WordPress 5.0.12 Vulnerabilities

WordPress <= 6.9.1 - Authenticated (Author+) XML External Entity Injection via getID3 Library Media Upload

CVE-2022-4973

CVE-2024-32111

WordPress is vulnerable to Cross Site Scripting (XSS)

CVE-2023-5692

CVE-2024-31210

CVE-2023-5561

CVE-2023-39999

WordPress Core 4.7.0-6.3.1 - Denial of Service via Cache Poisoning

WordPress Core < 6.3.2 – Authenticated (Subscriber+) Arbitrary Shortcode Execution via parse-media-shortcode

WordPress Core < 6.2.1 - Shortcode Execution in User Generated Content

CVE-2023-2745

WordPress <= 6.2 is vulnerable to Directory Traversal

WordPress <= 6.2 is vulnerable to Cross Site Scripting (XSS)

WordPress <= 6.2 is vulnerable to Cross Site Request Forgery (CSRF)

WordPress Core < 6.2.1 - Cross-Site Request Forgery

WordPress Core < 6.2.1 - Insufficient Sanitization of Block Attributes

WordPress Core < 6.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Embed Discovery

CVE-2022-3590

CVE-2022-43504

CVE-2022-43500

CVE-2022-43497

Multiple vulnerabilities in WordPress

WordPress core <= 6.0.2 - Data Exposure vulnerability via REST API

WordPress core <= 6.0.2 - Sender’s Email Address Exposure vulnerability

WordPress core <= 6.0.2 - Stored Cross-Site Scripting (XSS) vulnerability

WordPress core <= 6.0.2 - Cross-Site Scripting (XSS) vulnerability

WordPress core <= 6.0.2 - Stored Cross-Site Scripting (XSS) vulnerability

WordPress core <= 6.0.2 - Reflected Cross-Site Scripting (XSS) vulnerability

WordPress core <= 6.0.2 - Stored Cross-Site Scripting (XSS) vulnerability in Comment editing

WordPress core <= 6.0.2 - Cross-Site Scripting (XSS) vulnerability

WordPress core <= 6.0.2 - Stored Cross-Site Scripting (XSS) vulnerability

WordPress core <= 6.0.2 - Cross-Site Scripting (XSS) vulnerability

WordPress core <= 6.0.2 - SQL Injection (SQLi) vulnerability

WordPress core <= 6.0.2 - Content From Multipart Emails Leak vulnerability

WordPress core <= 6.0.2 - Cross-Site Request Forgery (CSRF) vulnerability in wp-trackback.php

WordPress core <= 6.0.2 - Stored Cross-Site Scripting (XSS) vulnerability

WordPress core <= 6.0.2 - Open redirect vulnerability

WordPress Core < 6.0.3 - Shared User Instance Weakness

WordPress Core < 6.0.3 - Open Redirect

WordPress Core < 6.0.3 - Information Disclosure (Multi-Part Email Leak)

WordPress Core < 6.0.3 - Authenticated (Admin+) Stored Cross-Site Scripting via Customizer

WordPress Core < 6.0.3 - Authenticated Information Disclosure via REST-API

WordPress Core < 6.0.3 - Reflected Cross-Site Scripting via SQL Injection

WordPress Core < 6.0.3 - Cross-Site Request Forgery via wp-trackback.php

WordPress Core < 6.0.3 - Information Disclosure (Email Address)

WordPress Core < 6.0.3 - Authenticated (Editor+) Stored Cross-Site Scripting via Comments

WordPress Core < 6.0.3 - SQL Injection via WP_Date_Query

WordPress <= 6.0.1 - Authenticated Cross-Site Scripting (XSS) vulnerability

WordPress <= 6.0.1 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

WordPress <= 6.0.1 - Authenticated SQL Injection (SQLi) vulnerability via Link API

WordPress Core < 6.0.2 - Authenticated SQL Injection

WordPress Core < 6.0.2 - Stored Cross-Site Scripting via Plugin Deactivation and Deletion Errors

WordPress Core < 6.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via use of the_meta(); function

WordPress <= 5.9.1 - Stored Cross-Site Scripting (XSS) vulnerability

WordPress Core 5.9 - 5.9.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

WordPress Core < 5.9.1 - jQuery Prototype Pollution

CVE-2022-21662

CVE-2022-21663

CVE-2022-21664

CVE-2021-44223

WordPress core <= 5.8.1 - Expired DST Root CA X3 Certificate issue

WordPress Core < 5.8.2 - ca-bundle.crt contains expired certificate DST Root CA X3

CVE-2021-39201

WordPress core <= 5.8 - Command injection vulnerability in the Lodash library

WordPress Core < 5.8.1 - LoDash Update

WordPress <= 5.7.1 - Object injection in PHPMailer vulnerability

CVE-2020-36326

CVE-2021-20083

CVE-2018-14028