wordpress

412 tracked vulnerabilities.

CVE-2017-14990 MEDIUM
WordPress 4.8.2 - Cleartext Storage of Sensitive Information in wp_signups.activation_key
Oct 03, 2017
CVSS 6.5
EPSS 0.00
CVE-2017-14726 MEDIUM
WordPress < 4.8.2 - Cross-Site Scripting via TinyMCE Shortcode Handling
Sep 23, 2017
CVSS 6.1
EPSS 0.06
CVE-2017-14725 MEDIUM NUCLEI
WordPress < 4.8.2 - Authenticated Open Redirect
Sep 23, 2017
CVSS 5.4
EPSS 0.04
CVE-2017-14724 MEDIUM
WordPress < 4.8.2 - Cross-Site Scripting in oEmbed Discovery
Sep 23, 2017
CVSS 6.1
EPSS 0.08
CVE-2017-14723 CRITICAL
WordPress < 4.8.2 - SQL Injection via $wpdb->prepare Placeholder Mishandling
Sep 23, 2017
CVSS 9.8
EPSS 0.10
CVE-2017-14722 HIGH
WordPress < 4.8.2 - Path Traversal via Customizer Theme Filename
Sep 23, 2017
CVSS 7.5
EPSS 0.31
CVE-2017-14721 MEDIUM
WordPress < 4.8.2 - Stored Cross-Site Scripting via Plugin Editor
Sep 23, 2017
CVSS 6.1
EPSS 0.03
CVE-2017-14720 MEDIUM
WordPress < 4.8.2 - Stored Cross-Site Scripting via Template Name
Sep 23, 2017
CVSS 6.1
EPSS 0.03
CVE-2017-14719 HIGH
WordPress < 4.8.2 - Path Traversal via Unzip Operations
Sep 23, 2017
CVSS 7.5
EPSS 0.51
CVE-2017-14718 MEDIUM
WordPress < 4.8.2 - Cross-Site Scripting via Link Modal URL Parameter
Sep 23, 2017
CVSS 6.1
EPSS 0.03
CVE-2017-9066 HIGH
WordPress < 4.7.4 - Server-Side Request Forgery via HTTP Redirect Validation
May 18, 2017
CVSS 8.6
EPSS 0.01
CVE-2017-9065 HIGH
WordPress < 4.7.5 - Unauthenticated Post Meta Data Access via XML-RPC API
May 18, 2017
CVSS 7.5
EPSS 0.04
CVE-2017-9064 HIGH
WordPress < 4.7.5 - Cross-Site Request Forgery in Filesystem Credentials Dialog
May 18, 2017
CVSS 8.8
EPSS 0.01
CVE-2017-9063 MEDIUM
WordPress < 4.7.5 - Cross-Site Scripting in Customizer
May 18, 2017
CVSS 6.1
EPSS 0.01
CVE-2017-9062 HIGH
WordPress < 4.7.5 - Cross-Site Request Forgery via XML-RPC API
May 18, 2017
CVSS 8.6
EPSS 0.02
CVE-2017-9061 MEDIUM
WordPress < 4.7.5 - Cross-Site Scripting via Large File Upload Error Message
May 18, 2017
CVSS 6.1
EPSS 0.03
CVE-2017-8295 MEDIUM
WordPress <= 4.7.4 - Unauthenticated Weak Password Recovery Mechanism via Host Header Manipulation
May 04, 2017
CVSS 5.9
EPSS 0.77
CVE-2017-1001000 HIGH
WordPress 4.7.x < 4.7.2 - Unauthenticated Arbitrary Page Modification via REST API Endpoint
Apr 03, 2017
CVSS 7.5
EPSS 0.79
CVE-2017-6819 MEDIUM
WordPress < 4.7.2 - Cross-Site Request Forgery in Press This
Mar 12, 2017
CVSS 6.5
EPSS 0.13
CVE-2017-6818 MEDIUM
WordPress < 4.7.3 - Cross-Site Scripting via Taxonomy Term Names
Mar 12, 2017
CVSS 6.1
EPSS 0.09
CVE-2017-6817 MEDIUM
WordPress < 4.7.3 - Authenticated Cross-Site Scripting via YouTube URL Embeds
Mar 12, 2017
CVSS 5.4
EPSS 0.06
CVE-2017-6816 MEDIUM
WordPress < 4.7.3 - Unintended File Deletion via Plugin Deletion Functionality
Mar 12, 2017
CVSS 4.9
EPSS 0.03
CVE-2017-6815 MEDIUM
WordPress < 4.7.3 - URL Validation Bypass via Control Characters
Mar 12, 2017
CVSS 6.1
EPSS 0.06
CVE-2017-6814 MEDIUM
WordPress < 4.7.3 - Authenticated Cross-Site Scripting via Media File Metadata
Mar 12, 2017
CVSS 5.4
EPSS 0.02
CVE-2017-5612 MEDIUM
WordPress < 4.7.2 - Cross-Site Scripting via Crafted Excerpt in Posts List Table
Jan 30, 2017
CVSS 6.1
EPSS 0.02
Products
wordpress 353 wordpress_mu 10 WordPress 3 sniplets_plugin 3 blix 2 math_comment_spam_protection_plugin 2 pay-with-tweet 2 wassup_plugin 2 Buddypress 1 Social-Share-Buttons 1 adserve 1 alert_before_you_post 1 blixed 1 blixkrieg 1 blogger_importer 1 captcha 1 cryptographp 1 dean_logan_wp-people_plugin 1 debug_bar 1 download_monitor_plugin 1 fcchat_widget 1 filemanager 1 gutenberg 1 health_check_\&_troubleshooting 1 lanoba_social_plugin 1 page_flip_image_gallery_plugin 1 performance_lab 1 permalinks_migration_plugin 1 peter\'s_math_anti-spam_for_wordpress 1 photo_album_plugin 1
Quick Filters
Critical CVEs With Exploits In CISA KEV