| WordPress | Number Of NVD | 349 | CRITICAL | 17 | HIGH | 79 | MEDIUM | 235 | LOW | 18 |
| URL | https://wordpress.org/ | ||||||||
|---|---|---|---|---|---|---|---|---|---|
| Explanation | It is an open source blogging software written in PHP. It can be used not only for blogs, but also for personal and corporate web sites, and offers a large number of additional features and good-looking themes. It may be the most used Content Management System (CMS) in the world. There are many plugins, and if you have enough knowledge, you can build a site that can be used for commercial purposes. However, since there are some vulnerabilities caused by plugins, you need to carefully select the right plugin to use. Since security updates are not made for other than the latest version, it is officially announced that older versions cannot be used safely. In some cases, security issues are fixed for older versions. Since there are many plugins (additional functions) available for WordPress, you need to check each plugin for vulnerabilities and new versions. |
||||||||
| Tag | |||||||||
| No | Type | Name | URL |
|---|---|---|---|
| 1 | https://ja.wordpress.org/download/ | ||
| 2 | https://github.com/wordpress/wordpress | ||
| 3 | https://wordpress.org/download/releases/ | ||
| 4 | https://ja.wordpress.org/download/releases/ | ||
| 5 | https://ja.wordpress.org/about/history/ | ||
| 6 | https://wordpress.org/news/category/releases/ | ||
| 7 | https://ja.wordpress.org/ |
| No | Name | Latest Version | Release date | Initial release | Normal Support | Security Support Service Pack Support |
Extended for a fee |
Critical | High | Medium | Low |
|---|---|---|---|---|---|---|---|---|---|---|---|
| 181 | wordpress 6 | 6.8.3 | Sept. 30, 2025 | Nov. 2, 2022 | 0 | 0 | 10 | 0 | |||
| 182 | wordpress 5.9 | 5.9.5 | Oct. 17, 2022 | Jan. 25, 2022 | 0 | 0 | 10 | 0 | |||
| 183 | wordpress 5.8 | 5.8.1 | Sept. 9, 2021 | July 21, 2021 | 0 | 3 | 13 | 0 | |||
| 184 | wordpress 5.7 | 5.7.3 | Sept. 9, 2021 | March 10, 2021 | 2 | 4 | 14 | 0 | |||
| 185 | WordPress 5.6 | 5.6.5 | Sept. 9, 2021 | Dec. 8, 2020 | 2 | 4 | 14 | 0 | |||
| 186 | WordPress 5.5 | 5.5.6 | Sept. 9, 2021 | Aug. 11, 2020 | 7 | 5 | 16 | 0 | |||
| 187 | WordPress 5.4 | 5.4.7 | Sept. 9, 2021 | April 28, 2020 | 7 | 7 | 24 | 2 | |||
| 188 | WordPress 5.3 | 5.3.9 | Sept. 11, 2021 | Nov. 21, 2019 | 8 | 7 | 27 | 2 | |||
| 189 | WordPress 5.2 | 5.2.12 | Sept. 9, 2021 | May 19, 2019 | 10 | 9 | 38 | 2 | |||
| 190 | WordPress 5.1 | 5.1.11 | Sept. 22, 2021 | March 11, 2019 | 10 | 10 | 37 | 2 | |||
| 191 | WordPress 5.0 | 5.0.14 | Sept. 22, 2021 | Dec. 10, 2018 | 11 | 12 | 43 | 2 | |||
| 192 | WordPress 4.9 | 4.9.18 | May 12, 2021 | Nov. 17, 2017 | 11 | 17 | 49 | 2 | |||
| 193 | WordPress 4.8 | 4.8.17 | May 12, 2021 | June 23, 2017 | 13 | 20 | 57 | 2 | |||
| 194 | WordPress 4.7 | 4.7.18 | June 11, 2020 | Dec. 7, 2016 | 16 | 28 | 72 | 2 | |||
| 195 | WordPress 4.6 | 4.6.19 | June 11, 2020 | Aug. 17, 2016 | 16 | 26 | 70 | 2 | |||
| 196 | WordPress 4.5 | 4.5.22 | June 11, 2020 | April 14, 2016 | 16 | 33 | 76 | 2 | |||
| 197 | WordPress 4.4 | 4.4.23 | June 11, 2020 | Dec. 9, 2015 | 16 | 36 | 78 | 2 | |||
| 198 | WordPress 4.3 | 4.3.24 | June 11, 2020 | Aug. 19, 2015 | 16 | 36 | 81 | 2 | |||
| 199 | WordPress 4.2 | 4.2.28 | June 11, 2020 | April 28, 2015 | 16 | 37 | 89 | 3 | |||
| 200 | WordPress 4.1 | 4.1.31 | June 11, 2020 | Dec. 19, 2014 | 16 | 37 | 91 | 3 | |||
| 201 | wordpress 4.0 | 4.0.38 | Dec. 15, 2014 | Dec. 15, 2014 | 16 | 37 | 97 | 3 | |||
| 202 | WordPress 3.9 | 3.9.40 | Nov. 30, 2022 | April 17, 2014 | 16 | 38 | 102 | 4 | |||
| 203 | WordPress 3.8 | 3.8.41 | Nov. 30, 2022 | Dec. 16, 2013 | 16 | 37 | 102 | 4 | |||
| 204 | WordPress 3.7 | 3.7.5 | Nov. 30, 2022 | Oct. 25, 2013 | 16 | 37 | 102 | 4 | |||
| 205 | wordpress 3.6 | 3.6.1 | Sept. 11, 2013 | Aug. 1, 2013 | Jan. 1, 2000 | 15 | 37 | 94 | 4 | ||
| 206 | wordpress 3.5 | 3.5.2 | June 21, 2013 | Nov. 11, 2012 | Jan. 1, 2000 | 15 | 37 | 105 | 4 | ||
| 207 | wordpress 3.4 | 3.4.2 | Sept. 6, 2012 | June 13, 2012 | Jan. 1, 2000 | 15 | 37 | 108 | 7 | ||
| 208 | wordpress 3.3 | 3.3.3 | June 27, 2012 | Dec. 12, 2011 | Jan. 1, 2000 | 15 | 40 | 119 | 6 | ||
| 209 | wordpress 3.2 | 3.2.1 | July 12, 2011 | July 4, 2011 | Jan. 1, 2000 | 15 | 44 | 122 | 5 | ||
| 210 | wordpress 3.1 | 3.1.4 | June 29, 2011 | Feb. 23, 2011 | Jan. 1, 2000 | 15 | 44 | 125 | 5 | ||
| 211 | wordpress 3.0 | 3.0.6 | April 26, 2011 | June 17, 2010 | Jan. 1, 2000 | 15 | 40 | 132 | 7 | ||
| 212 | wordpress 2.9 | 2.9.2 | Feb. 15, 2010 | Dec. 18, 2009 | Jan. 1, 2000 | 15 | 39 | 133 | 7 | ||
| 213 | wordpress 2.8 | 2.8.6 | Nov. 12, 2009 | June 11, 2009 | Jan. 1, 2000 | 15 | 41 | 137 | 8 | ||
| 214 | wordpress 2.7 | 2.7.1 | Feb. 10, 2009 | Dec. 10, 2008 | Jan. 1, 2000 | 15 | 41 | 140 | 8 | ||
| 215 | wordpress 2.6 | 2.6.5 | Nov. 25, 2008 | July 15, 2008 | Jan. 1, 2000 | 15 | 44 | 143 | 8 | ||
| 216 | wordpress 2.5 | 2.5.1 | April 25, 2008 | March 29, 2008 | Jan. 1, 2000 | 15 | 46 | 143 | 8 | ||
| 217 | wordpress 2.3 | 2.3.3 | Feb. 5, 2008 | Sept. 25, 2007 | Jan. 1, 2000 | 16 | 46 | 147 | 9 | ||
| 218 | wordpress 2.2 | 2.2.3 | Sept. 24, 2007 | Sept. 24, 2007 | Jan. 1, 2000 | 16 | 48 | 158 | 9 | ||
| 219 | wordpress 2.1 | 2.1.3 | Sept. 24, 2007 | Sept. 24, 2007 | Jan. 1, 2000 | 16 | 51 | 157 | 9 | ||
| 220 | wordpress 2.0 | 2.0.9 | Sept. 24, 2007 | Sept. 24, 2007 | Jan. 1, 2000 | 16 | 55 | 180 | 9 | ||
| 221 | wordpress 1.5 | 1.5.2 | Sept. 24, 2007 | Sept. 24, 2007 | Jan. 1, 2000 | 16 | 58 | 173 | 8 | ||
| 222 | wordpress 1.2 | 1.2.5 | Sept. 24, 2007 | Sept. 24, 2007 | Jan. 1, 2000 | 15 | 55 | 175 | 8 | ||
| 223 | wordpress 1.6 | 1.6.2 | Jan. 1, 2000 | 16 | 49 | 161 | 8 | ||||
| 224 | wordpress 1.3 | 1.3.3 | Jan. 1, 2000 | 15 | 49 | 164 | 8 | ||||
| 225 | wordpress 1.1 | 1.1.1 | Jan. 1, 2000 | 15 | 49 | 163 | 8 | ||||
| 226 | wordpress 1.0 | 1.0.2 | Sept. 24, 2007 | Jan. 1, 2000 | 15 | 53 | 169 | 8 | |||
| 227 | wordpress 0.72 | 0.72 | Jan. 1, 2000 | 15 | 51 | 163 | 8 | ||||
| 228 | wordpress 0.711 | 0.711 | Jan. 1, 2000 | 15 | 51 | 163 | 8 | ||||
| 229 | wordpress 0.71 | 0.71 | Sept. 24, 2007 | Jan. 1, 2000 | 15 | 53 | 167 | 8 |
| No | CVSS3 CVSS2 |
Level Attach Vector |
Title | CWE | CVE | cpe23Uri | or higher | or less | more than | less than | Update date Published date |
Show Affected | Exploit PoC Search |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 181 |
- 7.5 |
HIGH | wp-includes/class-wp-customize-widgets.php in the widget implementation in WordPress 3.9.x before 3.9.2 might allow remote attackers to execute arbitrary code via crafted serialized data. |
NVD-CWE-noinfo
|
CVE-2014-5203 |
cpe:2.3:a:wordpress:wordpress:3.9.1:* cpe:2.3:a:wordpress:wordpress:3.9.0:* |
2024-11-21 11:11 2014-08-18 |
Show | GitHub Exploit DB Packet Storm | ||||
| 182 |
- 6.4 |
MEDIUM | The wp_validate_auth_cookie function in wp-includes/pluggable.php in WordPress before 3.7.2 and 3.8.x before 3.8.2 does not properly determine the validity of authentication cookies, which makes it e… |
CWE-287
Improper Authentication |
CVE-2014-0166 |
cpe:2.3:a:wordpress:wordpress:3.8:* cpe:2.3:a:wordpress:wordpress:3.8.1:* cpe:2.3:a:wordpress:wordpress:3.7:* … |
3.7.1 |
2024-11-21 11:01 2014-04-10 |
Show | GitHub Exploit DB Packet Storm | |||
| 183 |
- 4.0 |
MEDIUM | WordPress before 3.7.2 and 3.8.x before 3.8.2 allows remote authenticated users to publish posts by leveraging the Contributor role, related to wp-admin/includes/post.php and wp-admin/includes/class-… |
CWE-264
Permissions, Privileges, and Access Controls |
CVE-2014-0165 |
cpe:2.3:a:wordpress:wordpress:3.8:* cpe:2.3:a:wordpress:wordpress:3.8.1:* cpe:2.3:a:wordpress:wordpress:3.7:* … |
3.7.1 |
2024-11-21 11:01 2014-04-10 |
Show | GitHub Exploit DB Packet Storm | |||
| 184 |
- 4.0 |
MEDIUM | wp-admin/includes/class-wp-posts-list-table.php in WordPress before 3.3.3 does not properly restrict excerpt-view access, which allows remote authenticated users to obtain sensitive information by vi… |
CWE-264
Permissions, Privileges, and Access Controls |
CVE-2012-6635 |
cpe:2.3:a:wordpress:wordpress:3.3:* cpe:2.3:a:wordpress:wordpress:3.3.1:* cpe:2.3:a:wordpress:wordpress:3.2:beta1… |
3.3.2 |
2024-11-21 10:46 2014-01-21 |
Show | GitHub Exploit DB Packet Storm | |||
| 185 |
- 6.4 |
MEDIUM | wp-admin/media-upload.php in WordPress before 3.3.3 allows remote attackers to obtain sensitive information or bypass intended media-attachment restrictions via a post_id value. |
CWE-264
Permissions, Privileges, and Access Controls |
CVE-2012-6634 |
cpe:2.3:a:wordpress:wordpress:3.3:* cpe:2.3:a:wordpress:wordpress:3.3.1:* cpe:2.3:a:wordpress:wordpress:3.2:beta1… |
3.3.2 |
2024-11-21 10:46 2014-01-21 |
Show | GitHub Exploit DB Packet Storm | |||
| 186 |
- 4.3 |
MEDIUM | Cross-site scripting (XSS) vulnerability in wp-includes/default-filters.php in WordPress before 3.3.3 allows remote attackers to inject arbitrary web script or HTML via an editable slug field. |
CWE-79
Cross-site Scripting |
CVE-2012-6633 |
cpe:2.3:a:wordpress:wordpress:3.3:* cpe:2.3:a:wordpress:wordpress:3.3.1:* cpe:2.3:a:wordpress:wordpress:3.2:beta1… |
3.3.2 |
2024-11-21 10:46 2014-01-21 |
Show | GitHub Exploit DB Packet Storm | |||
| 187 |
- 4.0 |
MEDIUM | wp-admin/press-this.php in WordPress before 3.0.6 does not enforce the publish_posts capability requirement, which allows remote authenticated users to perform publish actions by leveraging the Contr… |
CWE-264
Permissions, Privileges, and Access Controls |
CVE-2011-5270 |
cpe:2.3:a:wordpress:wordpress:3.0:* cpe:2.3:a:wordpress:wordpress:3.0.4:* cpe:2.3:a:wordpress:wordpress:3.0.3:* | 3.0.5 |
2024-11-21 10:34 2014-01-21 |
Show | GitHub Exploit DB Packet Storm | |||
| 188 |
- 2.1 |
LOW | WordPress before 3.0.1, when a Multisite installation is used, permanently retains the "site administrators can add users" option once changed, which might allow remote authenticated administrators t… |
CWE-264
Permissions, Privileges, and Access Controls |
CVE-2010-5297 |
cpe:2.3:a:wordpress:wordpress:2.9:* cpe:2.3:a:wordpress:wordpress:2.9.2:* cpe:2.3:a:wordpress:wordpress:2.9.1:* | 3.0 |
2024-11-21 10:22 2014-01-21 |
Show | GitHub Exploit DB Packet Storm | |||
| 189 |
- 4.9 |
MEDIUM | wp-includes/capabilities.php in WordPress before 3.0.2, when a Multisite configuration is used, does not require the Super Admin role for the delete_users capability, which allows remote authenticate… |
CWE-264
Permissions, Privileges, and Access Controls |
CVE-2010-5296 |
cpe:2.3:a:wordpress:wordpress:3.0:* cpe:2.3:a:wordpress:wordpress:2.9:* cpe:2.3:a:wordpress:wordpress:2.9.2:* … |
3.0.1 |
2024-11-21 10:22 2014-01-21 |
Show | GitHub Exploit DB Packet Storm | |||
| 190 |
- 4.3 |
MEDIUM | Cross-site scripting (XSS) vulnerability in wp-admin/plugins.php in WordPress before 3.0.2 might allow remote attackers to inject arbitrary web script or HTML via a plugin's author field, which is no… |
CWE-79
Cross-site Scripting |
CVE-2010-5295 |
cpe:2.3:a:wordpress:wordpress:3.0:* cpe:2.3:a:wordpress:wordpress:2.9:* cpe:2.3:a:wordpress:wordpress:2.9.2:* … |
3.0.1 |
2024-11-21 10:22 2014-01-21 |
Show | GitHub Exploit DB Packet Storm |