WordPress
N/A
Developer
N/A
Latest version
N/A
Installations
N/A
Last updated
Vulnerability history
1 present
307 patched
4 Mitigation rules
- XML External Entity (XXE) vulnerability<= 6.9.310/03/2026
- Broken Access Control in Notes vulnerability6.9-6.9.310/03/2026
- Missing Authorization to Authenticated (Author+) Sensitive Information Disclosure vulnerability<= 6.9.110/03/2026
- Server-Side Request Forgery (SSRF) vulnerability6.9-6.9.110/03/2026
- Cross-Site Scripting vulnerability6.9-6.9.110/03/2026
- Stored Cross-Site Scripting6.9-6.9.110/03/2026
- (Author+) Cross Site Scripting (XSS) Vulnerability<= 6.8.222/09/2025
- (Contributor+) Sensitive Data Exposure Vulnerability<= 6.8.222/09/2025
- Contributor+ Path Traversal (Windows Only) vulnerability< 6.5.525/06/2024
- Cross Site Scripting (XSS) via template-part vulnerability< 6.5.525/06/2024
- Contributor+ Stored Cross-Site Scripting via HTML API< 6.5.525/06/2024
- Authenticated (Contributor+) Stored Cross-Site Scripting Via Avatar Block vulnerability<= 6.5.009/04/2024
- Sensitive Information Exposure via redirect_guess_404_permalink vulnerability<= 6.4.305/04/2024
- Auth. (Admin+) PHP File Upload vulnerability< 6.4.331/01/2024
- Cache Poisoning Denial of Service vulnerability< 6.3.213/10/2023
- Contributor+ Stored XSS in Navigation Links Block vulnerability< 6.3.213/10/2023
- Contributor+ Comment Read on Private and Password Protected Post vulnerability< 6.3.213/10/2023
- Reflected Cross-Site Scripting via Application Password Requests< 6.3.213/10/2023
- Sensitive Information Exposure via User Search REST Endpoint< 6.3.213/10/2023
- Auth. (Contributor+) Cross-Site Scripting via Footnotes Block6.3-6.3.113/10/2023
- Auth. (Subscriber+) Arbitrary Shortcode Execution via parse-media-shortcode< 6.3.213/10/2023
- Unauth. Shortcode Execution vulnerability<= 6.2.122/05/2023
- Insufficient Sanitization of Block Attributes vulnerabilities<= 6.217/05/2023
- Auth. Stored Cross-Site Scripting (XSS) vulnerability<= 6.217/05/2023
- Unauth. Shortcode Execution vulnerability<= 6.217/05/2023
- Unauth. Directory Traversal vulnerability<= 6.217/05/2023
- Cross-Site Request Forgery vulnerability<= 6.217/05/2023
- Unauthenticated Blind Server-Side Request Forgery vulnerability<= 6.6.213/12/2022
- Cross-Site Scripting (XSS) vulnerability<= 6.0.218/10/2022
- Cross-Site Scripting (XSS) vulnerability<= 6.0.218/10/2022
- Stored Cross-Site Scripting (XSS) vulnerability<= 6.0.218/10/2022
- Cross-Site Scripting (XSS) vulnerability<= 6.0.218/10/2022
- SQL Injection (SQLi) vulnerability<= 6.0.218/10/2022
- Content From Multipart Emails Leak vulnerability<= 6.0.218/10/2022
- Cross-Site Request Forgery (CSRF) vulnerability in wp-trackback.php<= 6.0.218/10/2022
- Stored Cross-Site Scripting (XSS) vulnerability in Comment editing<= 6.0.218/10/2022
- Stored Cross-Site Scripting (XSS) vulnerability<= 6.0.218/10/2022
- Stored Cross-Site Scripting (XSS) vulnerability<= 6.0.218/10/2022
- Reflected Cross-Site Scripting (XSS) via SQLi vulnerability<= 6.0.218/10/2022
- Sender’s Email Address Exposure vulnerability<= 6.0.218/10/2022
