Showing 101-120 of 362 WordPress Core vulnerabilities

Title CVE ID CVSS Vector Date
WordPress Core <= 2.5.1 - Arbitrary File Upload CVE-2008-2392 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H April 25, 2008
WordPress Core <= 2.0.9 - Cross-Site Scripting CVE-2008-0192 7.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N April 3, 2007
WordPress Core < 2.09 - Cross-Site Scripting CVE-2007-1049 7.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N February 21, 2007
WordPress Core <= 2.0.1 - Cross-Site Scripting CVE-2006-0985 7.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N March 10, 2006
WordPress Core <= 1.5.2 - SQL Injection CVE-2006-1012 7.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N December 31, 2005
WordPress Core <= 1.5.1.2 - Cross-Site Scripting CVE-2005-2107 7.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N June 29, 2005
WordPress Core < 5.7.1 - XXE Injection CVE-2021-29447 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N April 15, 2021
WordPress Core < 3.1.3 - Clickjacking CVE-2011-3127 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L May 25, 2011
WordPress Core 5.8 beta - Block Editor Authorization Bypass CVE-2021-39203 6.8 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N September 9, 2021
WordPress Core < 5.4.2 - Authenticated Stored Cross-Site Scripting CVE-2020-4047 6.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N June 10, 2020
WordPress Core < 5.8.3 - Super Admin Multi-Site Installation Object Injection CVE-2022-21663 6.6 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H January 6, 2022
WordPress Core < 6.4.3 - Authenticated(Administrator+) PHP File Upload CVE-2018-14028 6.6 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H August 4, 2018
WordPress Core < 6.2.1 - Shortcode Execution in User Generated Content 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N May 19, 2023
WordPress Core < 6.2.2 - Shortcode Execution in User Generated Content 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N May 19, 2023
WordPress Core < 5.7.1 - Sensitive Information Disclosure CVE-2021-29450 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N April 15, 2021
WordPress Core <= 5.0.3 - Path Traversal and Local File Inclusion CVE-2019-8943 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N February 19, 2019
WordPress Core < 4.6.1 - Authenticated Directory Traversal to Arbitrary File Access CVE-2016-7169 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N September 7, 2016
WordPress Core <= 4.5.3 - Denial of Service CVE-2016-6896 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H August 22, 2016
WordPress Core < 4.2.3 - Authorization Bypass CVE-2015-5623 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N July 23, 2015
WordPress Core < 3.9.2 - Denial of Service via XML #2 CVE-2014-5266 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H August 6, 2014

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation