API Monitor free

WordPress

The WordPress core.

WordPress logo

WordPress

Authenticated CrossSite Scripting (XSS) vulnerability

<= 6.0.1

4.9

31.08.2022

Authenticated Stored CrossSite Scripting (XSS) vulnerability

<= 6.0.1

4.9

31.08.2022

Authenticated SQL Injection (SQLi) vulnerability via Link API

<= 6.0.1

7.7

31.08.2022

Stored CrossSite Scripting (XSS) vulnerability

<= 5.9.1

5.4

11.03.2022

Stored CrossSite Scripting (XSS) vulnerability

<= 5.8.2

7.6

06.01.2022

SQL Injection (SQLi) vulnerability

<= 5.8.2

8

06.01.2022

SQL Injection (SQLi) vulnerability

<= 5.8.2

7.4

06.01.2022

Authenticated Object Injection in Multisites

<= 5.8.2

6.6

06.01.2022

Plugin Confusion vulnerability

< 5.8

8.1

25.11.2021

Expired DST Root CA X3 Certificate issue

<= 5.8.1

0

10.11.2021

Authenticated CrossSite Scripting (XSS) vulnerability

<= 5.8

7.6

09.09.2021

Data Exposure via REST API vulnerability

<= 5.8

5.3

09.09.2021

Command injection vulnerability in the Lodash library

<= 5.8

7.2

09.09.2021

Object injection in PHPMailer vulnerability

<= 5.7.1

9.8

13.05.2021

5.7 XML External Entity (XXE) vulnerability

4.7-5.7

6.5

15.04.2021

5.7 Sensitive Data Exposure vulnerability

4.7-5.7

5.3

15.04.2021

CrossSite Request Forgery (CSRF) vulnerability

<= 5.5.1

Bypass Protected Meta That Could Lead To Arbitrary File Deletion vulnerability

<= 5.5.1

Stored CrossSite Scripting (XSS) in Post Slugs vulnerability

<= 5.5.1

Unauthenticated DenialofService (DoS) Attack to Remote Code Execution (RCE) vulnerability

<= 5.5.1

XMLRPC Privilege Escalation vulnerability

<= 5.5.1

CrossSite Scripting (XSS) via Global Variables vulnerability

<= 5.5.1

Mishandling Embeds From Disabled Sites On a Multisite Network vulnerability

<= 5.5.1

Mishandled deserialization requests vulnerability

<= 5.5.1

wp_kses_bad_protocol() Colon Bypass vulnerability

<= 5.3

Stored CrossSite Scripting (XSS) vulnerability

<= 5.3

Multiple security issues (XSS, SSRF, Cache Poisoning)

<= 5.2.3

CrossSite Scripting (XSS) vulnerability

<= 5.2.2

5.1 CrossSite Scripting (XSS) vulnerability

3.9-5.1

5.0 (except 4.9.9) Authenticated Code Execution vulnerability

3.7-5.0

8.8

28.02.2019

Authenticated File Delete vulnerability

<= 5.0

Authenticated Post Type Bypass vulnerability

<= 5.0

PHP Object Injection via Meta Data vulnerability

<= 5.0

Authenticated CrossSite Scripting (XSS) vulnerability

<= 5.0

CrossSite Scripting (XSS) vulnerability that could affect plugins

<= 5.0

User Activation Screen Search Engine Indexing

<= 5.0

File Upload to XSS on Apache Web Servers vulnerability

<= 5.0

Arbitrary Code Execution vulnerability

<= 4.9.6

Vulnerable due to "localhost" default parameter

<= 4.9.4

Use Safe Redirect for Login

<= 4.9.4

Escape Version in Generator Tag

<= 4.9.4

Application Denial of Service (DoS) vulnerability

<= 4.9.2

4.9.1 CrossSite Scripting vulnerability

<= 4.9.1

Authenticated JavaScript File Upload vulnerability

<= 4.9

4.9 RSS and Atom Feed Escaping

<= 4.9

4.9 HTML Language Attribute Escaping

<= 4.9

4.9 newbloguser Key Bypass

<= 4.9

potential SQL injection (SQLi), $wpdb>prepare() issue, possible unsafe queries

<= 4.8.2

SQL injection (SQLi) vulnerability

<= 4.8.1

CrossSite Scripting (XSS) vulnerability (oEmbed)

<= 4.8.1

CrossSite Scripting (XSS) vulnerability (visual editor)

<= 4.8.1

CrossSite Scripting (XSS) vulnerability (plugin editor)

<= 4.8.1

CrossSite Scripting (XSS) vulnerability (template names)

<= 4.8.1

CrossSite Scripting (XSS) vulnerability (link modal)

<= 4.8.1

Path traversal vulnerability (file unzipping code)

<= 4.8.1

Path traversal vulnerability (customizer)

<= 4.8.1

Open redirect vulnerability (user and term edit screens)

<= 4.8.1

Insufficient Redirect Validation vulnerability

<= 4.7.4

Post Meta Data Values Improper Handling in XMLRPC API

<= 4.7.4

Host Header Injection in Password Reset

<= 4.7.4

Path traversal

<= 4.5.3

BYPASS #1

<= 4.5.2

BYPASS #2

<= 4.5.2

BYPASS #3

<= 4.5.2

Denial of Service Attacks

<= 4.5.2

Session Hijacking

<= 4.5.2

XSS #1

<= 4.5.2

XSS #2

<= 4.5.2

BYPASS #4

<= 4.5.2

XSS

<= 2.20.9

XSS

<= 4.5.1

Service Side Request Forgery

<= 4.4

XSS

<= 4.4.1

CSRF

<= 4.4.1

XSS

<= 4.2.1

SSRF

<= 4.4.1

Open Redirect

<= 4.4.1

Multiple XSS

<= 4.4.0

XSS

<= 4.3.0

XSS #1

<= 4.2.3

XSS #2

<= 4.2.3

CSRF

<= 4.2.3

Multiple Vulnerabilities

<= 4.2.3

BYPASS

<= 4.3.0

XSS

<= 4.2.2

XSS

<= 4.1.1

Multiple XSS

<= 4.1.1

Stored XSS

<= 4.2

SQL Injection

<= 4.2.3

Denial of Service Attacks

<= 4.0.1

Multiple Vulnerabilities #1

<= 4.0.0

SSRF

<= 4.0.0

Multiple Vulnerabilities #2

<= 4.0.0

XSS #1

<= 4.0.0

XSS #2

<= 4.0.0

CSRF

<= 4.0.0

XSS #3

<= 4.0.0

XSS

<= 3.9.2

Denial Of Service Attacks #1

<= 3.9.1

Denial Of Service Attacks #2

<= 3.9.1

XSS

<= 3.9.1

Multiple Vulnerabilities #1

<= 3.9.1

Multiple Vulnerabilities #2

<= 3.9.1

Unsafe Serialization

<= 3.9.1

Information Disclosure

<= 3.3.2

Multiple Vulnerabilities

<= 3.3.2

Cross Site Scripting

<= 3.3.2

<= 3.0.5

<= 3.0.0

BYPASS

<= 3.0.1

XSS

<= 3.0.1

Multiple XSS

<= 3.0.1

<= 3.0.1

Cross Site Request Forgery

<= 2.0.11

Multiple vulnerabilities

<= 3.8.1

Privilege Escalation

<= 3.8.1

URL Redirect Restriction Bypass

<= 3.6

Cross Site Scripting #1

<= 3.6.0

Cross Site Scripting #2

<= 3.6.0

Privilege Escalation

<= 3.6.0

Multiple vulnerabilities

<= 3.6.0

Arbitrary Code Execution

<= 3.6.0

Full Path Disclosure

<= 3.5.1

Full Path Disclosure

<= 3.5.1

External Entity Injection

<= 3.5.1

Multiple Cross Site Scripting

<= 3.5.1

Privilege Escalation

<= 3.5.1

Multiple SSRF

<= 3.5.1

Denial of Service Attacks

<= 3.5.1

Cross Site Scripting

<= 1.5.4

Multiple Cross Site Scripting

<= 3.5.0

SSRF

<= 3.5.1

<= 3.4.2

Multiple Path Dislosure Vulnerabilities

<= 3.4.2

CSRF

<= 3.4.2

Multiple vulnerabilities

<= 3.4.1

BYPASS

<= 3.4.1

Multiple Vulnerabilities

<= 3.4.0

CSRF

<= 3.4.0

XSS and BYPASS

<= 3.4.1

BYPASS

<= 3.0.2

Multiple CSRF Vulnerabilities

3.3.1

XSS #1

<= 3.3.1

XSS #2

<= 3.3.1

BYPASS

<= 3.3.1

CSRF and XSS

<= 3.3.1

Unspecified vulnerability

<= 3.3.1

Multiple Vulnerabilities

<= 3.3.1

Multiple XSS

<= 3.3.1

SQL injection

<= 0.7

PHP remote file inclusion

<= 0.70

Multiple Vulnerabilities

<= 3.1.0

Cross Site Scripting

<= 3.1.0

Information Disclosure Vulnerability

<= 3.0.4

SQL Injection

<= 3.1.2

Arbitrary File Upload vulnerability

<= 3.1.2

Multiple vulnerabilities

<= 3.1.2

Clickjacking Attacks

<= 3.1.2

Multiple Unspecified Remote vulnerabilities

<= 3.1.2

Unspecified vulnerability #1

<= 3.1.2

Unspecified vulnerability #2

<= 3.1.2

SQL Injection Vulnerabilities

<= 3.1.3

Multiple Security Vulnerabilities

<= 3.0.4

Multiple XSS

<= 3.0.4

Stored XSS (IE6/7 NS8.1)

<= 3.0.3

Multiple XSS

<= 3.0.3

SQL Injection

<= 3.0.1

Arbitrary Code Execution

<= 1.5.1.3

Failure to Restrict URL Access

2.9,2.9.1

DoS (0day)

<= 2.9

Unrestricted File Upload Arbitrary PHP Code Execution

<= 2.8.5

2.7.1 Module Configuration Security Bypass Vulnerability

2.0-2.7.1

XSS

<= 2.8.5

Algorithmic complexity

<= 2.8.4

Multiple Vulnerabilities #2

<= 2.8.2

Multiple Vulnerabilities #1

<= 2.8.2

BYPASS

<= 2.8.2

Remote CrossSite Scripting Vulnerability

2.8.1

Privileges Unchecked in admin.php and Multiple Information

<= 2.8

Multiple vulnerabilities

<= 2.8.0

Information Disclosure

<= 2.7.1

Multiple Existing/NonExisting Username Enumeration Weaknesses

<= 2.8.0

Denial Of Service Attacks

<= 2.6.9

Open Redirection

<= 2.6.9

Remote Code Execution

<= 1.3.1

Cross Site Request Forgery

<= 2.6.3

Directory Traversal

<= 2.3.3

SQL Truncation Vulnerability #1

<= 2.6.1

SQL Truncation Vulnerability #2

<= 2.6.1

Multiple vulnerabilities

<= 2.6.0

XSS

<= 2.5

Unrestricted file upload

<= 2.5.1

BYPASS

<= 2.2.2

XSS

<= 2.5

Cookie Integrity Protection Vulnerability

<= 2.5

Multiple XSS vulnerabilities

<= 2.3.2

Unauthorized Access Vulnerability

<= 2.3.2

Multiple Directory Traversal

<= 2.0.11

Multiple Vulnerabilities

<= 2.0.11

Directory Traversal

<= 2.0.3

XSS

<= 2.0.11

Multiple XSS

<= 2.0.9

SQL Injection

<= 2.3.9

SQL Injection

<= 2.3.1

Cookie Authentication Vulnerability

<= 2.3.1

XSS

<= 2.3

Cross Site Scripting

<= 2.0

XSS

<= 2.0.1

Multiple SQL Injection

<= 2.2.3

XSS

<= 2.2.3

SQL Injection

<= 2.2.1

Multiple XSS

<= 2.2.1

XSS

<= 2.2.1

Multiple vulnerabilities

<= 2.2.1

Arbitrary File Upload

<= 2.2.1

Arbitrary File Upload

<= 2.2.0

SQL Injection

<= 2.2

SQL Injection

<= 2.1

Cross Site Scripting

<= 1.0

SQL Injection vulnerability

<= 2.1.2

XSS

<= 2.0.10

Security BYPASS

<= 2.1.2

Cross Site Scripting

<= 2.1.2

XSS

<= 2.1.2 RC2

Redirection Vulnerability

<= 1.0

Sensitive Directory Exposure

<= 2.1.2

Multiple Vulnerabilities

<= 2.1.1

Multiple XSS

<= 2.1.1

XSS

<= 2.1.0

Multiple Vulnerabilities

<= 1.4.5

Denial of Service Attacks

<= 2.1

Denial of Service Attacks

<= 2.0

Full Path disclosure

<= 2.0.6

SQL Injection vulnerability

<= 2.0.6

Dictionnary & Bruteforce attack

<= 2.0.5

SQL Injection

<= 2.0.5

XSS

<= 2.0.5

Cross Site Scripting

<= 2.0.5

Denial of Service Attacks

<= 2.0.4

Multiple vulnerabilities

<= 2.0.4

Multiple Directory Traversal

<= 2.0.4

Multiple vulnerabilities #1

<= 2.0.5

Multiple Vulnerabilities

<= 2.0.3

Full Path Disclosure

<= 2.0.3

Direct Static Code Injection

<= 2.0.2

Shell Injection

<= 2.0.2

Cross Site Scripting (XSS)

<= 1.5.2

Multiple XSS

<= 2.0.1

SQL injection

<= 1.5.2

Multiple XSS

<= 2.0.1

Multiple Vulnerabilities

<= 2.0.1

Cross Site Scripting

<= 2.0.0

Multiple Vulnerabilities

<= 1.5.1

Remote Code Execution

<= 1.2

Multiple XSS vulnerabilities

<= 1.5.1.2

SQL injection

<= 1.5.1.2

Multiple Vulnerabilities #1

<= 1.5.1.2

Multiple Vulnerabilities #2

<= 1.5.1.2

Eval Injection

1.3

SQL injection

<= 1.5.1

SQL injection vulnerability

<= 1.5

SQL injection vulnerability

<= 1.5

Multiple CrossSite Scripting (XSS) vulnerabilities

<= 1.5

Multiple CrossSite Scripting (XSS) vulnerabilities

<= 1.2

CRLF (Carriage Return Line Feed) injection

<= 1.2

Submit vulnerabilities and become a verified Alliance member

Learn more

Let us know if we have missed a vulnerability reported elsewhere

Report arrow right Close

Thank you for contributing!

Successfully submit vulnerabilities and receive an invite to our Alliance platform.

Learn more arrow right Close