Showing 201-220 of 362 WordPress Core vulnerabilities

Title CVE ID CVSS Vector Date
WordPress Core <= 1.5 - Stored Cross-Site Scripting CVE-2005-1102 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N June 27, 2005
WordPress Core < 4.7.5 - Mishandling Post Meta Values via XML-RPC CVE-2017-9062 6.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L May 16, 2017
WordPress Core < 3.6.1 - Spoof Post Authorship CVE-2013-4340 6.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L September 11, 2013
WordPress Core < 3.5.2 - Missing Authorization Checks CVE-2013-2200 6.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L June 21, 2013
WordPress Core < 3.4.2 - Missing Authorization Checks on create_post CVE-2012-4421 6.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L September 6, 2012
WordPress Core < 3.1.3 - Media Related Security Issue CVE-2011-3122 6.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L May 25, 2011
WordPress Core < 3.1.3 - Security Hardening CVE-2011-3125 6.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L May 25, 2011
WordPress Core < 3.0.6 - Incorrect Authorization Checks CVE-2011-5270 6.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L April 26, 2011
WordPress Core < 3.0.3 - Access Control Bypass CVE-2010-5106 6.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L December 8, 2010
WordPress Core 5.6 - 6.3.1 - Reflected Cross-Site Scripting via Application Password Requests 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N October 12, 2023
WordPress Core < 5.8.1 - LoDash Update CVE-2020-8203 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N September 9, 2021
WordPress Core < 5.5.2 - Reflected Cross-Site Scripting via Global Variables CVE-2020-28034 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N October 29, 2020
WordPress Core < 5.4.1 - Password Reset Link Non-Expiration CVE-2020-11027 6.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N April 29, 2020
WordPress Core < 5.2.3 - Reflected Cross-Site Scripting CVE-2019-16221 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N September 5, 2019
WordPress Core < 5.0.1 Reflected Cross-Site Scripting CVE-2018-20150 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N December 12, 2018
WordPress Core < 4.9.1 - Reflected Cross-Site Scripting CVE-2017-17094 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N November 29, 2017
WordPress Core < 4.7.3 - Bypass URL Validation CVE-2017-6815 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N March 6, 2017
WordPress Core < 4.7.2 - Cross-Site Scripting CVE-2017-5612 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N January 26, 2017
WordPress Core < 4.5.2 - Cross-Site Scripting via plupload.flash.swf CVE-2016-4566 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N May 6, 2016
WordPress Core < 4.2.4 - Cross-Site Scripting in Theme Preview CVE-2015-5734 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N August 4, 2015

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation