WordPress 4.2.23 Vulnerabilities

Vulnerabilities 111
Medium 5.4
2024-10-16

CVE-2022-4973

CVE
N/A
2024-06-25

WordPress is vulnerable to Cross Site Scripting (XSS)

Patchstack
High 8.8
2024-04-04

CVE-2024-31210

CVE
N/A
2023-10-12

WordPress Core < 6.3.2 – Authenticated (Subscriber+) Arbitrary Shortcode Execution via parse-media-shortcode

Wordfence
N/A
2023-05-19

WordPress Core < 6.2.1 - Shortcode Execution in User Generated Content

Wordfence
N/A
2023-05-17

WordPress <= 6.2 is vulnerable to Directory Traversal

Patchstack
N/A
2023-05-17

WordPress <= 6.2 is vulnerable to Cross Site Scripting (XSS)

Patchstack
N/A
2023-05-17

WordPress <= 6.2 is vulnerable to Cross Site Request Forgery (CSRF)

Patchstack
N/A
2023-05-16

WordPress Core < 6.2.1 - Cross-Site Request Forgery

Wordfence
N/A
2023-05-16

WordPress Core < 6.2.1 - Insufficient Sanitization of Block Attributes

Wordfence
N/A
2023-05-16

WordPress Core < 6.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Embed Discovery

Wordfence
Medium 6.1
2022-12-05

CVE-2022-43500

CVE
Medium 6.1
2022-12-05

CVE-2022-43497

CVE
N/A
2022-11-08

Multiple vulnerabilities in WordPress

JVN
N/A
2022-10-18

WordPress core <= 6.0.2 - Data Exposure vulnerability via REST API

Patchstack
N/A
2022-10-18

WordPress core <= 6.0.2 - Sender’s Email Address Exposure vulnerability

Patchstack
N/A
2022-10-18

WordPress core <= 6.0.2 - Stored Cross-Site Scripting (XSS) vulnerability

Patchstack
N/A
2022-10-18

WordPress core <= 6.0.2 - Cross-Site Scripting (XSS) vulnerability

Patchstack
N/A
2022-10-18

WordPress core <= 6.0.2 - Stored Cross-Site Scripting (XSS) vulnerability

Patchstack
N/A
2022-10-18

WordPress core <= 6.0.2 - Reflected Cross-Site Scripting (XSS) vulnerability

Patchstack
N/A
2022-10-18

WordPress core <= 6.0.2 - Stored Cross-Site Scripting (XSS) vulnerability in Comment editing

Patchstack
N/A
2022-10-18

WordPress core <= 6.0.2 - Cross-Site Scripting (XSS) vulnerability

Patchstack
N/A
2022-10-18

WordPress core <= 6.0.2 - Stored Cross-Site Scripting (XSS) vulnerability

Patchstack
N/A
2022-10-18

WordPress core <= 6.0.2 - Cross-Site Scripting (XSS) vulnerability

Patchstack
N/A
2022-10-18

WordPress core <= 6.0.2 - SQL Injection (SQLi) vulnerability

Patchstack
N/A
2022-10-18

WordPress core <= 6.0.2 - Content From Multipart Emails Leak vulnerability

Patchstack
N/A
2022-10-18

WordPress core <= 6.0.2 - Cross-Site Request Forgery (CSRF) vulnerability in wp-trackback.php

Patchstack
N/A
2022-10-18

WordPress core <= 6.0.2 - Stored Cross-Site Scripting (XSS) vulnerability

Patchstack
N/A
2022-10-18

WordPress core <= 6.0.2 - Open redirect vulnerability

Patchstack
N/A
2022-10-18

WordPress Core < 6.0.3 - Shared User Instance Weakness

Wordfence
N/A
2022-10-18

WordPress Core < 6.0.3 - Open Redirect

Wordfence
N/A
2022-10-18

WordPress Core < 6.0.3 - Information Disclosure (Multi-Part Email Leak)

Wordfence
N/A
2022-10-18

WordPress Core < 6.0.3 - Authenticated (Admin+) Stored Cross-Site Scripting via Customizer

Wordfence
N/A
2022-10-18

WordPress Core < 6.0.3 - Authenticated Information Disclosure via REST-API

Wordfence
N/A
2022-10-18

WordPress Core < 6.0.3 - Reflected Cross-Site Scripting via SQL Injection

Wordfence
N/A
2022-10-18

WordPress Core < 6.0.3 - Cross-Site Request Forgery via wp-trackback.php

Wordfence
N/A
2022-10-18

WordPress Core < 6.0.3 - Information Disclosure (Email Address)

Wordfence
N/A
2022-10-18

WordPress Core < 6.0.3 - Authenticated (Editor+) Stored Cross-Site Scripting via Comments

Wordfence
N/A
2022-10-18

WordPress Core < 6.0.3 - SQL Injection via WP_Date_Query

Wordfence
N/A
2022-08-31

WordPress <= 6.0.1 - Authenticated Cross-Site Scripting (XSS) vulnerability

Patchstack
N/A
2022-08-31

WordPress <= 6.0.1 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Patchstack
N/A
2022-08-31

WordPress <= 6.0.1 - Authenticated SQL Injection (SQLi) vulnerability via Link API

Patchstack
N/A
2022-08-30

WordPress Core < 6.0.2 - Authenticated SQL Injection

Wordfence
N/A
2022-08-30

WordPress Core < 6.0.2 - Stored Cross-Site Scripting via Plugin Deactivation and Deletion Errors

Wordfence
N/A
2022-08-30

WordPress Core < 6.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via use of the_meta(); function

Wordfence
N/A
2022-03-11

WordPress <= 5.9.1 - Stored Cross-Site Scripting (XSS) vulnerability

Patchstack
N/A
2022-03-11

WordPress Core 5.9 - 5.9.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

Wordfence
N/A
2022-03-11

WordPress Core < 5.9.1 - jQuery Prototype Pollution

Wordfence
N/A
2021-11-10

WordPress core <= 5.8.1 - Expired DST Root CA X3 Certificate issue

Patchstack
N/A
2021-11-10

WordPress Core < 5.8.2 - ca-bundle.crt contains expired certificate DST Root CA X3

Wordfence
N/A
2021-09-09

WordPress core <= 5.8 - Command injection vulnerability in the Lodash library

Patchstack
High 7.4
2021-09-09

WordPress Core < 5.8.1 - LoDash Update

WordfenceCVE
N/A
2021-05-13

WordPress <= 5.7.1 - Object injection in PHPMailer vulnerability

Patchstack
Critical 9.8
2021-04-28

CVE-2020-36326

CVE
High 8.8
2021-04-23

CVE-2021-20083

CVE
N/A
2021-04-15

WordPress core 4.7-5.7 - Sensitive Data Exposure vulnerability

Patchstack
N/A
2020-10-29

WordPress <= 5.5.1 - XML-RPC Privilege Escalation vulnerability

Patchstack
Critical 9.8
2020-01-06

WordPress <= 5.3 - wp_kses_bad_protocol() Colon Bypass vulnerability

PatchstackCVEWordfence
N/A
2019-12-13

WordPress <= 5.3 - Stored Cross-Site Scripting (XSS) vulnerability

Patchstack
N/A
2019-10-15

WordPress <= 5.2.3 - Multiple security issues (XSS, SSRF, Cache Poisoning)

Patchstack
N/A
2019-09-05

WordPress core <= 5.2.2 - Cross-Site Scripting (XSS) vulnerability

Patchstack
High 7.2
2018-08-10

CVE-2018-14028

CVE