Showing 201-220 of 362 WordPress Core vulnerabilities

Title CVE ID CVSS Vector Date
WordPress Core < 3.9.2 - Denial of Service via XML CVE-2014-5265 2.7 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L August 6, 2014
WordPress Core < 3.9.2 - Authenticated Cross-Site Scripting via Avatar URL CVE-2014-5240 3.8 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N August 6, 2014
WordPress Core < 3.9.2 - Deserialization via Widgets CVE-2014-5203 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H August 6, 2014
WordPress Core < 3.9.2 - Brute Force of Cross-Site Request Forgery Tokens CVE-2014-5205 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N August 6, 2014
WordPress Core < 3.9.2 - Denial of Service via XML #2 CVE-2014-5266 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H August 6, 2014
WordPress Core < 4.0.1 - Cross-Site Request Forgery to Authentication Takeover CVE-2014-9033 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H August 6, 2014
WordPress Core < 3.8.2 - SQL Injection 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H April 9, 2014
WordPress Core < 3.8.2 - Contributor Users Can Publish Posts CVE-2014-0165 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N April 8, 2014
WordPress Core < 3.8.2 - Authentication Cookie Forgery CVE-2014-0166 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N April 8, 2014
WordPress Core < 2.1 - Cross-Site Request Forgery to Denial of Service CVE-2013-7233 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H December 17, 2013
WordPress Core < 3.6.1 - Deserialization CVE-2013-4338 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H September 11, 2013
WordPress Core < 3.6.1 - Open Redirect CVE-2013-4339 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L September 11, 2013
WordPress Core < 3.6.1 - HTML File Upload CVE-2013-5738 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N September 11, 2013
WordPress Core < 3.6.1 - .swf and .exe File Upload CVE-2013-5739 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N September 11, 2013
WordPress Core < 3.6.1 - Spoof Post Authorship CVE-2013-4340 6.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L September 11, 2013
WordPress Core < 3.5.2 - XXE Injection CVE-2013-2202 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N June 21, 2013
WordPress Core <= 3.5.1 - Content-Spoofing Attacks CVE-2013-2204 4.6 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N June 21, 2013
WordPress Core < 3.5.2 - Cross-Site Scripting via Multiple Vectors CVE-2013-2201 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N June 21, 2013
WordPress Core < 3.5.2 - Server Side Request Forgery CVE-2013-2199 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N June 21, 2013
WordPress Core <= 3.5.1 - Denial of Service via wp-postpass cookie CVE-2013-2173 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L June 21, 2013

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation