Showing 101-120 of 362 WordPress Core vulnerabilities

Title CVE ID CVSS Vector Date
WordPress Core < 5.0.1 - Sensitive Information Disclosure CVE-2018-20151 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N December 12, 2018
WordPress Core < 5.0.1 Reflected Cross-Site Scripting CVE-2018-20150 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N December 12, 2018
WordPress Core < 5.0.1 - PHAR Unserialization CVE-2018-1000773 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H September 6, 2018
WordPress Core < 4.9 - Insecure Deserialization CVE-2017-1000600 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H August 16, 2018
WordPress Core < 6.4.3 - Authenticated(Administrator+) PHP File Upload CVE-2018-14028 6.6 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H August 4, 2018
WordPress Core < 4.9.7 - Authenticated Arbitrary File Deletion CVE-2018-12895 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H July 5, 2018
WordPress Core < 4.9.5 - Security Misconfiguration with URL Hostnames CVE-2018-10101 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N April 3, 2018
WordPress Core < 4.9.5 - Authenticated Stored Cross-Site Scripting via Generator Tag CVE-2018-10102 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N April 3, 2018
WordPress Core < 4.9.5 - Open Redirect CVE-2018-10100 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L April 3, 2018
WordPress Core < 5.0 - Denial of Service CVE-2018-6389 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H February 5, 2018
WordPress Core < 4.9.2 - Authenticated Cross-Site Scripting CVE-2018-5776 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N January 16, 2018
WordPress Core < 4.9.1 - Reflected Cross-Site Scripting CVE-2017-17094 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N November 29, 2017
WordPress Core < 4.9.1 - Authorization Bypass CVE-2017-17091 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N November 29, 2017
WordPress Core < 4.9.1- Stored Cross-Site Scripting via Language CVE-2017-17093 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N November 29, 2017
WordPress Core < 4.9.1 - Authenticated Stored Cross-Site Scripting CVE-2017-17092 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N November 29, 2017
WordPress Core < 4.8.3 - SQL Injection due to Double Prepare approach CVE-2017-16510 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H October 31, 2017
WordPress Core < 4.9.1 - Cross-domain Flash injection CVE-2016-9263 4.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N October 10, 2017
WordPress Core - All Known Versions - Cleartext Storage of wp_signups.activation_key CVE-2017-14990 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N October 10, 2017
WordPress Core < 4.8.2 - Directory Traversal during unzip CVE-2017-14719 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N September 19, 2017
WordPress Core < 4.8.2 - Stored Cross-Site Scripting via Plugin Names CVE-2017-14721 5.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N September 19, 2017

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation