wordpress

412 tracked vulnerabilities.

CVE-2017-5611 CRITICAL
WordPress < 4.7.2 - SQL Injection via Crafted Post Type Name
Jan 30, 2017
CVSS 9.8
EPSS 0.12
CVE-2017-5610 MEDIUM
WordPress < 4.7.1 - Exposure of Sensitive Information via Press This Taxonomy Assignment
Jan 30, 2017
CVSS 5.3
EPSS 0.01
CVE-2017-5493 HIGH
WordPress < 4.7 - Use of Cryptographically Weak PRNG in Multisite Signup Keys
Jan 15, 2017
CVSS 7.5
EPSS 0.02
CVE-2017-5492 HIGH
WordPress < 4.7.1 - Cross-Site Request Forgery in Widget-Editing Accessibility Mode
Jan 15, 2017
CVSS 8.8
EPSS 0.01
CVE-2017-5491 MEDIUM
WordPress < 4.7.1 - Unauthenticated Posting Restriction Bypass via Spoofed Mail Server
Jan 15, 2017
CVSS 5.3
EPSS 0.02
CVE-2017-5490 MEDIUM
WordPress < 4.7.1 - Cross-Site Scripting via Theme Directory Name
Jan 15, 2017
CVSS 6.1
EPSS 0.01
CVE-2017-5489 HIGH
WordPress < 4.7 - Cross-Site Request Forgery via Flash File Upload
Jan 15, 2017
CVSS 8.8
EPSS 0.01
CVE-2017-5488 MEDIUM
WordPress < 4.7.1 - Cross-Site Scripting via Plugin Name or Version Header
Jan 15, 2017
CVSS 6.1
EPSS 0.01
CVE-2017-5487 MEDIUM
WordPress < 4.7.1 - Unauthorized User Information Exposure via REST API
Jan 15, 2017
CVSS 5.3
EPSS 0.92
CVE-2016-9263 MEDIUM
WordPress < 4.8.2 - Cross-Domain Flash Injection via flashmediaelement.swf
Oct 12, 2017
CVSS 4.7
EPSS 0.01
CVE-2016-6897 MEDIUM
WordPress < 4.5.5 - Cross-Site Request Forgery via Late check_ajax_referer Call
Jan 18, 2017
CVSS 6.5
EPSS 0.30
CVE-2016-6896 HIGH
WordPress Traversal Directory DoS
Jan 18, 2017
CVSS 7.1
EPSS 0.35
CVE-2016-10148 MEDIUM
WordPress < 4.5.5 - Authenticated Path Traversal via Plugin Update AJAX Handler
Jan 18, 2017
CVSS 4.3
EPSS 0.00
CVE-2016-7169 MEDIUM
WordPress < 4.6.1 - Authenticated Path Traversal via File_Upload_Upgrader urlholder Parameter
Jan 05, 2017
CVSS 6.3
EPSS 0.03
CVE-2016-7168 MEDIUM
WordPress < 4.6.1 - Cross-Site Scripting via Crafted Image Filename
Jan 05, 2017
CVSS 4.8
EPSS 0.01
CVE-2016-10045 CRITICAL
PHPMailer < 5.2.20 - Remote Code Execution via Sendmail Argument Injection
Dec 30, 2016
CVSS 9.8
EPSS 0.93
CVE-2016-10033 CRITICAL KEVNUCLEI
PHPMailer Sendmail Argument Injection
Dec 30, 2016
CVSS 9.8
EPSS 0.94
CVE-2016-6635 HIGH
WordPress < 4.4.2 - Cross-Site Request Forgery via wp_ajax_wp_compression_test
Aug 07, 2016
CVSS 8.8
EPSS 0.00
CVE-2016-6634 MEDIUM
WordPress < 4.4.4 - Cross-Site Scripting in Network Settings Page
Aug 07, 2016
CVSS 6.1
EPSS 0.01
CVE-2016-4029 HIGH
WordPress < 4.5 - Server-Side Request Forgery via Octal and Hexadecimal IP Address Bypass
Aug 07, 2016
CVSS 8.6
EPSS 0.01
CVE-2016-5839 HIGH
WordPress < 4.5.3 - Unauthenticated File Name Sanitization Bypass
Jun 29, 2016
CVSS 7.5
EPSS 0.01
CVE-2016-5838 HIGH
WordPress < 4.5.3 - Unauthenticated Password Change Restriction Bypass via Cookie
Jun 29, 2016
CVSS 7.5
EPSS 0.02
CVE-2016-5837 HIGH
WordPress < 4.5.3 - Unauthenticated Category Attribute Removal
Jun 29, 2016
CVSS 7.5
EPSS 0.01
CVE-2016-5836 HIGH
WordPress < 4.5.3 - Denial of Service via oEmbed Protocol
Jun 29, 2016
CVSS 7.5
EPSS 0.07
CVE-2016-5835 HIGH
WordPress < 4.5.2 - Exposure of Sensitive Revision-History Information via Post Reading
Jun 29, 2016
CVSS 7.5
EPSS 0.02
Products
wordpress 353 wordpress_mu 10 WordPress 3 sniplets_plugin 3 blix 2 math_comment_spam_protection_plugin 2 pay-with-tweet 2 wassup_plugin 2 Buddypress 1 Social-Share-Buttons 1 adserve 1 alert_before_you_post 1 blixed 1 blixkrieg 1 blogger_importer 1 captcha 1 cryptographp 1 dean_logan_wp-people_plugin 1 debug_bar 1 download_monitor_plugin 1 fcchat_widget 1 filemanager 1 gutenberg 1 health_check_\&_troubleshooting 1 lanoba_social_plugin 1 page_flip_image_gallery_plugin 1 performance_lab 1 permalinks_migration_plugin 1 peter\'s_math_anti-spam_for_wordpress 1 photo_album_plugin 1
Quick Filters
Critical CVEs With Exploits In CISA KEV