Software Detail
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
Number of items displayed
WordPress Number Of NVD 349 CRITICAL 17 HIGH 79 MEDIUM 235 LOW 18
URL https://wordpress.org/
Explanation It is an open source blogging software written in PHP.
It can be used not only for blogs, but also for personal and corporate web sites, and offers a large number of additional features and good-looking themes.
It may be the most used Content Management System (CMS) in the world.

There are many plugins, and if you have enough knowledge, you can build a site that can be used for commercial purposes.
However, since there are some vulnerabilities caused by plugins, you need to carefully select the right plugin to use.

Since security updates are not made for other than the latest version, it is officially announced that older versions cannot be used safely.
In some cases, security issues are fixed for older versions.
Since there are many plugins (additional functions) available for WordPress, you need to check each plugin for vulnerabilities and new versions.
Tag
  • GPL v2
  • PHP
  • オープンソース

Add Information URL
No Type Name URL
1 https://ja.wordpress.org/download/
2 https://github.com/wordpress/wordpress
3 https://wordpress.org/download/releases/
4 https://ja.wordpress.org/download/releases/
5 https://ja.wordpress.org/about/history/
6 https://wordpress.org/news/category/releases/
7 https://ja.wordpress.org/

List Of Product  [ Click to show release history and vulnerability information ]
No Name Latest Version Release date Initial release Normal Support Security Support
Service Pack Support
Extended
for a fee
Critical High Medium Low
141 wordpress 6 6.8.3 Sept. 30, 2025 Nov. 2, 2022 0 0 10 0
142 wordpress 5.9 5.9.5 Oct. 17, 2022 Jan. 25, 2022 0 0 10 0
143 wordpress 5.8 5.8.1 Sept. 9, 2021 July 21, 2021 0 3 13 0
144 wordpress 5.7 5.7.3 Sept. 9, 2021 March 10, 2021 2 4 14 0
145 WordPress 5.6 5.6.5 Sept. 9, 2021 Dec. 8, 2020 2 4 14 0
146 WordPress 5.5 5.5.6 Sept. 9, 2021 Aug. 11, 2020 7 5 16 0
147 WordPress 5.4 5.4.7 Sept. 9, 2021 April 28, 2020 7 7 24 2
148 WordPress 5.3 5.3.9 Sept. 11, 2021 Nov. 21, 2019 8 7 27 2
149 WordPress 5.2 5.2.12 Sept. 9, 2021 May 19, 2019 10 9 38 2
150 WordPress 5.1 5.1.11 Sept. 22, 2021 March 11, 2019 10 10 37 2
151 WordPress 5.0 5.0.14 Sept. 22, 2021 Dec. 10, 2018 11 12 43 2
152 WordPress 4.9 4.9.18 May 12, 2021 Nov. 17, 2017 11 17 49 2
153 WordPress 4.8 4.8.17 May 12, 2021 June 23, 2017 13 20 57 2
154 WordPress 4.7 4.7.18 June 11, 2020 Dec. 7, 2016 16 28 72 2
155 WordPress 4.6 4.6.19 June 11, 2020 Aug. 17, 2016 16 26 70 2
156 WordPress 4.5 4.5.22 June 11, 2020 April 14, 2016 16 33 76 2
157 WordPress 4.4 4.4.23 June 11, 2020 Dec. 9, 2015 16 36 78 2
158 WordPress 4.3 4.3.24 June 11, 2020 Aug. 19, 2015 16 36 81 2
159 WordPress 4.2 4.2.28 June 11, 2020 April 28, 2015 16 37 89 3
160 WordPress 4.1 4.1.31 June 11, 2020 Dec. 19, 2014 16 37 91 3
