Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / Vendors / wordpress

wordpress

412 tracked vulnerabilities.

CVE-2019-8943 MEDIUM NUCLEI

WordPress <= 5.0.3 - Authenticated Path Traversal via Image Crop Filename

CVE-2019-8942 HIGH

WordPress < 4.9.9 and 5.x < 5.0.1 - Authenticated Remote Code Execution via Image Metadata

CVE-2018-20153 MEDIUM

WordPress < 4.9.9 and 5.x < 5.0.1 - Cross-Site Scripting via Comment Modification

CVE-2018-20152 MEDIUM

WordPress <4.9.9 & <5.0.1 - Auth Bypass

CVE-2018-20151 HIGH

WordPress <4.9.9, 5.x <5.0.1 - Info Disclosure

CVE-2018-20150 MEDIUM

WordPress <4.9.9 & 5.x <5.0.1 - XSS

CVE-2018-20149 MEDIUM

WordPress < 4.9.9 and 5.x < 5.0.1 - Cross-Site Scripting via Crafted File Upload

CVE-2018-20148 CRITICAL

WordPress <4.9.9, 5.x <5.0.1 - Code Injection

CVE-2018-20147 MEDIUM

WordPress <4.9.9 & <5.0.1 - Auth Bypass

CVE-2018-19296 HIGH

PHPMailer <5.2.27, <6.0.6 - Code Injection

CVE-2018-1000773 HIGH

WordPress < 4.9.8 - Authenticated Remote Code Execution via Thumbnail Processing

CVE-2018-14028 HIGH

WordPress 4.9.7 - Authenticated Unrestricted PHP File Upload via Plugin Uploader

CVE-2018-12895 HIGH

WordPress <= 4.9.6 - Authenticated Arbitrary File Deletion via Post Thumbnail Parameter

CVE-2018-10102 MEDIUM

WordPress < 4.9.5 - Cross-Site Scripting via Generator Tag

CVE-2018-10101 MEDIUM

WordPress < 4.9.5 - Open Redirect via Localhost URL Validation

CVE-2018-10100 MEDIUM

WordPress < 4.9.5 - Open Redirect via Login Page HTTPS Redirection

CVE-2018-6389 HIGH

WordPress < 4.9.2 - Unauthenticated Denial of Service via Repeated JavaScript File Loading

CVE-2018-5776 MEDIUM

WordPress < 4.9.2 - Cross-Site Scripting in MediaElement Flash Fallback Files

CVE-2017-6514 MEDIUM

WordPress 4.7.2 - Path Disclosure via OEmbed Endpoint

CVE-2017-1000600 HIGH

WordPress < 4.9 - Authenticated Remote Code Execution via Thumbnail Processing

CVE-2017-17094 MEDIUM

WordPress < 4.9.1 - Cross-Site Scripting via RSS and Atom Feed Enclosures

CVE-2017-17093 MEDIUM

WordPress < 4.9.1 - Cross-Site Scripting via Lang Attribute

CVE-2017-17092 MEDIUM NUCLEI

WordPress < 4.9.1 - Authenticated JavaScript File Upload

CVE-2017-17091 HIGH

WordPress < 4.9.1 - Use of Insufficiently Random Values in User ID Key Generation

CVE-2017-16510 CRITICAL

WordPress < 4.8.3 - SQL Injection via Double Prepare Approach

Previous Page 4 of 17 Next

Products

wordpress 353 wordpress_mu 10 WordPress 3 sniplets_plugin 3 blix 2 math_comment_spam_protection_plugin 2 pay-with-tweet 2 wassup_plugin 2 Buddypress 1 Social-Share-Buttons 1 adserve 1 alert_before_you_post 1 blixed 1 blixkrieg 1 blogger_importer 1 captcha 1 cryptographp 1 dean_logan_wp-people_plugin 1 debug_bar 1 download_monitor_plugin 1 fcchat_widget 1 filemanager 1 gutenberg 1 health_check_\&_troubleshooting 1 lanoba_social_plugin 1 page_flip_image_gallery_plugin 1 performance_lab 1 permalinks_migration_plugin 1 peter\'s_math_anti-spam_for_wordpress 1 photo_album_plugin 1

Quick Filters

Critical CVEs With Exploits In CISA KEV

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy