Injection via getID3 Library Media Upload

CVE-2022-4973

CVE-2022-3590

CVE-2013-4144

CVE-2011-1762

WordPress <= 5.9.1 - Stored Cross-Site Scripting (XSS) vulnerability

WordPress core <= 5.8.1 - Expired DST Root CA X3 Certificate issue

WordPress core <= 5.8 - Command injection vulnerability in the Lodash library

WordPress <= 5.7.1 - Object injection in PHPMailer vulnerability

CVE-2020-36326

WordPress core 4.7-5.7 - Sensitive Data Exposure vulnerability

WordPress <= 5.5.1 - XML-RPC Privilege Escalation vulnerability

WordPress <= 5.3 - Stored Cross-Site Scripting (XSS) vulnerability

WordPress <= 5.2.3 - Multiple security issues (XSS, SSRF, Cache Poisoning)

WordPress core <= 5.2.2 - Cross-Site Scripting (XSS) vulnerability

WordPress 3.9-5.1 - Cross-Site Scripting (XSS) vulnerability

WordPress <= 5.0 - Authenticated File Delete vulnerability

WordPress <= 5.0 - Authenticated Post Type Bypass vulnerability

WordPress <= 5.0 - PHP Object Injection via Meta Data vulnerability

WordPress <= 5.0 - Authenticated Cross-Site Scripting (XSS) vulnerability

WordPress <= 5.0 - Cross-Site Scripting (XSS) vulnerability that could affect plugins

WordPress <= 5.0 - User Activation Screen Search Engine Indexing

WordPress <= 5.0 - File Upload to XSS on Apache Web Servers vulnerability

CVE-2018-14028

WordPress <=4.9.4 - Vulnerable due to "localhost" default parameter

WordPress <=4.9.4 - Use Safe Redirect for Login

WordPress <=4.9.4 - Escape Version in Generator Tag

WordPress 3.7-4.9.1 - Cross-Site Scripting vulnerability

WordPress <=4.9 - Authenticated JavaScript File Upload vulnerability

WordPress <=4.8.2 - potential SQL injection (SQLi), $wpdb->prepare() issue, possible unsafe queries

WordPress <=4.8.1 - SQL injection (SQLi) vulnerability

WordPress <=4.8.1 - Cross-Site Scripting (XSS) vulnerability (oEmbed)

WordPress <=4.8.1 - Cross-Site Scripting (XSS) vulnerability (visual editor)

WordPress <=4.8.1 - Cross-Site Scripting (XSS) vulnerability (plugin editor)

WordPress <=4.8.1 - Cross-Site Scripting (XSS) vulnerability (template names)

WordPress <=4.8.1 - Cross-Site Scripting (XSS) vulnerability (link modal)

WordPress <=4.8.1 - Path traversal vulnerability (file unzipping code)

WordPress <=4.8.1 - Path traversal vulnerability (customizer)

WordPress <=4.8.1 - Open redirect vulnerability (user and term edit screens)

CVE-2017-8295

CVE-2017-5492

CVE-2017-5491

CVE-2017-5493

CVE-2016-7168

CVE-2016-7169

WordPress Core < 4.5 - Server-Side Request Forgery

CVE-2016-6634

CVE-2016-6635

WordPress <= 4.5.3 - Path traversal

CVE-2016-5837

WordPress <= 4.2 - Stored XSS

WordPress Core < 3.8.2 - SQL Injection

CVE-2012-6633

CVE-2012-6634

CVE-2012-6635

WordPress <=3.6 - URL Redirect Restriction Bypass

CVE-2013-4338

CVE-2013-5738

CVE-2013-5739

CVE-2013-4339

CVE-2013-4340

WordPress vulnerable to cross-site scripting

CVE-2012-3414

CVE-2013-2199

CVE-2013-0235

CVE-2013-2201

CVE-2013-2202

CVE-2013-2200

CVE-2013-0236

CVE-2013-0237

CVE-2013-2203

CVE-2013-2204

CVE-2013-2205

CVE-2013-2173

CVE-2012-5868

CVE-2012-4448

WordPress 3.4.2 - Multiple Path Dislosure Vulnerabilities

CVE-2012-4421

CVE-2012-4422

WordPress Core < 3.4.2 - Cross-Site Scripting

CVE-2012-3384

CVE-2012-3385

CVE-2012-1936

CVE-2012-2400

CVE-2012-2401

CVE-2012-2402

CVE-2012-2403

CVE-2012-2404

CVE-2012-0782

CVE-2012-0937

CVE-2011-4898

CVE-2011-4899

CVE-2012-0287

WordPress vulnerable to arbitrary PHP code execution

WordPress Japanese vulnerable to cross-site scripting

WordPress DEV Blogs MU 1.2.6 - HTML Injection Vulnerability

WordPress Regular Subscriber Plugin 3.1.x - HTML Injection Vulnerability

CVE-2011-3122

CVE-2011-3125

CVE-2011-3126

CVE-2011-3127

CVE-2011-3128

CVE-2011-3129

CVE-2011-3130

WordPress 3.1.3 - SQL Injection Vulnerabilities