wordpress

412 tracked vulnerabilities.

CVE-2025-58674 MEDIUM
WordPress 4.7-6.8.2 - Authenticated Stored Cross-Site Scripting
Sep 23, 2025
CVSS 5.9
EPSS 0.00
CVE-2025-58246 MEDIUM
WordPress <6.8.2-6.6.3 - Info Disclosure
Sep 23, 2025
CVSS 4.3
EPSS 0.00
CVE-2025-54352 LOW
WordPress 3.5-6.8.2 - Unauthenticated Private Post Title Exposure via Pingback XML-RPC Requests
Jul 21, 2025
CVSS 3.7
EPSS 0.00
CVE-2024-8914 HIGH
Wordpress Thanh Toan Quet MA QR Code TU Dong < 2.0.1 - XSS
Sep 25, 2024
CVSS 7.2
EPSS 0.01
CVE-2024-4439 HIGH NUCLEI
WordPress 6.0-6.5.2 - Stored Cross-Site Scripting via Avatar Block Display Name
May 03, 2024
CVSS 7.2
EPSS 0.91
CVE-2024-31211 MEDIUM
WordPress 6.4.0-6.4.1 - Remote Code Execution via WP_HTML_Token Unserialization
Apr 04, 2024
CVSS 5.5
EPSS 0.40
CVE-2024-31210 HIGH
WordPress < 4.1.40 - Authenticated Remote Code Execution via Plugin Upload
Apr 04, 2024
CVSS 7.6
EPSS 0.01
CVE-2023-54333 HIGH
Social-Share-Buttons 2.2.3 - SQL Injection
Jan 13, 2026
CVSS 8.2
EPSS 0.00
CVE-2023-5561 MEDIUM NUCLEI
WordPress 4.7-4.7.26 - Unauthenticated Email Address Disclosure via REST API Oracle Attack
Oct 16, 2023
CVSS 5.3
EPSS 0.53
CVE-2023-39999 MEDIUM
WordPress 4.1-6.3.1 - Exposure of Sensitive Information to an Unauthorized Actor
Oct 13, 2023
CVSS 4.3
EPSS 0.01
CVE-2023-38000 MEDIUM
WordPress 5.9-6.3.1 & Gutenberg <16.8.0 - Authenticated Stored XSS
Oct 13, 2023
CVSS 6.5
EPSS 0.00
CVE-2023-2745 MEDIUM NUCLEI
WordPress < 6.2 - Unauthenticated Directory Traversal via wp_lang Parameter
May 17, 2023
CVSS 5.4
EPSS 0.79
CVE-2023-22622 MEDIUM
WordPress < 6.1.1 - Unpredictable Security Update Execution via wp-cron.php
Jan 05, 2023
CVSS 5.3
EPSS 0.08
CVE-2022-4973 MEDIUM
WordPress < 6.0.2 - Authenticated Stored Cross-Site Scripting via the_meta() Function
Oct 16, 2024
CVSS 4.9
EPSS 0.01
CVE-2022-47174 MEDIUM
WordPress Performance Team Performance Lab <2.2.0 - CSRF
May 25, 2023
CVSS 4.3
EPSS 0.00
CVE-2022-47161 MEDIUM
WordPress.Org community Health Check & Troubleshooting <1.5.1 - CSRF
May 25, 2023
CVSS 4.3
EPSS 0.00
CVE-2022-3590 MEDIUM NUCLEI
WordPress 4.2-6.1.1 - Unauthenticated Blind SSRF via Pingback TOCTOU Race Condition
Dec 14, 2022
CVSS 5.9
EPSS 0.90
CVE-2022-43504 MEDIUM
WordPress < 3.7.40 - Unauthenticated Email Address Exposure via Post by Email Feature
Dec 05, 2022
CVSS 5.3
EPSS 0.03
CVE-2022-43500 MEDIUM
WordPress < 3.7.40 - Unauthenticated Cross-Site Scripting
Dec 05, 2022
CVSS 6.1
EPSS 0.01
CVE-2022-43497 MEDIUM
WordPress < 3.7.40 - Unauthenticated Cross-Site Scripting
Dec 05, 2022
CVSS 6.1
EPSS 0.02
CVE-2022-21664 HIGH
WordPress < 5.8.3 - SQL Injection
Jan 06, 2022
CVSS 7.4
EPSS 0.04
CVE-2022-21663 MEDIUM
WordPress < 5.8.3 - Authenticated Object Injection via Multisite Super Admin Role
Jan 06, 2022
CVSS 6.6
EPSS 0.00
CVE-2022-21662 HIGH
WordPress < 5.8.3 - Authenticated Stored Cross-Site Scripting
Jan 06, 2022
CVSS 8.0
EPSS 0.14
CVE-2022-21661 HIGH NUCLEI
WordPress 3.7-3.7.36 - SQL Injection via WP_Query
Jan 06, 2022
CVSS 8.0
EPSS 0.90
CVE-2021-44223 HIGH
WordPress < 5.8 - Remote Code Execution via Plugin Update URI Spoofing
Nov 25, 2021
CVSS 8.1
EPSS 0.27
Products
wordpress 353 wordpress_mu 10 WordPress 3 sniplets_plugin 3 blix 2 math_comment_spam_protection_plugin 2 pay-with-tweet 2 wassup_plugin 2 Buddypress 1 Social-Share-Buttons 1 adserve 1 alert_before_you_post 1 blixed 1 blixkrieg 1 blogger_importer 1 captcha 1 cryptographp 1 dean_logan_wp-people_plugin 1 debug_bar 1 download_monitor_plugin 1 fcchat_widget 1 filemanager 1 gutenberg 1 health_check_\&_troubleshooting 1 lanoba_social_plugin 1 page_flip_image_gallery_plugin 1 performance_lab 1 permalinks_migration_plugin 1 peter\'s_math_anti-spam_for_wordpress 1 photo_album_plugin 1
Quick Filters
Critical CVEs With Exploits In CISA KEV