wordpress

412 tracked vulnerabilities.

CVE-2020-11029 MEDIUM
WordPress - Cross-Site Scripting
Apr 30, 2020
CVSS 5.8
EPSS 0.03
CVE-2020-11028 MEDIUM
WordPress < 5.4.1 - Unauthenticated Private Post Disclosure
Apr 30, 2020
CVSS 5.8
EPSS 0.01
CVE-2020-11027 MEDIUM
WordPress <5.4.1 - Info Disclosure
Apr 30, 2020
CVSS 6.1
EPSS 0.43
CVE-2020-11026 HIGH
WordPress <5.4.1 - Authenticated RCE
Apr 30, 2020
CVSS 8.7
EPSS 0.04
CVE-2020-11025 MEDIUM
WordPress 4.7-5.4.1 - Authenticated Stored Cross-Site Scripting in Customizer Navigation
Apr 30, 2020
CVSS 5.8
EPSS 0.01
CVE-2019-20043 MEDIUM
WordPress 3.7-5.3.0 - Authenticated Privilege Escalation via REST API Sticky Post Manipulation
Dec 27, 2019
CVSS 4.3
EPSS 0.01
CVE-2019-20042 MEDIUM
WordPress 3.7-5.3.0 - Stored Cross-Site Scripting via wp_targeted_link_rel()
Dec 27, 2019
CVSS 6.1
EPSS 0.05
CVE-2019-20041 CRITICAL
WordPress < 5.3.1 - Input Validation Bypass via HTML5 Colon Named Entity
Dec 27, 2019
CVSS 9.8
EPSS 0.01
CVE-2019-16781 MEDIUM
WordPress <5.3.1 - Authenticated XSS
Dec 26, 2019
CVSS 5.8
EPSS 0.03
CVE-2019-16780 MEDIUM
WordPress 3.7-5.3 - Authenticated Stored Cross-Site Scripting in Block Editor
Dec 26, 2019
CVSS 5.8
EPSS 0.04
CVE-2019-17675 HIGH
WordPress < 5.2.4 - Cross-Site Request Forgery via Type Confusion in Admin Referer Validation
Oct 17, 2019
CVSS 8.8
EPSS 0.01
CVE-2019-17674 MEDIUM
WordPress < 5.2.4 - Stored Cross-Site Scripting via Customizer
Oct 17, 2019
CVSS 5.4
EPSS 0.02
CVE-2019-17673 HIGH
WordPress < 5.2.4 - Cache Poisoning via JSON GET Requests
Oct 17, 2019
CVSS 7.5
EPSS 0.04
CVE-2019-17672 MEDIUM
WordPress < 5.2.4 - Stored Cross-Site Scripting via STYLE Element Injection
Oct 17, 2019
CVSS 6.1
EPSS 0.05
CVE-2019-17671 MEDIUM NUCLEI
WordPress < 5.2.4 - Unauthenticated Exposure of Sensitive Information via Static Query Property
Oct 17, 2019
CVSS 5.3
EPSS 0.80
CVE-2019-17670 CRITICAL
WordPress < 5.2.4 - Server-Side Request Forgery via Windows Path Validation Bypass
Oct 17, 2019
CVSS 9.8
EPSS 0.06
CVE-2019-17669 CRITICAL
WordPress < 5.2.4 - Server-Side Request Forgery via Hex-Encoded URL
Oct 17, 2019
CVSS 9.8
EPSS 0.08
CVE-2019-16223 MEDIUM
WordPress < 5.2.3 - Authenticated Cross-Site Scripting in Post Preview
Sep 11, 2019
CVSS 5.4
EPSS 0.04
CVE-2019-16222 MEDIUM
WordPress < 5.2.3 - Cross-Site Scripting via URL Sanitization in wp_kses_bad_protocol_once
Sep 11, 2019
CVSS 6.1
EPSS 0.02
CVE-2019-16221 MEDIUM
WordPress < 5.2.3 - Reflected Cross-Site Scripting in Dashboard
Sep 11, 2019
CVSS 6.1
EPSS 0.02
CVE-2019-16220 MEDIUM
WordPress < 5.2.3 - Open Redirect via wp_validate_redirect URL Path
Sep 11, 2019
CVSS 6.1
EPSS 0.01
CVE-2019-16219 MEDIUM
WordPress < 5.2.3 - Cross-Site Scripting in Shortcode Previews
Sep 11, 2019
CVSS 6.1
EPSS 0.05
CVE-2019-16218 MEDIUM
WordPress < 5.2.3 - Stored Cross-Site Scripting in Comments
Sep 11, 2019
CVSS 6.1
EPSS 0.02
CVE-2019-16217 MEDIUM
WordPress < 5.2.3 - Cross-Site Scripting via Media Upload Handling
Sep 11, 2019
CVSS 6.1
EPSS 0.03
CVE-2019-9787 HIGH
WordPress < 5.1.1 - Unauthenticated Remote Code Execution via CSRF and XSS in Comment Handling
Mar 14, 2019
CVSS 8.8
EPSS 0.81
Products
wordpress 353 wordpress_mu 10 WordPress 3 sniplets_plugin 3 blix 2 math_comment_spam_protection_plugin 2 pay-with-tweet 2 wassup_plugin 2 Buddypress 1 Social-Share-Buttons 1 adserve 1 alert_before_you_post 1 blixed 1 blixkrieg 1 blogger_importer 1 captcha 1 cryptographp 1 dean_logan_wp-people_plugin 1 debug_bar 1 download_monitor_plugin 1 fcchat_widget 1 filemanager 1 gutenberg 1 health_check_\&_troubleshooting 1 lanoba_social_plugin 1 page_flip_image_gallery_plugin 1 performance_lab 1 permalinks_migration_plugin 1 peter\'s_math_anti-spam_for_wordpress 1 photo_album_plugin 1
Quick Filters
Critical CVEs With Exploits In CISA KEV