WordPress
N/A
Developer
N/A
Latest version
N/A
Installations
N/A
Last updated
Vulnerability history
1 present
301 fixed
4 Mitigation rules
- (Author+) Cross Site Scripting (XSS) Vulnerability<= 6.8.2Sep 22, 2025
- (Contributor+) Sensitive Data Exposure Vulnerability<= 6.8.2Sep 22, 2025
- Contributor+ Path Traversal (Windows Only) vulnerability< 6.5.5Jun 25, 2024
- Cross Site Scripting (XSS) via template-part vulnerability< 6.5.5Jun 25, 2024
- Contributor+ Stored Cross-Site Scripting via HTML API< 6.5.5Jun 25, 2024
- Authenticated (Contributor+) Stored Cross-Site Scripting Via Avatar Block vulnerability<= 6.5.0Apr 9, 2024
- Sensitive Information Exposure via redirect_guess_404_permalink vulnerability<= 6.4.3Apr 5, 2024
- Auth. (Admin+) PHP File Upload vulnerability< 6.4.3Jan 31, 2024
- Cache Poisoning Denial of Service vulnerability< 6.3.2Oct 13, 2023
- Contributor+ Stored XSS in Navigation Links Block vulnerability< 6.3.2Oct 13, 2023
- Contributor+ Comment Read on Private and Password Protected Post vulnerability< 6.3.2Oct 13, 2023
- Reflected Cross-Site Scripting via Application Password Requests< 6.3.2Oct 13, 2023
- Sensitive Information Exposure via User Search REST Endpoint< 6.3.2Oct 13, 2023
- Auth. (Contributor+) Cross-Site Scripting via Footnotes Block6.3-6.3.1Oct 13, 2023
- Auth. (Subscriber+) Arbitrary Shortcode Execution via parse-media-shortcode< 6.3.2Oct 13, 2023
- Unauth. Shortcode Execution vulnerability<= 6.2.1May 22, 2023
- Insufficient Sanitization of Block Attributes vulnerabilities<= 6.2May 17, 2023
- Auth. Stored Cross-Site Scripting (XSS) vulnerability<= 6.2May 17, 2023
- Unauth. Shortcode Execution vulnerability<= 6.2May 17, 2023
- Unauth. Directory Traversal vulnerability<= 6.2May 17, 2023
- Cross-Site Request Forgery vulnerability<= 6.2May 17, 2023
- Unauthenticated Blind Server-Side Request Forgery vulnerability<= 6.6.2Dec 13, 2022
- Cross-Site Scripting (XSS) vulnerability<= 6.0.2Oct 18, 2022
- Cross-Site Scripting (XSS) vulnerability<= 6.0.2Oct 18, 2022
- Stored Cross-Site Scripting (XSS) vulnerability<= 6.0.2Oct 18, 2022
- Cross-Site Scripting (XSS) vulnerability<= 6.0.2Oct 18, 2022
- SQL Injection (SQLi) vulnerability<= 6.0.2Oct 18, 2022
- Content From Multipart Emails Leak vulnerability<= 6.0.2Oct 18, 2022
- Cross-Site Request Forgery (CSRF) vulnerability in wp-trackback.php<= 6.0.2Oct 18, 2022
- Stored Cross-Site Scripting (XSS) vulnerability in Comment editing<= 6.0.2Oct 18, 2022
- Stored Cross-Site Scripting (XSS) vulnerability<= 6.0.2Oct 18, 2022
- Stored Cross-Site Scripting (XSS) vulnerability<= 6.0.2Oct 18, 2022
- Reflected Cross-Site Scripting (XSS) via SQLi vulnerability<= 6.0.2Oct 18, 2022
- Sender’s Email Address Exposure vulnerability<= 6.0.2Oct 18, 2022
- Stored Cross-Site Scripting (XSS) vulnerability<= 6.0.2Oct 18, 2022
- Data Exposure vulnerability via REST API<= 6.0.2Oct 18, 2022
- Open redirect vulnerability<= 6.0.2Oct 18, 2022
- Authenticated Cross-Site Scripting (XSS) vulnerability<= 6.0.1Aug 31, 2022
- Authenticated Stored Cross-Site Scripting (XSS) vulnerability<= 6.0.1Aug 31, 2022
- Authenticated SQL Injection (SQLi) vulnerability via Link API<= 6.0.1Aug 31, 2022
- Stored Cross-Site Scripting (XSS) vulnerability<= 5.9.1Mar 11, 2022
- Stored Cross-Site Scripting (XSS) vulnerability<= 5.8.2Jan 6, 2022
- SQL Injection (SQLi) vulnerability<= 5.8.2Jan 6, 2022
- SQL Injection (SQLi) vulnerability<= 5.8.2Jan 6, 2022
- Authenticated Object Injection in Multisites<= 5.8.2Jan 6, 2022
- Plugin Confusion vulnerability< 5.8Nov 25, 2021
- Expired DST Root CA X3 Certificate issue<= 5.8.1Nov 10, 2021
- Authenticated Cross-Site Scripting (XSS) vulnerability<= 5.8Sep 9, 2021
- Data Exposure via REST API vulnerability<= 5.8Sep 9, 2021
- Command injection vulnerability in the Lodash library<= 5.8Sep 9, 2021
- Object injection in PHPMailer vulnerability<= 5.7.1May 13, 2021
- XML External Entity (XXE) vulnerability4.7-5.7Apr 15, 2021
- Sensitive Data Exposure vulnerability4.7-5.7Apr 15, 2021
- Cross-Site Request Forgery (CSRF) vulnerability<= 5.5.1Oct 29, 2020
- Bypass Protected Meta That Could Lead To Arbitrary File Deletion vulnerability<= 5.5.1Oct 29, 2020
- Stored Cross-Site Scripting (XSS) in Post Slugs vulnerability<= 5.5.1Oct 29, 2020
- Unauthenticated Denial-of-Service (DoS) Attack to Remote Code Execution (RCE) vulnerability<= 5.5.1Oct 29, 2020
- XML-RPC Privilege Escalation vulnerability<= 5.5.1Oct 29, 2020
- Cross-Site Scripting (XSS) via Global Variables vulnerability<= 5.5.1Oct 29, 2020
- Mishandling Embeds From Disabled Sites On a Multisite Network vulnerability<= 5.5.1Oct 29, 2020
- Mishandled deserialization requests vulnerability<= 5.5.1Oct 29, 2020
- wp_kses_bad_protocol() Colon Bypass vulnerability<= 5.3Jan 6, 2020
- Stored Cross-Site Scripting (XSS) vulnerability<= 5.3Dec 13, 2019
- Multiple security issues (XSS, SSRF, Cache Poisoning)<= 5.2.3Oct 15, 2019
- Cross-Site Scripting (XSS) vulnerability<= 5.2.2Sep 5, 2019
- Cross-Site Scripting (XSS) vulnerability3.9-5.1Mar 13, 2019
- Authenticated Code Execution vulnerability3.7-5.0Feb 28, 2019
- Authenticated File Delete vulnerability<= 5.0Dec 13, 2018
- Authenticated Post Type Bypass vulnerability<= 5.0Dec 13, 2018
- PHP Object Injection via Meta Data vulnerability<= 5.0Dec 13, 2018
- Authenticated Cross-Site Scripting (XSS) vulnerability<= 5.0Dec 13, 2018
- Cross-Site Scripting (XSS) vulnerability that could affect plugins<= 5.0Dec 13, 2018
- User Activation Screen Search Engine Indexing<= 5.0Dec 13, 2018
- File Upload to XSS on Apache Web Servers vulnerability<= 5.0Dec 13, 2018
- Arbitrary Code Execution vulnerability<= 4.9.6Jun 27, 2018
- Security Misconfiguration with URL Hostnames<= 4.9.4Apr 5, 2018
- Use Safe Redirect for Login<= 4.9.4Apr 5, 2018
- Stored XSS in Generator Tag<= 4.9.4Apr 5, 2018
- Application Denial of Service (DoS) vulnerability<= 4.9.2Feb 5, 2018
- Cross-Site Scripting vulnerability<= 4.9.1Jan 17, 2018
- Authenticated JavaScript File Upload vulnerability<= 4.9Dec 1, 2017
- RSS and Atom Feed Escaping<= 4.9Nov 29, 2017
- HTML Language Attribute Escaping<= 4.9Nov 29, 2017
- newbloguser Key Bypass<= 4.9Nov 29, 2017
- potential SQL injection (SQLi), $wpdb->prepare() issue, possible unsafe queries<= 4.8.2Oct 31, 2017
- SQL injection (SQLi) vulnerability<= 4.8.1Sep 19, 2017
- Cross-Site Scripting (XSS) vulnerability (oEmbed)<= 4.8.1Sep 19, 2017
- Cross-Site Scripting (XSS) vulnerability (visual editor)<= 4.8.1Sep 19, 2017
- Cross-Site Scripting (XSS) vulnerability (plugin editor)<= 4.8.1Sep 19, 2017
- Cross-Site Scripting (XSS) vulnerability (template names)<= 4.8.1Sep 19, 2017
- Cross-Site Scripting (XSS) vulnerability (link modal)<= 4.8.1Sep 19, 2017
- Path traversal vulnerability (file unzipping code)<= 4.8.1Sep 19, 2017
- Path traversal vulnerability (customizer)<= 4.8.1Sep 19, 2017
- Open redirect vulnerability (user and term edit screens)<= 4.8.1Sep 19, 2017
- Insufficient Redirect Validation vulnerability<= 4.7.4May 17, 2017
- Post Meta Data Values Improper Handling in XML-RPC API<= 4.7.4May 16, 2017
- Host Header Injection in Password Reset<= 4.7.4May 3, 2017
- Path traversal<= 4.5.3Jul 12, 2016
- BYPASS #1<= 4.5.2Jun 23, 2016
- BYPASS #2<= 4.5.2Jun 23, 2016
- BYPASS #3<= 4.5.2Jun 23, 2016
- Denial of Service Attacks<= 4.5.2Jun 23, 2016
- Session Hijacking<= 4.5.2Jun 23, 2016
- XSS #1<= 4.5.2Jun 23, 2016
- XSS #2<= 4.5.2Jun 23, 2016
- BYPASS #4<= 4.5.2Jun 23, 2016
- XSS<= 2.20.9May 7, 2016
- XSS<= 4.5.1May 7, 2016
- Service Side Request Forgery<= 4.4Apr 15, 2016
- XSS<= 4.4.1Apr 12, 2016
- CSRF<= 4.4.1Apr 12, 2016
- XSS<= 4.2.1Mar 25, 2016
- SSRF<= 4.4.1Feb 5, 2016
- Open Redirect<= 4.4.1Feb 4, 2016
- Multiple XSS<= 4.4.0Jan 8, 2016
- XSS<= 4.3.0Oct 28, 2015
- XSS<= 4.2.3Aug 4, 2015
- XSS #1<= 4.2.3Aug 4, 2015
- XSS #2<= 4.2.3Aug 4, 2015
- CSRF<= 4.2.3Aug 4, 2015
- Multiple Vulnerabilities<= 4.2.3Aug 4, 2015
- BYPASS<= 4.3.0Aug 2, 2015
- XSS<= 4.2.2Jul 23, 2015
- XSS<= 4.1.1Apr 28, 2015
- Multiple XSS<= 4.1.1Apr 28, 2015
- Stored XSS<= 4.2Apr 27, 2015
- SQL Injection<= 4.2.3Mar 5, 2015
- Denial of Service Attacks<= 4.0.1Dec 1, 2014
- Multiple Vulnerabilities #1<= 4.0.0Nov 20, 2014
- SSRF<= 4.0.0Nov 20, 2014
- Multiple Vulnerabilities #2<= 4.0.0Nov 20, 2014
- XSS #1<= 4.0.0Nov 20, 2014
- XSS #2<= 4.0.0Nov 20, 2014
- CSRF<= 4.0.0Nov 20, 2014
- XSS #3<= 4.0.0Nov 20, 2014
- XSS<= 3.9.2Nov 20, 2014
- Denial Of Service Attacks #1<= 3.9.1Aug 15, 2014
- Denial Of Service Attacks #2<= 3.9.1Aug 15, 2014
- XSS<= 3.9.1Aug 14, 2014
- Multiple Vulnerabilities #1<= 3.9.1Aug 13, 2014
- Multiple Vulnerabilities #2<= 3.9.1Aug 13, 2014
- Unsafe Serialization<= 3.9.1Aug 13, 2014
- Information Disclosure<= 3.3.2Jan 20, 2014
- Multiple Vulnerabilities<= 3.3.2Jan 20, 2014
- Cross Site Scripting<= 3.3.2Jan 20, 2014
- Broken Access Control vulnerability<= 3.0.5Jan 20, 2014
- Admin+ Access Restriction Bypass vulnerability<= 3.0.0Jan 20, 2014
- BYPASS<= 3.0.1Jan 20, 2014
- XSS<= 3.0.1Jan 20, 2014
- Multiple XSS<= 3.0.1Jan 20, 2014
- Spam Restriction Bypass vulnerability<= 3.0.1Jan 20, 2014
- Cross Site Request Forgery<= 2.0.11Dec 17, 2013
- Multiple vulnerabilities<= 3.8.1Dec 3, 2013
- Privilege Escalation<= 3.8.1Dec 3, 2013
- URL Redirect Restriction Bypass<= 3.6Oct 14, 2013
- Cross Site Scripting #1<= 3.6.0Sep 11, 2013
- Cross Site Scripting #2<= 3.6.0Sep 11, 2013
- Privilege Escalation<= 3.6.0Sep 9, 2013
- Multiple vulnerabilities<= 3.6.0Jun 12, 2013
- Arbitrary Code Execution<= 3.6.0Jun 12, 2013
- Full Path Disclosure<= 3.5.1Feb 19, 2013
- XXE Injection<= 3.5.1Feb 19, 2013
- Multiple Cross Site Scripting<= 3.5.1Feb 19, 2013
- Privilege Escalation<= 3.5.1Feb 19, 2013
- Multiple SSRF<= 3.5.1Feb 19, 2013
- Denial of Service Attacks<= 3.5.1Feb 19, 2013
- Cross Site Scripting<= 1.5.4Dec 6, 2012
- Multiple Cross Site Scripting<= 3.5.0Dec 6, 2012
- SSRF<= 3.5.0Dec 6, 2012
- Session Identifier Leakage vulnerability<= 3.4.2Nov 14, 2012
- Multiple Path Dislosure Vulnerabilities<= 3.4.2Sep 18, 2012
- CSRF<= 3.4.2Aug 21, 2012
- Multiple vulnerabilities<= 3.4.1Aug 21, 2012
- BYPASS<= 3.4.1Aug 21, 2012
- Multiple Vulnerabilities<= 3.4.0Jun 14, 2012
- CSRF<= 3.4.0Jun 14, 2012
- XSS and BYPASS<= 3.4.1Jun 14, 2012
- BYPASS<= 3.0.2Apr 30, 2012
- Multiple CSRF Vulnerabilities3.3.1Apr 27, 2012
- XSS #1<= 3.3.1Apr 21, 2012
- XSS #2<= 3.3.1Apr 21, 2012
- BYPASS<= 3.3.1Apr 21, 2012
- CSRF and XSS<= 3.3.1Apr 21, 2012
- Unspecified vulnerability<= 3.3.1Apr 21, 2012
- Multiple Vulnerabilities<= 3.3.1Jan 25, 2012