161 wordpress 4.0 4.0.38 Dec. 15, 2014 Dec. 15, 2014 16 37 97 3
162 WordPress 3.9 3.9.40 Nov. 30, 2022 April 17, 2014 16 38 102 4
163 WordPress 3.8 3.8.41 Nov. 30, 2022 Dec. 16, 2013 16 37 102 4
164 WordPress 3.7 3.7.5 Nov. 30, 2022 Oct. 25, 2013 16 37 102 4
165 wordpress 3.6 3.6.1 Sept. 11, 2013 Aug. 1, 2013 Jan. 1, 2000 15 37 94 4
166 wordpress 3.5 3.5.2 June 21, 2013 Nov. 11, 2012 Jan. 1, 2000 15 37 105 4
167 wordpress 3.4 3.4.2 Sept. 6, 2012 June 13, 2012 Jan. 1, 2000 15 37 108 7
168 wordpress 3.3 3.3.3 June 27, 2012 Dec. 12, 2011 Jan. 1, 2000 15 40 119 6
169 wordpress 3.2 3.2.1 July 12, 2011 July 4, 2011 Jan. 1, 2000 15 44 122 5
170 wordpress 3.1 3.1.4 June 29, 2011 Feb. 23, 2011 Jan. 1, 2000 15 44 125 5
171 wordpress 3.0 3.0.6 April 26, 2011 June 17, 2010 Jan. 1, 2000 15 40 132 7
172 wordpress 2.9 2.9.2 Feb. 15, 2010 Dec. 18, 2009 Jan. 1, 2000 15 39 133 7
173 wordpress 2.8 2.8.6 Nov. 12, 2009 June 11, 2009 Jan. 1, 2000 15 41 137 8
174 wordpress 2.7 2.7.1 Feb. 10, 2009 Dec. 10, 2008 Jan. 1, 2000 15 41 140 8
175 wordpress 2.6 2.6.5 Nov. 25, 2008 July 15, 2008 Jan. 1, 2000 15 44 143 8
176 wordpress 2.5 2.5.1 April 25, 2008 March 29, 2008 Jan. 1, 2000 15 46 143 8
177 wordpress 2.3 2.3.3 Feb. 5, 2008 Sept. 25, 2007 Jan. 1, 2000 16 46 147 9
178 wordpress 2.2 2.2.3 Sept. 24, 2007 Sept. 24, 2007 Jan. 1, 2000 16 48 158 9
179 wordpress 2.1 2.1.3 Sept. 24, 2007 Sept. 24, 2007 Jan. 1, 2000 16 51 157 9
180 wordpress 2.0 2.0.9 Sept. 24, 2007 Sept. 24, 2007 Jan. 1, 2000 16 55 180 9
181 wordpress 1.5 1.5.2 Sept. 24, 2007 Sept. 24, 2007 Jan. 1, 2000 16 58 173 8
182 wordpress 1.2 1.2.5 Sept. 24, 2007 Sept. 24, 2007 Jan. 1, 2000 15 55 175 8
183 wordpress 1.6 1.6.2 Jan. 1, 2000 16 49 161 8
184 wordpress 1.3 1.3.3 Jan. 1, 2000 15 49 164 8
185 wordpress 1.1 1.1.1 Jan. 1, 2000 15 49 163 8
186 wordpress 1.0 1.0.2 Sept. 24, 2007 Jan. 1, 2000 15 53 169 8
187 wordpress 0.72 0.72 Jan. 1, 2000 15 51 163 8
188 wordpress 0.711 0.711 Jan. 1, 2000 15 51 163 8
189 wordpress 0.71 0.71 Sept. 24, 2007 Jan. 1, 2000 15 53 167 8
NVD Vulnerability Information
  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW
No CVSS3
CVSS2
Level
Attach Vector
Title CWE CVE cpe23Uri or higher or less more than less than Update date
Published date
Show Affected Exploit
PoC
Search
141 7.5
5.0
HIGH
Network
WordPress before 4.5.3 allows remote attackers to obtain sensitive revision-history information by leveraging the ability to read a post, related to wp-admin/includes/ajax-actions.php and wp-admin/re… CWE-200
Information Exposure
CVE-2016-5835 cpe:2.3:a:wordpress:wordpress:*:* 4.5.2 2024-11-21 11:55
2016-06-29
Show GitHub Exploit DB Packet Storm
142 6.1
4.3
MEDIUM
Network
Cross-site scripting (XSS) vulnerability in the wp_get_attachment_link function in wp-includes/post-template.php in WordPress before 4.5.3 allows remote attackers to inject arbitrary web script or HT… CWE-79
Cross-site Scripting
CVE-2016-5834 cpe:2.3:a:wordpress:wordpress:*:* 4.5.2 2024-11-21 11:55
2016-06-29
Show GitHub Exploit DB Packet Storm
143 6.1
4.3
MEDIUM
Network
Cross-site scripting (XSS) vulnerability in the column_title function in wp-admin/includes/class-wp-media-list-table.php in WordPress before 4.5.3 allows remote attackers to inject arbitrary web scri… CWE-79
Cross-site Scripting
CVE-2016-5833 cpe:2.3:a:wordpress:wordpress:*:* 4.5.2 2024-11-21 11:55
2016-06-29
Show GitHub Exploit DB Packet Storm
144 7.5
5.0
HIGH
Network
The customizer in WordPress before 4.5.3 allows remote attackers to bypass intended redirection restrictions via unspecified vectors. NVD-CWE-noinfo
CVE-2016-5832 cpe:2.3:a:wordpress:wordpress:*:* 4.5.2 2024-11-21 11:55
2016-06-29
Show GitHub Exploit DB Packet Storm
145 6.1
4.3
MEDIUM
Network
Cross-site scripting (XSS) vulnerability in flash/FlashMediaElement.as in MediaElement.js before 2.21.0, as used in WordPress before 4.5.2, allows remote attackers to inject arbitrary web script or H… CWE-79
Cross-site Scripting
CVE-2016-4567 cpe:2.3:a:wordpress:wordpress:*:* 4.5.1 2024-11-21 11:52
2016-05-22
Show GitHub Exploit DB Packet Storm
146 6.1
4.3
MEDIUM
Network
Cross-site scripting (XSS) vulnerability in plupload.flash.swf in Plupload before 2.1.9, as used in WordPress before 4.5.2, allows remote attackers to inject arbitrary web script or HTML via a Same-O… CWE-79
Cross-site Scripting
CVE-2016-4566 cpe:2.3:a:wordpress:wordpress:*:* 4.5.1 2024-11-21 11:52
2016-05-22
Show GitHub Exploit DB Packet Storm
147 8.6
5.0
HIGH
Network
The wp_http_validate_url function in wp-includes/http.php in WordPress before 4.4.2 allows remote attackers to conduct server-side request forgery (SSRF) attacks via a zero value in the first octet o… NVD-CWE-Other
CVE-2016-2222 cpe:2.3:a:wordpress:wordpress:4.4.1:* 2024-11-21 11:48
2016-05-22
Show GitHub Exploit DB Packet Storm
148 7.4
5.8
HIGH
Network
Open redirect vulnerability in the wp_validate_redirect function in wp-includes/pluggable.php in WordPress before 4.4.2 allows remote attackers to redirect users to arbitrary web sites and conduct ph… NVD-CWE-Other
CVE-2016-2221 cpe:2.3:a:wordpress:wordpress:*:* 4.4.1 2024-11-21 11:48
2016-05-22
Show GitHub Exploit DB Packet Storm
149 6.1
4.3
MEDIUM
Network
Multiple cross-site scripting (XSS) vulnerabilities in wp-includes/class-wp-theme.php in WordPress before 4.4.1 allow remote attackers to inject arbitrary web script or HTML via a (1) stylesheet name… CWE-79
Cross-site Scripting
CVE-2016-1564 cpe:2.3:a:wordpress:wordpress:*:* 4.4.0 2024-11-21 11:46
2016-05-22
Show GitHub Exploit DB Packet Storm
150 6.1
4.3
MEDIUM
Network
Cross-site scripting (XSS) vulnerability in wp-includes/wp-db.php in WordPress before 4.2.2 allows remote attackers to inject arbitrary web script or HTML via a long comment that is improperly stored… CWE-79
Cross-site Scripting
CVE-2015-8834 cpe:2.3:a:wordpress:wordpress:*:* 4.2.1 2024-11-21 11:39
2016-05-22
Show GitHub Exploit DB Packet Storm