Medium 6.1
2026-03-10
WordPress <= 6.9.1 - Authenticated (Author+) XML External Entity Injection via getID3 Library Media Upload
WordPress 3.8.4 Vulnerabilities
Vulnerabilities 218
Critical 9.8
2025-10-03
CVE-2021-29476
Medium 5.4
2024-10-16
CVE-2022-4973
Medium 5.9
2022-12-14
CVE-2022-3590
Medium 5.3
2022-12-05
CVE-2022-43504
Medium 6.1
2022-12-05
CVE-2022-43500
Medium 6.1
2022-12-05
CVE-2022-43497
N/A
2022-11-08
Multiple vulnerabilities in WordPress
N/A
2022-10-18
WordPress core <= 6.0.2 - Data Exposure vulnerability via REST API
N/A
2022-10-18
WordPress core <= 6.0.2 - Sender’s Email Address Exposure vulnerability
N/A
2022-10-18
WordPress core <= 6.0.2 - Stored Cross-Site Scripting (XSS) vulnerability
N/A
2022-10-18
WordPress core <= 6.0.2 - Cross-Site Scripting (XSS) vulnerability
N/A
2022-10-18
WordPress core <= 6.0.2 - Stored Cross-Site Scripting (XSS) vulnerability
N/A
2022-10-18
WordPress core <= 6.0.2 - Reflected Cross-Site Scripting (XSS) vulnerability
N/A
2022-10-18
WordPress core <= 6.0.2 - Stored Cross-Site Scripting (XSS) vulnerability in Comment editing
N/A
2022-10-18
WordPress core <= 6.0.2 - Cross-Site Scripting (XSS) vulnerability
N/A
2022-10-18
WordPress core <= 6.0.2 - Stored Cross-Site Scripting (XSS) vulnerability
N/A
2022-10-18
WordPress core <= 6.0.2 - Cross-Site Scripting (XSS) vulnerability
N/A
2022-10-18
WordPress core <= 6.0.2 - SQL Injection (SQLi) vulnerability
N/A
2022-10-18
WordPress core <= 6.0.2 - Content From Multipart Emails Leak vulnerability
N/A
2022-10-18
WordPress core <= 6.0.2 - Cross-Site Request Forgery (CSRF) vulnerability in wp-trackback.php
N/A
2022-10-18
WordPress core <= 6.0.2 - Stored Cross-Site Scripting (XSS) vulnerability
N/A
2022-10-18
WordPress core <= 6.0.2 - Open redirect vulnerability
N/A
2022-10-18
WordPress Core < 6.0.3 - Shared User Instance Weakness
N/A
2022-10-18
WordPress Core < 6.0.3 - Open Redirect
N/A
2022-10-18
WordPress Core < 6.0.3 - Information Disclosure (Multi-Part Email Leak)
N/A
2022-10-18
WordPress Core < 6.0.3 - Authenticated (Admin+) Stored Cross-Site Scripting via Customizer
N/A
2022-10-18
WordPress Core < 6.0.3 - Authenticated Information Disclosure via REST-API
N/A
2022-10-18
WordPress Core < 6.0.3 - Reflected Cross-Site Scripting via SQL Injection
N/A
2022-10-18
WordPress Core < 6.0.3 - Cross-Site Request Forgery via wp-trackback.php
N/A
2022-10-18
WordPress Core < 6.0.3 - Information Disclosure (Email Address)
N/A
2022-10-18
WordPress Core < 6.0.3 - Authenticated (Editor+) Stored Cross-Site Scripting via Comments
N/A
2022-10-18
WordPress Core < 6.0.3 - SQL Injection via WP_Date_Query
N/A
2022-08-31
WordPress <= 6.0.1 - Authenticated Cross-Site Scripting (XSS) vulnerability
N/A
2022-08-31
WordPress <= 6.0.1 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
N/A
2022-08-31
WordPress <= 6.0.1 - Authenticated SQL Injection (SQLi) vulnerability via Link API
N/A
2022-08-30
