Low 3.7
2026-03-10
WordPress <= 6.9.1 - Authenticated (Author+) XML External Entity Injection via getID3 Library Media Upload
WordPress 3.7.41 Vulnerabilities
Vulnerabilities 26
Critical 9.8
2025-10-03
CVE-2021-29476
Medium 5.9
2022-12-14
CVE-2022-3590
Medium 6.1
2022-12-05
CVE-2022-43500
Medium 6.1
2022-12-05
CVE-2022-43497
N/A
2022-10-18
WordPress Core < 6.0.3 - Shared User Instance Weakness
N/A
2022-10-18
WordPress Core < 6.0.3 - Open Redirect
N/A
2022-10-18
WordPress Core < 6.0.3 - Information Disclosure (Multi-Part Email Leak)
N/A
2022-10-18
WordPress Core < 6.0.3 - Authenticated (Admin+) Stored Cross-Site Scripting via Customizer
N/A
2022-10-18
WordPress Core < 6.0.3 - Authenticated Information Disclosure via REST-API
N/A
2022-10-18
WordPress Core < 6.0.3 - Reflected Cross-Site Scripting via SQL Injection
N/A
2022-10-18
WordPress Core < 6.0.3 - Cross-Site Request Forgery via wp-trackback.php
N/A
2022-10-18
WordPress Core < 6.0.3 - Information Disclosure (Email Address)
N/A
2022-10-18
WordPress Core < 6.0.3 - Authenticated (Editor+) Stored Cross-Site Scripting via Comments
N/A
2022-10-18
WordPress Core < 6.0.3 - SQL Injection via WP_Date_Query
N/A
2022-08-30
WordPress Core < 6.0.2 - Authenticated SQL Injection
N/A
2022-08-30
WordPress Core < 6.0.2 - Stored Cross-Site Scripting via Plugin Deactivation and Deletion Errors
N/A
2022-08-30
WordPress Core < 6.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via use of the_meta(); function
N/A
2022-03-11
WordPress Core 5.9 - 5.9.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
N/A
2022-03-11
WordPress Core < 5.9.1 - jQuery Prototype Pollution
N/A
2021-11-10
WordPress Core < 5.8.2 - ca-bundle.crt contains expired certificate DST Root CA X3
High 7.4
2021-09-09
WordPress Core < 5.8.1 - LoDash Update
High 8.8
2021-04-23
CVE-2021-20083
High 7.2
2018-08-10
CVE-2018-14028
Medium 5.9
2017-05-04
CVE-2017-8295
N/A
2014-04-09
WordPress Core < 3.8.2 - SQL Injection