Software Detail
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
Number of items displayed
WordPress Number Of NVD 349 CRITICAL 17 HIGH 79 MEDIUM 235 LOW 18
URL https://wordpress.org/
Explanation It is an open source blogging software written in PHP.
It can be used not only for blogs, but also for personal and corporate web sites, and offers a large number of additional features and good-looking themes.
It may be the most used Content Management System (CMS) in the world.

There are many plugins, and if you have enough knowledge, you can build a site that can be used for commercial purposes.
However, since there are some vulnerabilities caused by plugins, you need to carefully select the right plugin to use.

Since security updates are not made for other than the latest version, it is officially announced that older versions cannot be used safely.
In some cases, security issues are fixed for older versions.
Since there are many plugins (additional functions) available for WordPress, you need to check each plugin for vulnerabilities and new versions.
Tag
  • GPL v2
  • PHP
  • オープンソース

Add Information URL
No Type Name URL
1 https://ja.wordpress.org/download/
2 https://github.com/wordpress/wordpress
3 https://wordpress.org/download/releases/
4 https://ja.wordpress.org/download/releases/
5 https://ja.wordpress.org/about/history/
6 https://wordpress.org/news/category/releases/
7 https://ja.wordpress.org/

List Of Product  [ Click to show release history and vulnerability information ]
No Name Latest Version Release date Initial release Normal Support Security Support
Service Pack Support
Extended
for a fee
Critical High Medium Low
181 wordpress 6 6.8.3 Sept. 30, 2025 Nov. 2, 2022 0 0 10 0
182 wordpress 5.9 5.9.5 Oct. 17, 2022 Jan. 25, 2022 0 0 10 0
183 wordpress 5.8 5.8.1 Sept. 9, 2021 July 21, 2021 0 3 13 0
184 wordpress 5.7 5.7.3 Sept. 9, 2021 March 10, 2021 2 4 14 0
185 WordPress 5.6 5.6.5 Sept. 9, 2021 Dec. 8, 2020 2 4 14 0
186 WordPress 5.5 5.5.6 Sept. 9, 2021 Aug. 11, 2020 7 5 16 0
187 WordPress 5.4 5.4.7 Sept. 9, 2021 April 28, 2020 7 7 24 2
188 WordPress 5.3 5.3.9 Sept. 11, 2021 Nov. 21, 2019 8 7 27 2
189 WordPress 5.2 5.2.12 Sept. 9, 2021 May 19, 2019 10 9 38 2
190 WordPress 5.1 5.1.11 Sept. 22, 2021 March 11, 2019 10 10 37 2
191 WordPress 5.0 5.0.14 Sept. 22, 2021 Dec. 10, 2018 11 12 43 2
192 WordPress 4.9 4.9.18 May 12, 2021 Nov. 17, 2017 11 17 49 2
193 WordPress 4.8 4.8.17 May 12, 2021 June 23, 2017 13 20 57 2
194 WordPress 4.7 4.7.18 June 11, 2020 Dec. 7, 2016 16 28 72 2
195 WordPress 4.6 4.6.19 June 11, 2020 Aug. 17, 2016 16 26 70 2
196 WordPress 4.5 4.5.22 June 11, 2020 April 14, 2016 16 33 76 2
197 WordPress 4.4 4.4.23 June 11, 2020 Dec. 9, 2015 16 36 78 2
198 WordPress 4.3 4.3.24 June 11, 2020 Aug. 19, 2015 16 36 81 2
199 WordPress 4.2 4.2.28 June 11, 2020 April 28, 2015 16 37 89 3
200 WordPress 4.1 4.1.31 June 11, 2020 Dec. 19, 2014 16 37 91 3
201 wordpress 4.0 4.0.38 Dec. 15, 2014 Dec. 15, 2014 16 37 97 3
202 WordPress 3.9 3.9.40 Nov. 30, 2022 April 17, 2014 16 38 102 4
203 WordPress 3.8 3.8.41 Nov. 30, 2022 Dec. 16, 2013 16 37 102 4
204 WordPress 3.7 3.7.5 Nov. 30, 2022 Oct. 25, 2013 16 37 102 4
205 wordpress 3.6 3.6.1 Sept. 11, 2013 Aug. 1, 2013 Jan. 1, 2000 15 37 94 4
206 wordpress 3.5 3.5.2 June 21, 2013 Nov. 11, 2012 Jan. 1, 2000 15 37 105 4
207 wordpress 3.4 3.4.2 Sept. 6, 2012 June 13, 2012 Jan. 1, 2000 15 37 108 7
208 wordpress 3.3 3.3.3 June 27, 2012 Dec. 12, 2011 Jan. 1, 2000 15 40 119 6
209 wordpress 3.2 3.2.1 July 12, 2011 July 4, 2011 Jan. 1, 2000 15 44 122 5
210 wordpress 3.1 3.1.4 June 29, 2011 Feb. 23, 2011 Jan. 1, 2000 15 44 125 5
211 wordpress 3.0 3.0.6 April 26, 2011 June 17, 2010 Jan. 1, 2000 15 40 132 7
212 wordpress 2.9 2.9.2 Feb. 15, 2010 Dec. 18, 2009 Jan. 1, 2000 15 39 133 7
213 wordpress 2.8 2.8.6 Nov. 12, 2009 June 11, 2009 Jan. 1, 2000 15 41 137 8
214 wordpress 2.7 2.7.1 Feb. 10, 2009 Dec. 10, 2008 Jan. 1, 2000 15 41 140 8
215 wordpress 2.6 2.6.5 Nov. 25, 2008 July 15, 2008 Jan. 1, 2000 15 44 143 8
216 wordpress 2.5 2.5.1 April 25, 2008 March 29, 2008 Jan. 1, 2000 15 46 143 8
217 wordpress 2.3 2.3.3 Feb. 5, 2008 Sept. 25, 2007 Jan. 1, 2000 16 46 147 9
218 wordpress 2.2 2.2.3 Sept. 24, 2007 Sept. 24, 2007 Jan. 1, 2000 16 48 158 9
219 wordpress 2.1 2.1.3 Sept. 24, 2007 Sept. 24, 2007 Jan. 1, 2000 16 51 157 9
220 wordpress 2.0 2.0.9 Sept. 24, 2007 Sept. 24, 2007 Jan. 1, 2000 16 55 180 9
221 wordpress 1.5 1.5.2 Sept. 24, 2007 Sept. 24, 2007 Jan. 1, 2000 16 58 173 8
222 wordpress 1.2 1.2.5 Sept. 24, 2007 Sept. 24, 2007 Jan. 1, 2000 15 55 175 8
223 wordpress 1.6 1.6.2 Jan. 1, 2000 16 49 161 8
224 wordpress 1.3 1.3.3 Jan. 1, 2000 15 49 164 8
225 wordpress 1.1 1.1.1 Jan. 1, 2000 15 49 163 8
226 wordpress 1.0 1.0.2 Sept. 24, 2007 Jan. 1, 2000 15 53 169 8
227 wordpress 0.72 0.72 Jan. 1, 2000 15 51 163 8
228 wordpress 0.711 0.711 Jan. 1, 2000 15 51 163 8
229 wordpress 0.71 0.71 Sept. 24, 2007 Jan. 1, 2000 15 53 167 8
NVD Vulnerability Information
  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW
No CVSS3
CVSS2
Level
Attach Vector
Title CWE CVE cpe23Uri or higher or less more than less than Update date
Published date
Show Affected Exploit
PoC
Search
181 -
7.5
HIGH wp-includes/class-wp-customize-widgets.php in the widget implementation in WordPress 3.9.x before 3.9.2 might allow remote attackers to execute arbitrary code via crafted serialized data. NVD-CWE-noinfo
CVE-2014-5203 cpe:2.3:a:wordpress:wordpress:3.9.1:*
cpe:2.3:a:wordpress:wordpress:3.9.0:*
2024-11-21 11:11
2014-08-18
Show GitHub Exploit DB Packet Storm
182 -
6.4
MEDIUM The wp_validate_auth_cookie function in wp-includes/pluggable.php in WordPress before 3.7.2 and 3.8.x before 3.8.2 does not properly determine the validity of authentication cookies, which makes it e… CWE-287
Improper Authentication
CVE-2014-0166 cpe:2.3:a:wordpress:wordpress:3.8:*
cpe:2.3:a:wordpress:wordpress:3.8.1:*
cpe:2.3:a:wordpress:wordpress:3.7:*
3.7.1 2024-11-21 11:01
2014-04-10
Show GitHub Exploit DB Packet Storm
183 -
4.0
MEDIUM WordPress before 3.7.2 and 3.8.x before 3.8.2 allows remote authenticated users to publish posts by leveraging the Contributor role, related to wp-admin/includes/post.php and wp-admin/includes/class-… CWE-264
Permissions, Privileges, and Access Controls
CVE-2014-0165 cpe:2.3:a:wordpress:wordpress:3.8:*
cpe:2.3:a:wordpress:wordpress:3.8.1:*
cpe:2.3:a:wordpress:wordpress:3.7:*
3.7.1 2024-11-21 11:01
2014-04-10
Show GitHub Exploit DB Packet Storm
184 -
4.0
MEDIUM wp-admin/includes/class-wp-posts-list-table.php in WordPress before 3.3.3 does not properly restrict excerpt-view access, which allows remote authenticated users to obtain sensitive information by vi… CWE-264
Permissions, Privileges, and Access Controls
CVE-2012-6635 cpe:2.3:a:wordpress:wordpress:3.3:*
cpe:2.3:a:wordpress:wordpress:3.3.1:*
cpe:2.3:a:wordpress:wordpress:3.2:beta1…
3.3.2 2024-11-21 10:46
2014-01-21
Show GitHub Exploit DB Packet Storm
185 -
6.4
MEDIUM wp-admin/media-upload.php in WordPress before 3.3.3 allows remote attackers to obtain sensitive information or bypass intended media-attachment restrictions via a post_id value. CWE-264
Permissions, Privileges, and Access Controls
CVE-2012-6634 cpe:2.3:a:wordpress:wordpress:3.3:*
cpe:2.3:a:wordpress:wordpress:3.3.1:*
cpe:2.3:a:wordpress:wordpress:3.2:beta1…
3.3.2 2024-11-21 10:46
2014-01-21
Show GitHub Exploit DB Packet Storm
186 -
4.3
MEDIUM Cross-site scripting (XSS) vulnerability in wp-includes/default-filters.php in WordPress before 3.3.3 allows remote attackers to inject arbitrary web script or HTML via an editable slug field. CWE-79
Cross-site Scripting
CVE-2012-6633 cpe:2.3:a:wordpress:wordpress:3.3:*
cpe:2.3:a:wordpress:wordpress:3.3.1:*
cpe:2.3:a:wordpress:wordpress:3.2:beta1…
3.3.2 2024-11-21 10:46
2014-01-21
Show GitHub Exploit DB Packet Storm
187 -
4.0
MEDIUM wp-admin/press-this.php in WordPress before 3.0.6 does not enforce the publish_posts capability requirement, which allows remote authenticated users to perform publish actions by leveraging the Contr… CWE-264
Permissions, Privileges, and Access Controls
CVE-2011-5270 cpe:2.3:a:wordpress:wordpress:3.0:*
cpe:2.3:a:wordpress:wordpress:3.0.4:*
cpe:2.3:a:wordpress:wordpress:3.0.3:*
3.0.5 2024-11-21 10:34
2014-01-21
Show GitHub Exploit DB Packet Storm
188 -
2.1
LOW WordPress before 3.0.1, when a Multisite installation is used, permanently retains the "site administrators can add users" option once changed, which might allow remote authenticated administrators t… CWE-264
Permissions, Privileges, and Access Controls
CVE-2010-5297 cpe:2.3:a:wordpress:wordpress:2.9:*
cpe:2.3:a:wordpress:wordpress:2.9.2:*
cpe:2.3:a:wordpress:wordpress:2.9.1:*
3.0 2024-11-21 10:22
2014-01-21
Show GitHub Exploit DB Packet Storm
189 -
4.9
MEDIUM wp-includes/capabilities.php in WordPress before 3.0.2, when a Multisite configuration is used, does not require the Super Admin role for the delete_users capability, which allows remote authenticate… CWE-264
Permissions, Privileges, and Access Controls
CVE-2010-5296 cpe:2.3:a:wordpress:wordpress:3.0:*
cpe:2.3:a:wordpress:wordpress:2.9:*
cpe:2.3:a:wordpress:wordpress:2.9.2:*
3.0.1 2024-11-21 10:22
2014-01-21
Show GitHub Exploit DB Packet Storm
190 -
4.3
MEDIUM Cross-site scripting (XSS) vulnerability in wp-admin/plugins.php in WordPress before 3.0.2 might allow remote attackers to inject arbitrary web script or HTML via a plugin's author field, which is no… CWE-79
Cross-site Scripting
CVE-2010-5295 cpe:2.3:a:wordpress:wordpress:3.0:*
cpe:2.3:a:wordpress:wordpress:2.9:*
cpe:2.3:a:wordpress:wordpress:2.9.2:*
3.0.1 2024-11-21 10:22
2014-01-21
Show GitHub Exploit DB Packet Storm