WordPress 4.2.16 Vulnerabilities

Vulnerabilities 154
Medium 5.4
2024-10-16

CVE-2022-4973

CVE
N/A
2024-06-25

WordPress is vulnerable to Cross Site Scripting (XSS)

Patchstack
High 8.8
2024-04-04

CVE-2024-31210

CVE
N/A
2023-10-12

WordPress Core < 6.3.2 – Authenticated (Subscriber+) Arbitrary Shortcode Execution via parse-media-shortcode

Wordfence
N/A
2023-05-19

WordPress Core < 6.2.1 - Shortcode Execution in User Generated Content

Wordfence
N/A
2023-05-17

WordPress <= 6.2 is vulnerable to Directory Traversal

Patchstack
N/A
2023-05-17

WordPress <= 6.2 is vulnerable to Cross Site Scripting (XSS)

Patchstack
N/A
2023-05-17

WordPress <= 6.2 is vulnerable to Cross Site Request Forgery (CSRF)

Patchstack
N/A
2023-05-16

WordPress Core < 6.2.1 - Cross-Site Request Forgery

Wordfence
N/A
2023-05-16

WordPress Core < 6.2.1 - Insufficient Sanitization of Block Attributes

Wordfence
N/A
2023-05-16

WordPress Core < 6.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Embed Discovery

Wordfence
Medium 6.1
2022-12-05

CVE-2022-43500

CVE
Medium 6.1
2022-12-05

CVE-2022-43497

CVE
N/A
2022-11-08

Multiple vulnerabilities in WordPress

JVN
N/A
2022-10-18

WordPress core <= 6.0.2 - Data Exposure vulnerability via REST API

Patchstack
N/A
2022-10-18

WordPress core <= 6.0.2 - Sender’s Email Address Exposure vulnerability

Patchstack
N/A
2022-10-18

WordPress core <= 6.0.2 - Stored Cross-Site Scripting (XSS) vulnerability

Patchstack
N/A
2022-10-18

WordPress core <= 6.0.2 - Cross-Site Scripting (XSS) vulnerability

Patchstack
N/A
2022-10-18

WordPress core <= 6.0.2 - Stored Cross-Site Scripting (XSS) vulnerability

Patchstack
N/A
2022-10-18

WordPress core <= 6.0.2 - Reflected Cross-Site Scripting (XSS) vulnerability

Patchstack
N/A
2022-10-18

WordPress core <= 6.0.2 - Stored Cross-Site Scripting (XSS) vulnerability in Comment editing

Patchstack
N/A
2022-10-18

WordPress core <= 6.0.2 - Cross-Site Scripting (XSS) vulnerability

Patchstack
N/A
2022-10-18

WordPress core <= 6.0.2 - Stored Cross-Site Scripting (XSS) vulnerability

Patchstack
N/A
2022-10-18

WordPress core <= 6.0.2 - Cross-Site Scripting (XSS) vulnerability

Patchstack
N/A
2022-10-18

WordPress core <= 6.0.2 - SQL Injection (SQLi) vulnerability

Patchstack
N/A
2022-10-18

WordPress core <= 6.0.2 - Content From Multipart Emails Leak vulnerability

Patchstack
N/A
2022-10-18

WordPress core <= 6.0.2 - Cross-Site Request Forgery (CSRF) vulnerability in wp-trackback.php

Patchstack
N/A
2022-10-18

WordPress core <= 6.0.2 - Stored Cross-Site Scripting (XSS) vulnerability

Patchstack
N/A
2022-10-18

WordPress core <= 6.0.2 - Open redirect vulnerability

Patchstack
N/A
2022-10-18

WordPress Core < 6.0.3 - Shared User Instance Weakness

Wordfence
N/A
2022-10-18

WordPress Core < 6.0.3 - Open Redirect

Wordfence
N/A
2022-10-18

WordPress Core < 6.0.3 - Information Disclosure (Multi-Part Email Leak)

Wordfence
N/A
2022-10-18

WordPress Core < 6.0.3 - Authenticated (Admin+) Stored Cross-Site Scripting via Customizer

Wordfence
N/A
2022-10-18

WordPress Core < 6.0.3 - Authenticated Information Disclosure via REST-API

Wordfence
N/A
2022-10-18

WordPress Core < 6.0.3 - Reflected Cross-Site Scripting via SQL Injection

Wordfence
N/A
2022-10-18

WordPress Core < 6.0.3 - Cross-Site Request Forgery via wp-trackback.php

Wordfence
N/A
2022-10-18

WordPress Core < 6.0.3 - Information Disclosure (Email Address)

Wordfence
N/A
2022-10-18

WordPress Core < 6.0.3 - Authenticated (Editor+) Stored Cross-Site Scripting via Comments

Wordfence
N/A
2022-10-18

WordPress Core < 6.0.3 - SQL Injection via WP_Date_Query

Wordfence
N/A
2022-08-31

WordPress <= 6.0.1 - Authenticated Cross-Site Scripting (XSS) vulnerability

Patchstack
N/A
2022-08-31

WordPress <= 6.0.1 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Patchstack
N/A
2022-08-31

WordPress <= 6.0.1 - Authenticated SQL Injection (SQLi) vulnerability via Link API

Patchstack
N/A
2022-08-30

WordPress Core < 6.0.2 - Authenticated SQL Injection

Wordfence
N/A
2022-08-30

WordPress Core < 6.0.2 - Stored Cross-Site Scripting via Plugin Deactivation and Deletion Errors

Wordfence
N/A
2022-08-30

WordPress Core < 6.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via use of the_meta(); function

Wordfence
N/A
2022-03-11

WordPress <= 5.9.1 - Stored Cross-Site Scripting (XSS) vulnerability

Patchstack
N/A
2022-03-11

WordPress Core 5.9 - 5.9.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

Wordfence
N/A
2022-03-11

WordPress Core < 5.9.1 - jQuery Prototype Pollution

Wordfence
N/A
2021-11-10

WordPress core <= 5.8.1 - Expired DST Root CA X3 Certificate issue

Patchstack
N/A
2021-11-10

WordPress Core < 5.8.2 - ca-bundle.crt contains expired certificate DST Root CA X3

Wordfence
N/A
2021-09-09

WordPress core <= 5.8 - Command injection vulnerability in the Lodash library

Patchstack
High 7.4
2021-09-09

WordPress Core < 5.8.1 - LoDash Update

WordfenceCVE
N/A
2021-05-13

WordPress <= 5.7.1 - Object injection in PHPMailer vulnerability

Patchstack
Critical 9.8
2021-04-28

CVE-2020-36326

CVE
High 8.8
2021-04-23

CVE-2021-20083

CVE
N/A
2021-04-15

WordPress core 4.7-5.7 - Sensitive Data Exposure vulnerability

Patchstack
N/A
2020-10-29

WordPress <= 5.5.1 - XML-RPC Privilege Escalation vulnerability

Patchstack
Critical 9.8
2020-01-06

WordPress <= 5.3 - wp_kses_bad_protocol() Colon Bypass vulnerability

PatchstackCVEWordfence
N/A
2019-12-13

WordPress <= 5.3 - Stored Cross-Site Scripting (XSS) vulnerability

Patchstack
N/A
2019-10-15

WordPress <= 5.2.3 - Multiple security issues (XSS, SSRF, Cache Poisoning)

Patchstack
N/A
2019-09-05

WordPress core <= 5.2.2 - Cross-Site Scripting (XSS) vulnerability

Patchstack
High 8.8
2019-04-12

WordPress Core < 5.1.1 - Cross-Site Request Forgery to Cross-Site Scripting via Comments

WordfenceCVE
N/A
2019-03-13

WordPress 3.9-5.1 - Cross-Site Scripting (XSS) vulnerability

Patchstack
High 8.8
2019-02-28

WordPress 3.7-5.0 (except 4.9.9) - Authenticated Code Execution vulnerability

PatchstackCVEWordfence
N/A
2018-12-13

WordPress <= 5.0 - Authenticated File Delete vulnerability

Patchstack
N/A
2018-12-13

WordPress <= 5.0 - Authenticated Post Type Bypass vulnerability

Patchstack
N/A
2018-12-13

WordPress <= 5.0 - PHP Object Injection via Meta Data vulnerability

Patchstack
N/A
2018-12-13

WordPress <= 5.0 - Authenticated Cross-Site Scripting (XSS) vulnerability

Patchstack
N/A
2018-12-13

WordPress <= 5.0 - Cross-Site Scripting (XSS) vulnerability that could affect plugins

Patchstack
N/A
2018-12-13

WordPress <= 5.0 - User Activation Screen Search Engine Indexing

Patchstack
N/A
2018-12-13

WordPress <= 5.0 - File Upload to XSS on Apache Web Servers vulnerability

Patchstack
High 7.2
2018-08-10

CVE-2018-14028

CVE
N/A
2018-08-04

WordPress Core < 6.4.3 - Authenticated(Administrator+) PHP File Upload

Wordfence
N/A
2018-04-05

WordPress <=4.9.4 - Vulnerable due to "localhost" default parameter

Patchstack
N/A
2018-04-05

WordPress <=4.9.4 - Use Safe Redirect for Login

Patchstack
N/A
2018-04-05

WordPress <=4.9.4 - Escape Version in Generator Tag

Patchstack
N/A
2018-01-17

WordPress 3.7-4.9.1 - Cross-Site Scripting vulnerability

Patchstack
N/A
2017-12-01

WordPress <=4.9 - Authenticated JavaScript File Upload vulnerability

Patchstack
N/A
2017-10-31

WordPress <=4.8.2 - potential SQL injection (SQLi), $wpdb->prepare() issue, possible unsafe queries

Patchstack
Medium 6.5
2017-10-10

WordPress Core - All Known Versions - Cleartext Storage of wp_signups.activation_key

WordfenceCVE