WordPress Core < 6.0.2 - Authenticated SQL Injection
N/A
2022-08-30
WordPress Core < 6.0.2 - Stored Cross-Site Scripting via Plugin Deactivation and Deletion Errors
N/A
2022-08-30
WordPress Core < 6.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via use of the_meta(); function
High 8.8
2022-05-17
Medium 6.5
2022-05-14
Medium 6.1
2022-05-14
Medium 5.4
2022-05-14
Medium 5.4
2022-05-14
High 7.5
2022-05-13
N/A
2022-03-11
WordPress <= 5.9.1 - Stored Cross-Site Scripting (XSS) vulnerability
N/A
2022-03-11
WordPress Core 5.9 - 5.9.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
N/A
2022-03-11
WordPress Core < 5.9.1 - jQuery Prototype Pollution
Medium 5.4
2022-01-06
CVE-2022-21662
High 7.2
2022-01-06
CVE-2022-21663
Critical 9.8
2021-11-25
CVE-2021-44223
N/A
2021-11-10
WordPress core <= 5.8.1 - Expired DST Root CA X3 Certificate issue
N/A
2021-11-10
WordPress Core < 5.8.2 - ca-bundle.crt contains expired certificate DST Root CA X3
N/A
2021-09-09
WordPress core <= 5.8 - Command injection vulnerability in the Lodash library
High 7.4
2021-09-09
WordPress Core < 5.8.1 - LoDash Update
N/A
2021-05-13
WordPress <= 5.7.1 - Object injection in PHPMailer vulnerability
Critical 9.8
2021-04-28
CVE-2020-36326
High 8.8
2021-04-23
CVE-2021-20083
N/A
2021-04-15
WordPress core 4.7-5.7 - Sensitive Data Exposure vulnerability
Critical 9.8
2020-10-31
CVE-2020-28032
High 7.5
2020-10-31
CVE-2020-28033
Medium 6.1
2020-10-31
CVE-2020-28034
Critical 9.8
2020-10-31
CVE-2020-28035
Critical 9.8
2020-10-31
CVE-2020-28036
Critical 9.8
2020-10-31
CVE-2020-28037
Medium 6.1
2020-10-31
CVE-2020-28038
Critical 9.1
2020-10-31
CVE-2020-28039
Medium 4.3
2020-10-31
CVE-2020-28040
N/A
2020-10-29
WordPress <= 5.5.1 - XML-RPC Privilege Escalation vulnerability
Medium 5.4
2020-06-12
CVE-2020-4046
Medium 6.8
2020-06-12
CVE-2020-4047
Medium 5.7
2020-06-12
CVE-2020-4048
Low 2.4
2020-06-12
CVE-2020-4049
Low 3.1
2020-06-12
CVE-2020-4050
Medium 5.4
2020-04-30
CVE-2020-11025
Medium 5.4
2020-04-30
CVE-2020-11026
High 8.1
2020-04-30
CVE-2020-11027
High 7.5
2020-04-30
CVE-2020-11028
Medium 6.1
2020-04-30
CVE-2020-11029
Medium 5.4
2020-04-30
CVE-2020-11030
Critical 9.8
2020-01-06
WordPress <= 5.3 - wp_kses_bad_protocol() Colon Bypass vulnerability
Medium 6.1
2019-12-27
CVE-2019-20042
Medium 4.3
2019-12-27
CVE-2019-20043
Medium 5.4
2019-12-26
CVE-2019-16780
Medium 5.4
2019-12-26
CVE-2019-16781
N/A
2019-12-13
WordPress <= 5.3 - Stored Cross-Site Scripting (XSS) vulnerability
Critical 9.8
2019-10-17
CVE-2019-17669
Critical 9.8
2019-10-17
CVE-2019-17670
Medium 5.4
2019-10-17
CVE-2019-17674
High 8.8
2019-10-17
CVE-2019-17675
High 7.5
2019-10-17
CVE-2019-17673
Medium 5.3
2019-10-17
CVE-2019-17671
Medium 6.1
2019-10-17
CVE-2019-17672
N/A
2019-10-15
WordPress <= 5.2.3 - Multiple security issues (XSS, SSRF, Cache Poisoning)
Medium 6.1
2019-09-11
CVE-2019-16217
Medium 6.1
2019-09-11
CVE-2019-16218
Medium 6.1
2019-09-11
