wordpress

412 tracked vulnerabilities.

CVE-2021-39203 MEDIUM
WordPress 5.8 beta - Authenticated Exposure of Sensitive Information via Block Editor
Sep 09, 2021
CVSS 6.8
EPSS 0.01
CVE-2021-39202 HIGH
WordPress 5.8 beta 1 - Stored Cross-Site Scripting in Custom HTML Widget
Sep 09, 2021
CVSS 7.6
EPSS 0.01
CVE-2021-39201 HIGH
WordPress 5.0-5.7 - Authenticated Stored Cross-Site Scripting in Editor
Sep 09, 2021
CVSS 7.6
EPSS 0.00
CVE-2021-39200 MEDIUM
WordPress 5.2-5.8 - Exposure of Sensitive Information via wp_die() Function
Sep 09, 2021
CVSS 5.3
EPSS 0.02
CVE-2021-29476 CRITICAL
Requests 1.6.0-1.7.0 - Deserialization of Untrusted Data in FilteredIterator
Apr 27, 2021
CVSS 9.8
EPSS 0.02
CVE-2021-29450 MEDIUM
WordPress 4.7-5.7 - Authenticated Exposure of Sensitive Information via Editor Block
Apr 15, 2021
CVSS 6.5
EPSS 0.02
CVE-2021-29447 HIGH
WordPress 5.6.0-5.7.0 - Authenticated XML External Entity Injection via Media Library File Upload
Apr 15, 2021
CVSS 7.1
EPSS 0.90
CVE-2020-37233 MEDIUM
WordPress Plugin Buddypress 6.2.0 Persistent Cross-Site Scripting
May 16, 2026
CVSS 6.4
EPSS 0.00
CVE-2020-36326 CRITICAL
PHPMailer 6.1.8-6.4.0 - Object Injection via addAttachment UNC Pathname
Apr 28, 2021
CVSS 9.8
EPSS 0.00
CVE-2020-28040 MEDIUM
WordPress < 5.5.2 - Cross-Site Request Forgery via Theme Background Image Change
Nov 02, 2020
CVSS 4.3
EPSS 0.00
CVE-2020-28039 CRITICAL
WordPress < 5.5.2 - Arbitrary File Deletion via Improper Meta Key Protection
Nov 02, 2020
CVSS 9.1
EPSS 0.06
CVE-2020-28038 MEDIUM
WordPress < 5.5.2 - Stored Cross-Site Scripting via Post Slugs
Nov 02, 2020
CVSS 6.1
EPSS 0.18
CVE-2020-28037 CRITICAL
WordPress < 5.5.2 - Remote Code Execution via Improper Installation Check
Nov 02, 2020
CVSS 9.8
EPSS 0.14
CVE-2020-28036 CRITICAL
WordPress < 5.5.2 - Missing Authorization via XML-RPC Comment
Nov 02, 2020
CVSS 9.8
EPSS 0.06
CVE-2020-28035 CRITICAL
WordPress <5.5.2 - Privilege Escalation
Nov 02, 2020
CVSS 9.8
EPSS 0.07
CVE-2020-28034 MEDIUM
WordPress < 5.5.2 - Cross-Site Scripting via Global Variables
Nov 02, 2020
CVSS 6.1
EPSS 0.03
CVE-2020-28033 HIGH
WordPress < 5.5.2 - Unauthenticated Spam Embed via Disabled Site Bypass
Nov 02, 2020
CVSS 7.5
EPSS 0.01
CVE-2020-28032 CRITICAL
WordPress < 5.5.2 - Deserialization of Untrusted Data in FilteredIterator
Nov 02, 2020
CVSS 9.8
EPSS 0.28
CVE-2020-25286 MEDIUM
WordPress < 5.4.2 - Unprotected Comment Exposure via Comment Template
Sep 13, 2020
CVSS 5.3
EPSS 0.01
CVE-2020-4050 LOW
WordPress 3.7-5.4.1 - Arbitrary User Meta Field Injection via set-screen-option Filter Misuse
Jun 12, 2020
CVSS 3.5
EPSS 0.02
CVE-2020-4049 LOW
WordPress 3.7-5.4.1 - Stored Cross-Site Scripting via Theme Folder Name
Jun 12, 2020
CVSS 2.4
EPSS 0.06
CVE-2020-4048 MEDIUM
WordPress 3.7-3.7.33 - Open Redirect via URL Sanitization Issue
Jun 12, 2020
CVSS 5.7
EPSS 0.04
CVE-2020-4047 MEDIUM
WordPress 3.7-5.4.1 - Authenticated Stored Cross-Site Scripting via Media File Attachment
Jun 12, 2020
CVSS 6.8
EPSS 0.06
CVE-2020-4046 MEDIUM
WordPress 3.7-5.4.1 - Authenticated Stored Cross-Site Scripting via Embed Block
Jun 12, 2020
CVSS 5.4
EPSS 0.07
CVE-2020-11030 MEDIUM
WordPress <5.4.1 - Authenticated RCE
Apr 30, 2020
CVSS 6.4
EPSS 0.01
Products
wordpress 353 wordpress_mu 10 WordPress 3 sniplets_plugin 3 blix 2 math_comment_spam_protection_plugin 2 pay-with-tweet 2 wassup_plugin 2 Buddypress 1 Social-Share-Buttons 1 adserve 1 alert_before_you_post 1 blixed 1 blixkrieg 1 blogger_importer 1 captcha 1 cryptographp 1 dean_logan_wp-people_plugin 1 debug_bar 1 download_monitor_plugin 1 fcchat_widget 1 filemanager 1 gutenberg 1 health_check_\&_troubleshooting 1 lanoba_social_plugin 1 page_flip_image_gallery_plugin 1 performance_lab 1 permalinks_migration_plugin 1 peter\'s_math_anti-spam_for_wordpress 1 photo_album_plugin 1
Quick Filters
Critical CVEs With Exploits In CISA KEV