- Multiple XSS<= 3.3.1Jan 18, 2012
- SQL injection<= 0.7Jan 4, 2012
- PHP remote file inclusion<= 0.70Jan 4, 2012
- Multiple Vulnerabilities<= 3.1.0Dec 23, 2011
- Cross Site Scripting<= 3.1.0Dec 23, 2011
- Information Disclosure Vulnerability<= 3.0.4Sep 23, 2011
- SQL Injection<= 3.1.2Aug 10, 2011
- Arbitrary File Upload vulnerability<= 3.1.2Aug 10, 2011
- Multiple vulnerabilities<= 3.1.2Aug 10, 2011
- Clickjacking Attacks<= 3.1.2Aug 10, 2011
- Multiple Unspecified Remote vulnerabilities<= 3.1.2Aug 10, 2011
- Unspecified vulnerability #1<= 3.1.2Aug 10, 2011
- Unspecified vulnerability #2<= 3.1.2Aug 10, 2011
- SQL Injection Vulnerabilities<= 3.1.3Jul 1, 2011
- Multiple Security Vulnerabilities<= 3.0.4Jan 31, 2011
- Multiple XSS<= 3.0.4Jan 31, 2011
- Stored XSS (IE6/7 NS8.1)<= 3.0.3Dec 29, 2010
- Multiple XSS<= 3.0.3Dec 9, 2010
- SQL Injection<= 3.0.1Nov 16, 2010
- Arbitrary Code Execution<= 1.5.1.3Jul 3, 2010
- Failure to Restrict URL Access2.9,2.9.1Feb 13, 2010
- DoS (0day)<= 2.9Dec 31, 2009
- Unrestricted File Upload Arbitrary PHP Code Execution<= 2.8.5Nov 11, 2009
- WordPress 2.0 - 2.7.1 - Module Configuration Security Bypass Vulnerability2.0-2.7.1Nov 10, 2009
- XSS<= 2.8.5Nov 5, 2009
- Algorithmic complexity<= 2.8.4Oct 9, 2009
- Multiple Vulnerabilities #2<= 2.8.2Aug 18, 2009
- Multiple Vulnerabilities #1<= 2.8.2Aug 18, 2009
- BYPASS<= 2.8.2Aug 13, 2009
- Remote Cross-Site Scripting Vulnerability2.8.1Jul 24, 2009
- Privileges Unchecked in admin.php and Multiple Information<= 2.8Jul 10, 2009
- Multiple vulnerabilities<= 2.8.0Jul 10, 2009
- Information Disclosure<= 2.7.1Jul 10, 2009
- Multiple Existing/Non-Existing Username Enumeration Weaknesses<= 2.8.0Jul 5, 2009
- Denial Of Service Attacks<= 2.6.9Apr 28, 2009
- Open Redirection<= 2.6.9Apr 28, 2009
- Remote Code Execution<= 1.3.1Dec 19, 2008
- Cross Site Request Forgery<= 2.6.3Nov 17, 2008
- Directory Traversal<= 2.3.3Oct 27, 2008
- SQL Truncation Vulnerability #1<= 2.6.1Sep 15, 2008
- SQL Truncation Vulnerability #2<= 2.6.1Sep 15, 2008
- Multiple vulnerabilities<= 2.6.0Aug 20, 2008
- XSS<= 2.5Jul 18, 2008
- Unrestricted file upload<= 2.5.1May 21, 2008
- BYPASS<= 2.2.2May 12, 2008
- XSS<= 2.5May 2, 2008
- Cookie Integrity Protection Vulnerability<= 2.5Apr 23, 2008
- Multiple XSS vulnerabilities<= 2.3.2Mar 12, 2008
- Unauthorized Access Vulnerability<= 2.3.2Feb 7, 2008
- Multiple Directory Traversal<= 2.0.11Jan 9, 2008
- Multiple Vulnerabilities<= 2.0.11Jan 9, 2008
- Directory Traversal<= 2.0.3Jan 9, 2008
- XSS<= 2.0.11Jan 9, 2008
- Multiple XSS<= 2.0.9Jan 9, 2008
- SQL Injection<= 2.3.9Jan 9, 2008
