Software Detail
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
Number of items displayed
WordPress Number Of NVD 349 CRITICAL 17 HIGH 79 MEDIUM 235 LOW 18
URL https://wordpress.org/
Explanation It is an open source blogging software written in PHP.
It can be used not only for blogs, but also for personal and corporate web sites, and offers a large number of additional features and good-looking themes.
It may be the most used Content Management System (CMS) in the world.

There are many plugins, and if you have enough knowledge, you can build a site that can be used for commercial purposes.
However, since there are some vulnerabilities caused by plugins, you need to carefully select the right plugin to use.

Since security updates are not made for other than the latest version, it is officially announced that older versions cannot be used safely.
In some cases, security issues are fixed for older versions.
Since there are many plugins (additional functions) available for WordPress, you need to check each plugin for vulnerabilities and new versions.
Tag
  • GPL v2
  • PHP
  • オープンソース
Add Information URL
No Type Name URL
1 https://ja.wordpress.org/download/
2 https://github.com/wordpress/wordpress
3 https://wordpress.org/download/releases/
4 https://ja.wordpress.org/download/releases/
5 https://ja.wordpress.org/about/history/
6 https://wordpress.org/news/category/releases/
7 https://ja.wordpress.org/
List Of Product  [ Click to show release history and vulnerability information ]
No Name Latest Version Release date Initial release Normal Support Security Support
Service Pack Support		 Extended
for a fee		 Critical High Medium Low
121 wordpress 6 6.8.3 Sept. 30, 2025 Nov. 2, 2022 0 0 10 0
122 wordpress 5.9 5.9.5 Oct. 17, 2022 Jan. 25, 2022 0 0 10 0
123 wordpress 5.8 5.8.1 Sept. 9, 2021 July 21, 2021 0 3 13 0
124 wordpress 5.7 5.7.3 Sept. 9, 2021 March 10, 2021 2 4 14 0
125 WordPress 5.6 5.6.5 Sept. 9, 2021 Dec. 8, 2020 2 4 14 0
126 WordPress 5.5 5.5.6 Sept. 9, 2021 Aug. 11, 2020 7 5 16 0
127 WordPress 5.4 5.4.7 Sept. 9, 2021 April 28, 2020 7 7 24 2
128 WordPress 5.3 5.3.9 Sept. 11, 2021 Nov. 21, 2019 8 7 27 2
129 WordPress 5.2 5.2.12 Sept. 9, 2021 May 19, 2019 10 9 38 2
130 WordPress 5.1 5.1.11 Sept. 22, 2021 March 11, 2019 10 10 37 2
131 WordPress 5.0 5.0.14 Sept. 22, 2021 Dec. 10, 2018 11 12 43 2
132 WordPress 4.9 4.9.18 May 12, 2021 Nov. 17, 2017 11 17 49 2
133 WordPress 4.8 4.8.17 May 12, 2021 June 23, 2017 13 20 57 2
134 WordPress 4.7 4.7.18 June 11, 2020 Dec. 7, 2016 16 28 72 2
135 WordPress 4.6 4.6.19 June 11, 2020 Aug. 17, 2016 16 26 70 2
136 WordPress 4.5 4.5.22 June 11, 2020 April 14, 2016 16 33 76 2
137 WordPress 4.4 4.4.23 June 11, 2020 Dec. 9, 2015 16 36 78 2
138 WordPress 4.3 4.3.24 June 11, 2020 Aug. 19, 2015 16 36 81 2
139 WordPress 4.2 4.2.28 June 11, 2020 April 28, 2015 16 37 89 3
140 WordPress 4.1 4.1.31 June 11, 2020 Dec. 19, 2014 16 37 91 3
141 wordpress 4.0 4.0.38 Dec. 15, 2014 Dec. 15, 2014 16 37 97 3
142 WordPress 3.9 3.9.40 Nov. 30, 2022 April 17, 2014 16 38 102 4
143 WordPress 3.8 3.8.41 Nov. 30, 2022 Dec. 16, 2013 16 37 102 4
144 WordPress 3.7 3.7.5 Nov. 30, 2022 Oct. 25, 2013 16 37 102 4
145 wordpress 3.6 3.6.1 Sept. 11, 2013 Aug. 1, 2013 Jan. 1, 2000 15 37 94 4
146 wordpress 3.5 3.5.2 June 21, 2013 Nov. 11, 2012 Jan. 1, 2000 15 37 105 4
147 wordpress 3.4 3.4.2 Sept. 6, 2012 June 13, 2012 Jan. 1, 2000 15 37 108 7
148 wordpress 3.3 3.3.3 June 27, 2012 Dec. 12, 2011 Jan. 1, 2000 15 40 119 6
149 wordpress 3.2 3.2.1 July 12, 2011 July 4, 2011 Jan. 1, 2000 15 44 122 5
150 wordpress 3.1 3.1.4 June 29, 2011 Feb. 23, 2011 Jan. 1, 2000 15 44 125 5
151 wordpress 3.0 3.0.6 April 26, 2011 June 17, 2010 Jan. 1, 2000 15 40 132 7
152 wordpress 2.9 2.9.2 Feb. 15, 2010 Dec. 18, 2009 Jan. 1, 2000 15 39 133 7
153 wordpress 2.8 2.8.6 Nov. 12, 2009 June 11, 2009 Jan. 1, 2000 15 41 137 8
154 wordpress 2.7 2.7.1 Feb. 10, 2009 Dec. 10, 2008 Jan. 1, 2000 15 41 140 8
155 wordpress 2.6 2.6.5 Nov. 25, 2008 July 15, 2008 Jan. 1, 2000 15 44 143 8
156 wordpress 2.5 2.5.1 April 25, 2008 March 29, 2008 Jan. 1, 2000 15 46 143 8
157 wordpress 2.3 2.3.3 Feb. 5, 2008 Sept. 25, 2007 Jan. 1, 2000 16 46 147 9
158 wordpress 2.2 2.2.3 Sept. 24, 2007 Sept. 24, 2007 Jan. 1, 2000 16 48 158 9
159 wordpress 2.1 2.1.3 Sept. 24, 2007 Sept. 24, 2007 Jan. 1, 2000 16 51 157 9
160 wordpress 2.0 2.0.9 Sept. 24, 2007 Sept. 24, 2007 Jan. 1, 2000 16 55 180 9
161 wordpress 1.5 1.5.2 Sept. 24, 2007 Sept. 24, 2007 Jan. 1, 2000 16 58 173 8
162 wordpress 1.2 1.2.5 Sept. 24, 2007 Sept. 24, 2007 Jan. 1, 2000 15 55 175 8
163 wordpress 1.6 1.6.2 Jan. 1, 2000 16 49 161 8
164 wordpress 1.3 1.3.3 Jan. 1, 2000 15 49 164 8
165 wordpress 1.1 1.1.1 Jan. 1, 2000 15 49 163 8
166 wordpress 1.0 1.0.2 Sept. 24, 2007 Jan. 1, 2000 15 53 169 8
167 wordpress 0.72 0.72 Jan. 1, 2000 15 51 163 8
168 wordpress 0.711 0.711 Jan. 1, 2000 15 51 163 8
169 wordpress 0.71 0.71 Sept. 24, 2007 Jan. 1, 2000 15 53 167 8
NVD Vulnerability Information
  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW
No CVSS3
CVSS2		 Level
Attach Vector		 Title CWE CVE cpe23Uri or higher or less more than less than Update date
Published date		 Show Affected Exploit
PoC
Search
121 7.1
5.5 		HIGH
Network 		Directory traversal vulnerability in the wp_ajax_update_plugin function in wp-admin/includes/ajax-actions.php in WordPress 4.5.3 allows remote authenticated users to cause a denial of service or read… CWE-22
Path Traversal 		CVE-2016-6896 cpe:2.3:a:wordpress:wordpress:4.5.3:* 2024-11-21 11:57
2017-01-19 		Show GitHub Exploit DB Packet Storm
122 4.3
4.0 		MEDIUM
Network 		The wp_ajax_update_plugin function in wp-admin/includes/ajax-actions.php in WordPress before 4.6 makes a get_plugin_data call before checking the update_plugins capability, which allows remote authen… CWE-254
CWE-284
 7PK - Security Features
Improper Access Control 		CVE-2016-10148 cpe:2.3:a:wordpress:wordpress:*:* 4.5.5 2024-11-21 11:43
2017-01-19 		Show GitHub Exploit DB Packet Storm
123 7.5
5.0 		HIGH
Network 		wp-includes/ms-functions.php in the Multisite WordPress API in WordPress before 4.7.1 does not properly choose random numbers for keys, which makes it easier for remote attackers to bypass intended a… CWE-338
 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) 		CVE-2017-5493 cpe:2.3:a:wordpress:wordpress:*:* 4.7 2024-11-21 12:27
2017-01-15 		Show GitHub Exploit DB Packet Storm
124 8.8
6.8 		HIGH
Network 		Cross-site request forgery (CSRF) vulnerability in the widget-editing accessibility-mode feature in WordPress before 4.7.1 allows remote attackers to hijack the authentication of unspecified victims … CWE-352
 Origin Validation Error 		CVE-2017-5492 cpe:2.3:a:wordpress:wordpress:*:* 4.7 2024-11-21 12:27
2017-01-15 		Show GitHub Exploit DB Packet Storm
125 5.3
5.0 		MEDIUM
Network 		wp-mail.php in WordPress before 4.7.1 might allow remote attackers to bypass intended posting restrictions via a spoofed mail server with the mail.example.com name. CWE-1188
 Insecure Default Initialization of Resource 		CVE-2017-5491 cpe:2.3:a:wordpress:wordpress:*:* 4.7 2024-11-21 12:27
2017-01-15 		Show GitHub Exploit DB Packet Storm
126 6.1
4.3 		MEDIUM
Network 		Cross-site scripting (XSS) vulnerability in the theme-name fallback functionality in wp-includes/class-wp-theme.php in WordPress before 4.7.1 allows remote attackers to inject arbitrary web script or… CWE-79
Cross-site Scripting 		CVE-2017-5490 cpe:2.3:a:wordpress:wordpress:*:* 4.7 2024-11-21 12:27
2017-01-15 		Show GitHub Exploit DB Packet Storm
127 8.8
6.8 		HIGH
Network 		Cross-site request forgery (CSRF) vulnerability in WordPress before 4.7.1 allows remote attackers to hijack the authentication of unspecified victims via vectors involving a Flash file upload. CWE-352
 Origin Validation Error 		CVE-2017-5489 cpe:2.3:a:wordpress:wordpress:*:* 4.7 2024-11-21 12:27
2017-01-15 		Show GitHub Exploit DB Packet Storm
128 6.1
4.3 		MEDIUM
Network 		Multiple cross-site scripting (XSS) vulnerabilities in wp-admin/update-core.php in WordPress before 4.7.1 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) version… CWE-79
Cross-site Scripting 		CVE-2017-5488 cpe:2.3:a:wordpress:wordpress:*:* 4.7 2024-11-21 12:27
2017-01-15 		Show GitHub Exploit DB Packet Storm
129 5.3
5.0 		MEDIUM
Network 		wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php in the REST API implementation in WordPress 4.7 before 4.7.1 does not properly restrict listings of post authors, which allows remote… CWE-200
Information Exposure 		CVE-2017-5487 cpe:2.3:a:wordpress:wordpress:*:* 4.7 2024-11-21 12:27
2017-01-15 		Show GitHub Exploit DB Packet Storm
130 6.3
6.5 		MEDIUM
Network 		Directory traversal vulnerability in the File_Upload_Upgrader class in wp-admin/includes/class-file-upload-upgrader.php in the upgrade package uploader in WordPress before 4.6.1 allows remote authent… CWE-22
Path Traversal 		CVE-2016-7169 cpe:2.3:a:wordpress:wordpress:*:* 4.6 2024-11-21 11:57
2017-01-5 		Show GitHub Exploit DB Packet Storm