- Stored Cross-Site Scripting (XSS) vulnerability<= 6.0.218/10/2022
- Data Exposure vulnerability via REST API<= 6.0.218/10/2022
- Open redirect vulnerability<= 6.0.218/10/2022
- Authenticated Cross-Site Scripting (XSS) vulnerability<= 6.0.131/08/2022
- Authenticated Stored Cross-Site Scripting (XSS) vulnerability<= 6.0.131/08/2022
- Authenticated SQL Injection (SQLi) vulnerability via Link API<= 6.0.131/08/2022
- Stored Cross-Site Scripting (XSS) vulnerability<= 5.9.111/03/2022
- Stored Cross-Site Scripting (XSS) vulnerability<= 5.8.206/01/2022
- SQL Injection (SQLi) vulnerability<= 5.8.206/01/2022
- SQL Injection (SQLi) vulnerability<= 5.8.206/01/2022
- Authenticated Object Injection in Multisites<= 5.8.206/01/2022
- Plugin Confusion vulnerability< 5.825/11/2021
- Expired DST Root CA X3 Certificate issue<= 5.8.110/11/2021
- Authenticated Cross-Site Scripting (XSS) vulnerability<= 5.809/09/2021
- Data Exposure via REST API vulnerability<= 5.809/09/2021
- Command injection vulnerability in the Lodash library<= 5.809/09/2021
- Object injection in PHPMailer vulnerability<= 5.7.113/05/2021
- XML External Entity (XXE) vulnerability4.7-5.715/04/2021
- Sensitive Data Exposure vulnerability4.7-5.715/04/2021
- Cross-Site Request Forgery (CSRF) vulnerability<= 5.5.129/10/2020
- Bypass Protected Meta That Could Lead To Arbitrary File Deletion vulnerability<= 5.5.129/10/2020
- Stored Cross-Site Scripting (XSS) in Post Slugs vulnerability<= 5.5.129/10/2020
- Unauthenticated Denial-of-Service (DoS) Attack to Remote Code Execution (RCE) vulnerability<= 5.5.129/10/2020
- XML-RPC Privilege Escalation vulnerability<= 5.5.129/10/2020
- Cross-Site Scripting (XSS) via Global Variables vulnerability<= 5.5.129/10/2020
- Mishandling Embeds From Disabled Sites On a Multisite Network vulnerability<= 5.5.129/10/2020
- Mishandled deserialization requests vulnerability<= 5.5.129/10/2020
- wp_kses_bad_protocol() Colon Bypass vulnerability<= 5.306/01/2020
- Stored Cross-Site Scripting (XSS) vulnerability<= 5.313/12/2019
- Multiple security issues (XSS, SSRF, Cache Poisoning)<= 5.2.315/10/2019
- Cross-Site Scripting (XSS) vulnerability<= 5.2.205/09/2019
- Cross-Site Scripting (XSS) vulnerability3.9-5.113/03/2019
- Authenticated Code Execution vulnerability3.7-5.028/02/2019
- Authenticated File Delete vulnerability<= 5.013/12/2018
- Authenticated Post Type Bypass vulnerability<= 5.013/12/2018
- PHP Object Injection via Meta Data vulnerability<= 5.013/12/2018
- Authenticated Cross-Site Scripting (XSS) vulnerability<= 5.013/12/2018
- Cross-Site Scripting (XSS) vulnerability that could affect plugins<= 5.013/12/2018
- User Activation Screen Search Engine Indexing<= 5.013/12/2018
- File Upload to XSS on Apache Web Servers vulnerability<= 5.013/12/2018
- Arbitrary Code Execution vulnerability<= 4.9.627/06/2018
- Security Misconfiguration with URL Hostnames<= 4.9.405/04/2018
- Use Safe Redirect for Login<= 4.9.405/04/2018
- Stored XSS in Generator Tag<= 4.9.405/04/2018
- Application Denial of Service (DoS) vulnerability<= 4.9.205/02/2018
- Cross-Site Scripting vulnerability<= 4.9.117/01/2018
- Authenticated JavaScript File Upload vulnerability<= 4.901/12/2017
- RSS and Atom Feed Escaping<= 4.929/11/2017
- HTML Language Attribute Escaping<= 4.929/11/2017
- newbloguser Key Bypass<= 4.929/11/2017
- potential SQL injection (SQLi), $wpdb->prepare() issue, possible unsafe queries<= 4.8.231/10/2017
- SQL injection (SQLi) vulnerability<= 4.8.119/09/2017
- Cross-Site Scripting (XSS) vulnerability (oEmbed)<= 4.8.119/09/2017
- Cross-Site Scripting (XSS) vulnerability (visual editor)<= 4.8.119/09/2017
- Cross-Site Scripting (XSS) vulnerability (plugin editor)<= 4.8.119/09/2017
- Cross-Site Scripting (XSS) vulnerability (template names)<= 4.8.119/09/2017
- Cross-Site Scripting (XSS) vulnerability (link modal)<= 4.8.119/09/2017
- Path traversal vulnerability (file unzipping code)<= 4.8.119/09/2017
- Path traversal vulnerability (customizer)<= 4.8.119/09/2017
- Open redirect vulnerability (user and term edit screens)<= 4.8.119/09/2017
- Insufficient Redirect Validation vulnerability<= 4.7.417/05/2017
- Post Meta Data Values Improper Handling in XML-RPC API<= 4.7.416/05/2017
- Host Header Injection in Password Reset<= 4.7.403/05/2017
- Path traversal<= 4.5.312/07/2016
- BYPASS #1<= 4.5.223/06/2016
- BYPASS #2<= 4.5.223/06/2016
- BYPASS #3<= 4.5.223/06/2016
- Denial of Service Attacks<= 4.5.223/06/2016
- Session Hijacking<= 4.5.223/06/2016
- XSS #1<= 4.5.223/06/2016
- XSS #2<= 4.5.223/06/2016
- BYPASS #4<= 4.5.223/06/2016
- XSS<= 2.20.907/05/2016
- XSS<= 4.5.107/05/2016
- Service Side Request Forgery<= 4.415/04/2016
- XSS<= 4.4.112/04/2016
- CSRF<= 4.4.112/04/2016
- XSS<= 4.2.125/03/2016
- SSRF<= 4.4.105/02/2016
- Open Redirect<= 4.4.104/02/2016
- Multiple XSS<= 4.4.008/01/2016
- XSS<= 4.3.028/10/2015
- XSS<= 4.2.304/08/2015
- XSS #1<= 4.2.304/08/2015
- XSS #2<= 4.2.304/08/2015
- CSRF<= 4.2.304/08/2015
- Multiple Vulnerabilities<= 4.2.304/08/2015
- BYPASS<= 4.3.002/08/2015
- XSS<= 4.2.223/07/2015
- XSS<= 4.1.128/04/2015
- Multiple XSS<= 4.1.128/04/2015
- Stored XSS<= 4.227/04/2015
- SQL Injection<= 4.2.305/03/2015
- Denial of Service Attacks<= 4.0.101/12/2014
- Multiple Vulnerabilities #1<= 4.0.020/11/2014
- SSRF<= 4.0.020/11/2014
- Multiple Vulnerabilities #2<= 4.0.020/11/2014
- XSS #1<= 4.0.020/11/2014
- XSS #2<= 4.0.020/11/2014
- CSRF<= 4.0.020/11/2014
- XSS #3<= 4.0.020/11/2014
- XSS<= 3.9.220/11/2014
- Denial Of Service Attacks #1<= 3.9.115/08/2014
- Denial Of Service Attacks #2<= 3.9.115/08/2014
- XSS<= 3.9.114/08/2014
- Multiple Vulnerabilities #1<= 3.9.113/08/2014
- Multiple Vulnerabilities #2<= 3.9.113/08/2014
- Unsafe Serialization<= 3.9.113/08/2014
- Information Disclosure<= 3.3.220/01/2014
- Multiple Vulnerabilities<= 3.3.220/01/2014
- Cross Site Scripting<= 3.3.220/01/2014
- Broken Access Control vulnerability<= 3.0.520/01/2014
- Admin+ Access Restriction Bypass vulnerability<= 3.0.020/01/2014
- BYPASS<= 3.0.120/01/2014
- XSS<= 3.0.120/01/2014
- Multiple XSS<= 3.0.120/01/2014
- Spam Restriction Bypass vulnerability<= 3.0.120/01/2014
- Cross Site Request Forgery<= 2.0.1117/12/2013
- Multiple vulnerabilities<= 3.8.103/12/2013
- Privilege Escalation<= 3.8.103/12/2013
- URL Redirect Restriction Bypass<= 3.614/10/2013
- Cross Site Scripting #1<= 3.6.011/09/2013
- Cross Site Scripting #2<= 3.6.011/09/2013
- Privilege Escalation<= 3.6.009/09/2013
- Multiple vulnerabilities<= 3.6.012/06/2013
- Arbitrary Code Execution<= 3.6.012/06/2013
- Full Path Disclosure<= 3.5.119/02/2013
- XXE Injection<= 3.5.119/02/2013
- Multiple Cross Site Scripting<= 3.5.119/02/2013
- Privilege Escalation<= 3.5.119/02/2013
- Multiple SSRF<= 3.5.119/02/2013
- Denial of Service Attacks<= 3.5.119/02/2013
- Cross Site Scripting<= 1.5.406/12/2012
- Multiple Cross Site Scripting<= 3.5.006/12/2012
- SSRF<= 3.5.006/12/2012
- Session Identifier Leakage vulnerability<= 3.4.214/11/2012
- Multiple Path Dislosure Vulnerabilities<= 3.4.218/09/2012
- CSRF<= 3.4.221/08/2012
- Multiple vulnerabilities<= 3.4.121/08/2012
- BYPASS<= 3.4.121/08/2012
- Multiple Vulnerabilities<= 3.4.014/06/2012
- CSRF<= 3.4.014/06/2012
- XSS and BYPASS<= 3.4.114/06/2012
- BYPASS<= 3.0.230/04/2012
- Multiple CSRF Vulnerabilities3.3.127/04/2012
- XSS #1<= 3.3.121/04/2012
- XSS #2<= 3.3.121/04/2012
- BYPASS<= 3.3.121/04/2012
- CSRF and XSS<= 3.3.121/04/2012
- Unspecified vulnerability<= 3.3.121/04/2012
- Multiple Vulnerabilities<= 3.3.125/01/2012
- Multiple XSS<= 3.3.118/01/2012
- SQL injection<= 0.704/01/2012
- PHP remote file inclusion<= 0.7004/01/2012
- Multiple Vulnerabilities<= 3.1.023/12/2011
- Cross Site Scripting<= 3.1.023/12/2011
- Information Disclosure Vulnerability<= 3.0.423/09/2011
- SQL Injection<= 3.1.210/08/2011
- Arbitrary File Upload vulnerability<= 3.1.210/08/2011
- Multiple vulnerabilities<= 3.1.210/08/2011
- Clickjacking Attacks<= 3.1.210/08/2011
- Multiple Unspecified Remote vulnerabilities<= 3.1.210/08/2011
- Unspecified vulnerability #1<= 3.1.210/08/2011
- Unspecified vulnerability #2<= 3.1.210/08/2011
- SQL Injection Vulnerabilities<= 3.1.301/07/2011
- Multiple Security Vulnerabilities<= 3.0.431/01/2011
- Multiple XSS<= 3.0.431/01/2011
- Stored XSS (IE6/7 NS8.1)<= 3.0.329/12/2010
- Multiple XSS<= 3.0.309/12/2010
- SQL Injection<= 3.0.116/11/2010
- Arbitrary Code Execution<= 1.5.1.303/07/2010
- Failure to Restrict URL Access2.9,2.9.113/02/2010
- DoS (0day)<= 2.931/12/2009
- Unrestricted File Upload Arbitrary PHP Code Execution<= 2.8.511/11/2009
- WordPress 2.0 - 2.7.1 - Module Configuration Security Bypass Vulnerability2.0-2.7.110/11/2009
- XSS<= 2.8.505/11/2009
- Algorithmic complexity<= 2.8.409/10/2009
- Multiple Vulnerabilities #2<= 2.8.218/08/2009
- Multiple Vulnerabilities #1<= 2.8.218/08/2009
- BYPASS<= 2.8.213/08/2009
- Remote Cross-Site Scripting Vulnerability2.8.124/07/2009
- Privileges Unchecked in admin.php and Multiple Information<= 2.810/07/2009
- Multiple vulnerabilities<= 2.8.010/07/2009
- Information Disclosure<= 2.7.110/07/2009
- Multiple Existing/Non-Existing Username Enumeration Weaknesses<= 2.8.005/07/2009
- Denial Of Service Attacks<= 2.6.928/04/2009
- Open Redirection<= 2.6.928/04/2009
- Remote Code Execution<= 1.3.119/12/2008
- Cross Site Request Forgery<= 2.6.317/11/2008
- Directory Traversal<= 2.3.327/10/2008
- SQL Truncation Vulnerability #1<= 2.6.115/09/2008
- SQL Truncation Vulnerability #2<= 2.6.115/09/2008
- Multiple vulnerabilities<= 2.6.020/08/2008
- XSS<= 2.518/07/2008
- Unrestricted file upload<= 2.5.121/05/2008
- BYPASS<= 2.2.212/05/2008
- XSS<= 2.502/05/2008
- Cookie Integrity Protection Vulnerability<= 2.523/04/2008
- Multiple XSS vulnerabilities<= 2.3.212/03/2008
- Unauthorized Access Vulnerability<= 2.3.207/02/2008
- Multiple Directory Traversal<= 2.0.1109/01/2008
- Multiple Vulnerabilities<= 2.0.1109/01/2008
- Directory Traversal<= 2.0.309/01/2008
- XSS<= 2.0.1109/01/2008
- Multiple XSS<= 2.0.909/01/2008
- SQL Injection<= 2.3.909/01/2008
- SQL Injection<= 2.3.111/12/2007
- Cookie Authentication Vulnerability<= 2.3.119/11/2007
- XSS<= 2.330/10/2007
- Cross Site Scripting<= 2.026/09/2007
- XSS<= 2.0.126/09/2007
- Multiple SQL Injection<= 2.2.314/09/2007
- XSS<= 2.2.314/09/2007
- SQL Injection<= 2.2.103/08/2007
- Multiple XSS<= 2.2.103/08/2007
- XSS<= 2.2.102/08/2007
- Multiple vulnerabilities<= 2.2.109/07/2007
- Arbitrary File Upload<= 2.2.103/07/2007
- Arbitrary File Upload<= 2.2.003/07/2007
- SQL Injection<= 2.208/06/2007
- SQL Injection<= 2.122/05/2007
- Cross Site Scripting<= 1.011/05/2007
- SQL Injection vulnerability<= 2.1.209/04/2007
- XSS<= 2.0.1009/04/2007
- Security BYPASS<= 2.1.209/04/2007
- Cross Site Scripting<= 2.1.228/03/2007
- XSS<= 2.1.2 RC222/03/2007
- Redirection Vulnerability<= 1.022/03/2007
- Sensitive Directory Exposure<= 2.1.210/03/2007
- Multiple Vulnerabilities<= 2.1.105/03/2007
- Multiple XSS<= 2.1.102/03/2007
- XSS<= 2.1.021/02/2007
- Multiple Vulnerabilities<= 1.4.529/01/2007
- Denial of Service Attacks<= 2.129/01/2007
- Denial of Service Attacks<= 2.029/01/2007
- Full Path disclosure<= 2.0.616/01/2007
- SQL Injection vulnerability<= 2.0.612/01/2007
- Dictionnary & Bruteforce attack<= 2.0.508/01/2007
- SQL Injection<= 2.0.508/01/2007
- XSS<= 2.0.508/01/2007
- Cross Site Scripting<= 2.0.528/12/2006
- Denial of Service Attacks<= 2.0.421/11/2006
- Multiple vulnerabilities<= 2.0.421/11/2006
- Multiple Directory Traversal<= 2.0.403/11/2006
- Multiple vulnerabilities #1<= 2.0.513/09/2006
- Multiple Vulnerabilities<= 2.0.309/08/2006
- Full Path Disclosure<= 2.0.306/07/2006
- Direct Static Code Injection<= 2.0.230/05/2006
- Shell Injection<= 2.0.230/05/2006
- Cross Site Scripting (XSS)<= 1.5.217/04/2006
- Multiple XSS<= 2.0.118/03/2006
- SQL injection<= 1.5.206/03/2006
- Multiple XSS<= 2.0.103/03/2006
- Multiple Vulnerabilities<= 2.0.103/03/2006
- Cross Site Scripting<= 2.0.016/02/2006
- Multiple Vulnerabilities<= 1.5.121/12/2005
- Remote Code Execution<= 1.227/10/2005
- Multiple XSS vulnerabilities<= 1.5.1.201/07/2005
- SQL injection<= 1.5.1.201/07/2005
- Multiple Vulnerabilities #1<= 1.5.1.201/07/2005
- Multiple Vulnerabilities #2<= 1.5.1.201/07/2005
- Eval Injection1.308/06/2005
- SQL injection<= 1.5.101/06/2005
- SQL injection vulnerability<= 1.520/05/2005
- SQL injection vulnerability<= 1.520/05/2005
- Multiple Cross-Site Scripting (XSS) vulnerabilities<= 1.513/04/2005
- Multiple Cross-Site Scripting (XSS) vulnerabilities<= 1.220/02/2005
- CRLF (Carriage Return Line Feed) injection<= 1.220/02/2005