Software Detail
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
Number of items displayed
WordPress Number Of NVD 349 CRITICAL 17 HIGH 79 MEDIUM 235 LOW 18
URL https://wordpress.org/
Explanation It is an open source blogging software written in PHP.
It can be used not only for blogs, but also for personal and corporate web sites, and offers a large number of additional features and good-looking themes.
It may be the most used Content Management System (CMS) in the world.

There are many plugins, and if you have enough knowledge, you can build a site that can be used for commercial purposes.
However, since there are some vulnerabilities caused by plugins, you need to carefully select the right plugin to use.

Since security updates are not made for other than the latest version, it is officially announced that older versions cannot be used safely.
In some cases, security issues are fixed for older versions.
Since there are many plugins (additional functions) available for WordPress, you need to check each plugin for vulnerabilities and new versions.
Tag
  • オープンソース
  • GPL v2
  • PHP

Add Information URL
No Type Name URL
1 https://ja.wordpress.org/download/
2 https://github.com/wordpress/wordpress
3 https://wordpress.org/download/releases/
4 https://ja.wordpress.org/download/releases/
5 https://ja.wordpress.org/about/history/
6 https://wordpress.org/news/category/releases/
7 https://ja.wordpress.org/

List Of Product  [ Click to show release history and vulnerability information ]
No Name Latest Version Release date Initial release Normal Support Security Support
Service Pack Support
Extended
for a fee
Critical High Medium Low
161 wordpress 6 6.8.3 Sept. 30, 2025 Nov. 2, 2022 0 0 10 0
162 wordpress 5.9 5.9.5 Oct. 17, 2022 Jan. 25, 2022 0 0 10 0
163 wordpress 5.8 5.8.1 Sept. 9, 2021 July 21, 2021 0 3 13 0
164 wordpress 5.7 5.7.3 Sept. 9, 2021 March 10, 2021 2 4 14 0
165 WordPress 5.6 5.6.5 Sept. 9, 2021 Dec. 8, 2020 2 4 14 0
166 WordPress 5.5 5.5.6 Sept. 9, 2021 Aug. 11, 2020 7 5 16 0
167 WordPress 5.4 5.4.7 Sept. 9, 2021 April 28, 2020 7 7 24 2
168 WordPress 5.3 5.3.9 Sept. 11, 2021 Nov. 21, 2019 8 7 27 2
169 WordPress 5.2 5.2.12 Sept. 9, 2021 May 19, 2019 10 9 38 2
170 WordPress 5.1 5.1.11 Sept. 22, 2021 March 11, 2019 10 10 37 2
171 WordPress 5.0 5.0.14 Sept. 22, 2021 Dec. 10, 2018 11 12 43 2
172 WordPress 4.9 4.9.18 May 12, 2021 Nov. 17, 2017 11 17 49 2
173 WordPress 4.8 4.8.17 May 12, 2021 June 23, 2017 13 20 57 2
174 WordPress 4.7 4.7.18 June 11, 2020 Dec. 7, 2016 16 28 72 2
175 WordPress 4.6 4.6.19 June 11, 2020 Aug. 17, 2016 16 26 70 2
176 WordPress 4.5 4.5.22 June 11, 2020 April 14, 2016 16 33 76 2
177 WordPress 4.4 4.4.23 June 11, 2020 Dec. 9, 2015 16 36 78 2
178 WordPress 4.3 4.3.24 June 11, 2020 Aug. 19, 2015 16 36 81 2
179 WordPress 4.2 4.2.28 June 11, 2020 April 28, 2015 16 37 89 3
180 WordPress 4.1 4.1.31 June 11, 2020 Dec. 19, 2014 16 37 91 3
181 wordpress 4.0 4.0.38 Dec. 15, 2014 Dec. 15, 2014 16 37 97 3
182 WordPress 3.9 3.9.40 Nov. 30, 2022 April 17, 2014 16 38 102 4
183 WordPress 3.8 3.8.41 Nov. 30, 2022 Dec. 16, 2013 16 37 102 4
184 WordPress 3.7 3.7.5 Nov. 30, 2022 Oct. 25, 2013 16 37 102 4
185 wordpress 3.6 3.6.1 Sept. 11, 2013 Aug. 1, 2013 Jan. 1, 2000 15 37 94 4
186 wordpress 3.5 3.5.2 June 21, 2013 Nov. 11, 2012 Jan. 1, 2000 15 37 105 4
187 wordpress 3.4 3.4.2 Sept. 6, 2012 June 13, 2012 Jan. 1, 2000 15 37 108 7
188 wordpress 3.3 3.3.3 June 27, 2012 Dec. 12, 2011 Jan. 1, 2000 15 40 119 6
189 wordpress 3.2 3.2.1 July 12, 2011 July 4, 2011 Jan. 1, 2000 15 44 122 5
190 wordpress 3.1 3.1.4 June 29, 2011 Feb. 23, 2011 Jan. 1, 2000 15 44 125 5
191 wordpress 3.0 3.0.6 April 26, 2011 June 17, 2010 Jan. 1, 2000 15 40 132 7
192 wordpress 2.9 2.9.2 Feb. 15, 2010 Dec. 18, 2009 Jan. 1, 2000 15 39 133 7
193 wordpress 2.8 2.8.6 Nov. 12, 2009 June 11, 2009 Jan. 1, 2000 15 41 137 8
194 wordpress 2.7 2.7.1 Feb. 10, 2009 Dec. 10, 2008 Jan. 1, 2000 15 41 140 8
195 wordpress 2.6 2.6.5 Nov. 25, 2008 July 15, 2008 Jan. 1, 2000 15 44 143 8
196 wordpress 2.5 2.5.1 April 25, 2008 March 29, 2008 Jan. 1, 2000 15 46 143 8
197 wordpress 2.3 2.3.3 Feb. 5, 2008 Sept. 25, 2007 Jan. 1, 2000 16 46 147 9
198 wordpress 2.2 2.2.3 Sept. 24, 2007 Sept. 24, 2007 Jan. 1, 2000 16 48 158 9
199 wordpress 2.1 2.1.3 Sept. 24, 2007 Sept. 24, 2007 Jan. 1, 2000 16 51 157 9
200 wordpress 2.0 2.0.9 Sept. 24, 2007 Sept. 24, 2007 Jan. 1, 2000 16 55 180 9
201 wordpress 1.5 1.5.2 Sept. 24, 2007 Sept. 24, 2007 Jan. 1, 2000 16 58 173 8
202 wordpress 1.2 1.2.5 Sept. 24, 2007 Sept. 24, 2007 Jan. 1, 2000 15 55 175 8
203 wordpress 1.6 1.6.2 Jan. 1, 2000 16 49 161 8
204 wordpress 1.3 1.3.3 Jan. 1, 2000 15 49 164 8
205 wordpress 1.1 1.1.1 Jan. 1, 2000 15 49 163 8
206 wordpress 1.0 1.0.2 Sept. 24, 2007 Jan. 1, 2000 15 53 169 8
207 wordpress 0.72 0.72 Jan. 1, 2000 15 51 163 8
208 wordpress 0.711 0.711 Jan. 1, 2000 15 51 163 8
209 wordpress 0.71 0.71 Sept. 24, 2007 Jan. 1, 2000 15 53 167 8
NVD Vulnerability Information
  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW
No CVSS3
CVSS2
Level
Attach Vector
Title CWE CVE cpe23Uri or higher or less more than less than Update date
Published date
Show Affected Exploit
PoC
Search
161 -
4.3
MEDIUM Multiple cross-site scripting (XSS) vulnerabilities in WordPress before 4.1.2, when MySQL is used without strict mode, allow remote attackers to inject arbitrary web script or HTML via a (1) four-byt… CWE-79
Cross-site Scripting
CVE-2015-3438 cpe:2.3:a:wordpress:wordpress:*:* 4.1.1 2024-11-21 11:29
2015-08-5
Show GitHub Exploit DB Packet Storm
162 -
4.0
MEDIUM WordPress before 4.2.3 does not properly verify the edit_posts capability, which allows remote authenticated users to bypass intended access restrictions and create drafts by leveraging the Subscribe… CWE-284
Improper Access Control
CVE-2015-5623 cpe:2.3:a:wordpress:wordpress:*:* 4.2.2 2024-11-21 11:33
2015-08-3
Show GitHub Exploit DB Packet Storm
163 -
3.5
LOW Cross-site scripting (XSS) vulnerability in WordPress before 4.2.3 allows remote authenticated users to inject arbitrary web script or HTML by leveraging the Author or Contributor role to place a cra… CWE-79
Cross-site Scripting
CVE-2015-5622 cpe:2.3:a:wordpress:wordpress:*:* 4.2.2 2024-11-21 11:33
2015-08-3
Show GitHub Exploit DB Packet Storm
164 -
4.3
MEDIUM Cross-site scripting (XSS) vulnerability in wp-includes/wp-db.php in WordPress before 4.2.1 allows remote attackers to inject arbitrary web script or HTML via a long comment that is improperly stored… CWE-79
Cross-site Scripting
CVE-2015-3440 cpe:2.3:a:wordpress:wordpress:*:* 4.2 2024-11-21 11:29
2015-08-3
Show GitHub Exploit DB Packet Storm
165 -
4.3
MEDIUM wp-login.php in WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 might allow remote attackers to reset passwords by leveraging access to an e-mail account that rec… CWE-254
 7PK - Security Features
CVE-2014-9039 cpe:2.3:a:wordpress:wordpress:4.0:*
cpe:2.3:a:wordpress:wordpress:3.9:*
cpe:2.3:a:wordpress:wordpress:3.9.2:*
3.7.4 2024-11-21 11:20
2014-11-26
Show GitHub Exploit DB Packet Storm
166 -
6.4
MEDIUM wp-includes/http.php in WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 allows remote attackers to conduct server-side request forgery (SSRF) attacks by referring… CWE-20
 Improper Input Validation 
CVE-2014-9038 cpe:2.3:a:wordpress:wordpress:4.0:*
cpe:2.3:a:wordpress:wordpress:3.9:*
cpe:2.3:a:wordpress:wordpress:3.9.2:*
3.7.4 2024-11-21 11:20
2014-11-26
Show GitHub Exploit DB Packet Storm
167 -
6.8
MEDIUM WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 might allow remote attackers to obtain access to an account idle since 2008 by leveraging an improper PHP dynamic … CWE-310
Cryptographic Issues
CVE-2014-9037 cpe:2.3:a:wordpress:wordpress:4.0:*
cpe:2.3:a:wordpress:wordpress:3.9:*
cpe:2.3:a:wordpress:wordpress:3.9.2:*
3.7.4 2024-11-21 11:20
2014-11-26
Show GitHub Exploit DB Packet Storm
168 -
4.3
MEDIUM Cross-site scripting (XSS) vulnerability in WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 allows remote attackers to inject arbitrary web script or HTML via a c… CWE-79
Cross-site Scripting
CVE-2014-9036 cpe:2.3:a:wordpress:wordpress:4.0:*
cpe:2.3:a:wordpress:wordpress:3.9:*
cpe:2.3:a:wordpress:wordpress:3.9.2:*
3.7.4 2024-11-21 11:20
2014-11-26
Show GitHub Exploit DB Packet Storm
169 -
4.3
MEDIUM Cross-site scripting (XSS) vulnerability in Press This in WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 allows remote attackers to inject arbitrary web script o… CWE-79
Cross-site Scripting
CVE-2014-9035 cpe:2.3:a:wordpress:wordpress:4.0:*
cpe:2.3:a:wordpress:wordpress:3.9:*
cpe:2.3:a:wordpress:wordpress:3.9.2:*
3.7.4 2024-11-21 11:20
2014-11-26
Show GitHub Exploit DB Packet Storm
170 -
5.0
MEDIUM wp-includes/class-phpass.php in WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 allows remote attackers to cause a denial of service (CPU consumption) via a long … CWE-19
 Data Processing Errors
CVE-2014-9034 cpe:2.3:a:wordpress:wordpress:4.0:*
cpe:2.3:a:wordpress:wordpress:3.9:*
cpe:2.3:a:wordpress:wordpress:3.9.2:*
3.7.4 2024-11-21 11:20
2014-11-26
Show GitHub Exploit DB Packet Storm