- SQL Injection<= 2.3.1Dec 11, 2007
- Cookie Authentication Vulnerability<= 2.3.1Nov 19, 2007
- XSS<= 2.3Oct 30, 2007
- Cross Site Scripting<= 2.0Sep 26, 2007
- XSS<= 2.0.1Sep 26, 2007
- Multiple SQL Injection<= 2.2.3Sep 14, 2007
- XSS<= 2.2.3Sep 14, 2007
- SQL Injection<= 2.2.1Aug 3, 2007
- Multiple XSS<= 2.2.1Aug 3, 2007
- XSS<= 2.2.1Aug 2, 2007
- Multiple vulnerabilities<= 2.2.1Jul 9, 2007
- Arbitrary File Upload<= 2.2.1Jul 3, 2007
- Arbitrary File Upload<= 2.2.0Jul 3, 2007
- SQL Injection<= 2.2Jun 8, 2007
- SQL Injection<= 2.1May 22, 2007
- Cross Site Scripting<= 1.0May 11, 2007
- SQL Injection vulnerability<= 2.1.2Apr 9, 2007
- XSS<= 2.0.10Apr 9, 2007
- Security BYPASS<= 2.1.2Apr 9, 2007
- Cross Site Scripting<= 2.1.2Mar 28, 2007
- XSS<= 2.1.2 RC2Mar 22, 2007
- Redirection Vulnerability<= 1.0Mar 22, 2007
- Sensitive Directory Exposure<= 2.1.2Mar 10, 2007
- Multiple Vulnerabilities<= 2.1.1Mar 5, 2007
- Multiple XSS<= 2.1.1Mar 2, 2007
- XSS<= 2.1.0Feb 21, 2007
- Multiple Vulnerabilities<= 1.4.5Jan 29, 2007
- Denial of Service Attacks<= 2.1Jan 29, 2007
- Denial of Service Attacks<= 2.0Jan 29, 2007
- Full Path disclosure<= 2.0.6Jan 16, 2007
- SQL Injection vulnerability<= 2.0.6Jan 12, 2007
- Dictionnary & Bruteforce attack<= 2.0.5Jan 8, 2007
- SQL Injection<= 2.0.5Jan 8, 2007
- XSS<= 2.0.5Jan 8, 2007
- Cross Site Scripting<= 2.0.5Dec 28, 2006
- Denial of Service Attacks<= 2.0.4Nov 21, 2006
- Multiple vulnerabilities<= 2.0.4Nov 21, 2006
- Multiple Directory Traversal<= 2.0.4Nov 3, 2006
- Multiple vulnerabilities #1<= 2.0.5Sep 13, 2006
- Multiple Vulnerabilities<= 2.0.3Aug 9, 2006
- Full Path Disclosure<= 2.0.3Jul 6, 2006
- Direct Static Code Injection<= 2.0.2May 30, 2006
- Shell Injection<= 2.0.2May 30, 2006
- Cross Site Scripting (XSS)<= 1.5.2Apr 17, 2006
- Multiple XSS<= 2.0.1Mar 18, 2006
- SQL injection<= 1.5.2Mar 6, 2006
- Multiple XSS<= 2.0.1Mar 3, 2006
- Multiple Vulnerabilities<= 2.0.1Mar 3, 2006
- Cross Site Scripting<= 2.0.0Feb 16, 2006
- Multiple Vulnerabilities<= 1.5.1Dec 21, 2005
- Remote Code Execution<= 1.2Oct 27, 2005
- Multiple XSS vulnerabilities<= 1.5.1.2Jul 1, 2005
- SQL injection<= 1.5.1.2Jul 1, 2005
- Multiple Vulnerabilities #1<= 1.5.1.2Jul 1, 2005
- Multiple Vulnerabilities #2<= 1.5.1.2Jul 1, 2005
- Eval Injection1.3Jun 8, 2005
- SQL injection<= 1.5.1Jun 1, 2005
- SQL injection vulnerability<= 1.5May 20, 2005
- SQL injection vulnerability<= 1.5May 20, 2005
- Multiple Cross-Site Scripting (XSS) vulnerabilities<= 1.5Apr 13, 2005
- Multiple Cross-Site Scripting (XSS) vulnerabilities<= 1.2Feb 20, 2005
- CRLF (Carriage Return Line Feed) injection<= 1.2Feb 20, 2005