CVE-2019-16220
Medium 6.1
2019-09-11
CVE-2019-16221
Medium 6.1
2019-09-11
CVE-2019-16222
Medium 5.4
2019-09-11
CVE-2019-16223
N/A
2019-09-05
WordPress core <= 5.2.2 - Cross-Site Scripting (XSS) vulnerability
Medium 5.3
2019-05-22
CVE-2017-6514
High 8.8
2019-04-12
WordPress Core < 5.1.1 - Cross-Site Request Forgery to Cross-Site Scripting via Comments
N/A
2019-03-13
WordPress 3.9-5.1 - Cross-Site Scripting (XSS) vulnerability
High 8.8
2019-02-28
WordPress 3.7-5.0 (except 4.9.9) - Authenticated Code Execution vulnerability
Medium 6.5
2019-02-20
CVE-2019-8943
Medium 6.5
2018-12-14
CVE-2018-20147
High 7.5
2018-12-14
CVE-2018-20151
Medium 6.5
2018-12-14
CVE-2018-20152
Medium 5.4
2018-12-14
CVE-2018-20153
Critical 9.8
2018-12-14
CVE-2018-20148
Medium 5.4
2018-12-14
CVE-2018-20149
Medium 6.1
2018-12-14
CVE-2018-20150
N/A
2018-12-13
WordPress <= 5.0 - Authenticated File Delete vulnerability
N/A
2018-12-13
WordPress <= 5.0 - Authenticated Post Type Bypass vulnerability
N/A
2018-12-13
WordPress <= 5.0 - PHP Object Injection via Meta Data vulnerability
N/A
2018-12-13
WordPress <= 5.0 - Authenticated Cross-Site Scripting (XSS) vulnerability
N/A
2018-12-13
WordPress <= 5.0 - Cross-Site Scripting (XSS) vulnerability that could affect plugins
N/A
2018-12-13
WordPress <= 5.0 - User Activation Screen Search Engine Indexing
N/A
2018-12-13
WordPress <= 5.0 - File Upload to XSS on Apache Web Servers vulnerability
High 8.8
2018-09-06
CVE-2017-1000600
High 8.8
2018-09-06
CVE-2018-1000773
High 7.2
2018-08-10
CVE-2018-14028
N/A
2018-08-04
WordPress Core < 6.4.3 - Authenticated(Administrator+) PHP File Upload
High 8.8
2018-07-05
WordPress Core < 4.9.7 - Authenticated Arbitrary File Deletion
Medium 6.1
2018-04-14
CVE-2018-10100
Medium 6.1
2018-04-14
CVE-2018-10101
Medium 6.1
2018-04-14
CVE-2018-10102
High 8.1
2018-04-12
CVE-2014-6412
N/A
2018-04-05
WordPress <=4.9.4 - Vulnerable due to "localhost" default parameter
N/A
2018-04-05
WordPress <=4.9.4 - Use Safe Redirect for Login
N/A
2018-04-05
WordPress <=4.9.4 - Escape Version in Generator Tag
High 7.5
2018-02-06
CVE-2018-6389
Medium 6.1
2018-01-18
CVE-2018-5776
N/A
2018-01-17
WordPress 3.7-4.9.1 - Cross-Site Scripting vulnerability
High 8.8
2017-12-02
CVE-2017-17091
Medium 5.4
2017-12-02
CVE-2017-17092
Medium 5.4
2017-12-02
CVE-2017-17093
Medium 5.4
2017-12-02
CVE-2017-17094
N/A
2017-12-01
WordPress <=4.9 - Authenticated JavaScript File Upload vulnerability
Critical 9.8
2017-11-02
CVE-2017-16510
N/A
2017-10-31
WordPress <=4.8.2 - potential SQL injection (SQLi), $wpdb->prepare() issue, possible unsafe queries
High 7.5
2017-10-19
CVE-2012-6707
Medium 4.7
2017-10-12
CVE-2016-9263
Medium 6.5
2017-10-10
WordPress Core - All Known Versions - Cleartext Storage of wp_signups.activation_key
High 7.5
2017-09-23
CVE-2017-14722
Critical 9.8
2017-09-23
CVE-2017-14723
Medium 6.1
2017-09-23
CVE-2017-14724
Medium 6.1
2017-09-23
CVE-2017-14718
Medium 6.1
2017-09-23
CVE-2017-14720
High 7.5
2017-09-23
CVE-2017-14719
Medium 5.4
2017-09-23
CVE-2017-14725
Medium 6.1
2017-09-23
CVE-2017-14721
Medium 6.1
2017-09-23
CVE-2017-14726
N/A
2017-09-19
WordPress <=4.8.1 - SQL injection (SQLi) vulnerability
N/A
2017-09-19
WordPress <=4.8.1 - Cross-Site Scripting (XSS) vulnerability (oEmbed)
N/A
2017-09-19
WordPress <=4.8.1 - Cross-Site Scripting (XSS) vulnerability (visual editor)
N/A
2017-09-19
WordPress <=4.8.1 - Cross-Site Scripting (XSS) vulnerability (plugin editor)
N/A
2017-09-19
WordPress <=4.8.1 - Cross-Site Scripting (XSS) vulnerability (template names)
N/A
2017-09-19
WordPress <=4.8.1 - Cross-Site Scripting (XSS) vulnerability (link modal)
N/A
2017-09-19
WordPress <=4.8.1 - Path traversal vulnerability (file unzipping code)
N/A
2017-09-19
WordPress <=4.8.1 - Path traversal vulnerability (customizer)
N/A
2017-09-19
WordPress <=4.8.1 - Open redirect vulnerability (user and term edit screens)
Medium 6.1
2017-05-18
CVE-2017-9061
High 8.6
2017-05-18
CVE-2017-9062
Medium 6.1
2017-05-18
CVE-2017-9063
High 8.8
2017-05-18
CVE-2017-9064
High 7.5
2017-05-18
CVE-2017-9065
High 8.6
2017-05-18
CVE-2017-9066
Medium 5.9
2017-05-04
CVE-2017-8295
N/A
2017-05-03
WordPress <=4.7.4 - Host Header Injection in Password Reset
Medium 5.4
2017-03-12
CVE-2017-6814
Medium 6.1
2017-03-12
CVE-2017-6815
Medium 5.4
2017-03-12
CVE-2017-6817
Critical 9.8
2017-01-30
CVE-2017-5611
High 7.1
2017-01-18
CVE-2016-6896
Medium 4.3
2017-01-18
CVE-2016-10148
Medium 6.1
2017-01-15
CVE-2017-5488
Medium 6.1
2017-01-15
CVE-2017-5490
High 8.8
2017-01-15
CVE-2017-5492
Medium 5.3
2017-01-15
CVE-2017-5491
High 7.5
2017-01-15
CVE-2017-5493
Medium 4.8
2017-01-05
CVE-2016-7168
Medium 6.3
2017-01-05
CVE-2016-7169
High 8.6
2016-09-29
WordPress Core < 4.5 - Server-Side Request Forgery
Medium 6.1
2016-08-07
CVE-2016-6634
High 8.8
2016-08-07
CVE-2016-6635
N/A
2016-07-12
WordPress <= 4.5.3 - Path traversal
High 7.5
2016-06-29
CVE-2016-5835
High 7.5
2016-06-29
CVE-2016-5837
Medium 4.3
2016-05-22
CVE-2015-5715
Medium 6.1
2016-05-22
CVE-2015-5714
Medium 6.1
2016-05-22
CVE-2016-1564
High 7.4
2016-05-22
CVE-2016-2221
High 8.6
2016-05-22
CVE-2016-2222
Medium 6.1
2016-05-22
CVE-2016-4566
Medium 5.4
2016-05-22
CVE-2015-7989
Medium 6.1
2016-05-22
CVE-2015-8834
N/A
2015-11-09
CVE-2015-5730
N/A
2015-11-09
CVE-2015-5731
N/A
2015-11-09
CVE-2015-5732
N/A
2015-11-09
CVE-2015-5733
N/A
2015-11-09
CVE-2015-5734
N/A
2015-11-09
CVE-2015-2213
N/A
2015-08-05
CVE-2015-3438
N/A
2015-08-03
CVE-2015-5622
N/A
2015-08-03
CVE-2015-5623
N/A
2015-08-03
CVE-2015-3440
N/A
2015-04-27
WordPress <= 4.2 - Stored XSS
N/A
2014-12-01
WordPress <=4.0.1 - Denial of Service Attacks
N/A
2014-11-25
CVE-2014-9035
N/A
2014-11-25
CVE-2014-9031
N/A
2014-11-25
CVE-2014-9032
N/A
2014-11-25
CVE-2014-9033
N/A
2014-11-25
CVE-2014-9036
N/A
2014-11-25
CVE-2014-9037
N/A
2014-11-25
CVE-2014-9038
N/A
2014-11-25
CVE-2014-9039