Software Detail
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
Number of items displayed
WordPress Number Of NVD 349 CRITICAL 17 HIGH 79 MEDIUM 235 LOW 18
URL https://wordpress.org/
Explanation It is an open source blogging software written in PHP.
It can be used not only for blogs, but also for personal and corporate web sites, and offers a large number of additional features and good-looking themes.
It may be the most used Content Management System (CMS) in the world.

There are many plugins, and if you have enough knowledge, you can build a site that can be used for commercial purposes.
However, since there are some vulnerabilities caused by plugins, you need to carefully select the right plugin to use.

Since security updates are not made for other than the latest version, it is officially announced that older versions cannot be used safely.
In some cases, security issues are fixed for older versions.
Since there are many plugins (additional functions) available for WordPress, you need to check each plugin for vulnerabilities and new versions.
Tag
  • GPL v2
  • PHP
  • オープンソース

Add Information URL
No Type Name URL
1 https://ja.wordpress.org/download/
2 https://github.com/wordpress/wordpress
3 https://wordpress.org/download/releases/
4 https://ja.wordpress.org/download/releases/
5 https://ja.wordpress.org/about/history/
6 https://wordpress.org/news/category/releases/
7 https://ja.wordpress.org/

List Of Product  [ Click to show release history and vulnerability information ]
No Name Latest Version Release date Initial release Normal Support Security Support
Service Pack Support
Extended
for a fee
Critical High Medium Low
191 wordpress 6 6.8.3 Sept. 30, 2025 Nov. 2, 2022 0 0 10 0
192 wordpress 5.9 5.9.5 Oct. 17, 2022 Jan. 25, 2022 0 0 10 0
193 wordpress 5.8 5.8.1 Sept. 9, 2021 July 21, 2021 0 3 13 0
194 wordpress 5.7 5.7.3 Sept. 9, 2021 March 10, 2021 2 4 14 0
195 WordPress 5.6 5.6.5 Sept. 9, 2021 Dec. 8, 2020 2 4 14 0
196 WordPress 5.5 5.5.6 Sept. 9, 2021 Aug. 11, 2020 7 5 16 0
197 WordPress 5.4 5.4.7 Sept. 9, 2021 April 28, 2020 7 7 24 2
198 WordPress 5.3 5.3.9 Sept. 11, 2021 Nov. 21, 2019 8 7 27 2
199 WordPress 5.2 5.2.12 Sept. 9, 2021 May 19, 2019 10 9 38 2
200 WordPress 5.1 5.1.11 Sept. 22, 2021 March 11, 2019 10 10 37 2
201 WordPress 5.0 5.0.14 Sept. 22, 2021 Dec. 10, 2018 11 12 43 2
202 WordPress 4.9 4.9.18 May 12, 2021 Nov. 17, 2017 11 17 49 2
203 WordPress 4.8 4.8.17 May 12, 2021 June 23, 2017 13 20 57 2
204 WordPress 4.7 4.7.18 June 11, 2020 Dec. 7, 2016 16 28 72 2
205 WordPress 4.6 4.6.19 June 11, 2020 Aug. 17, 2016 16 26 70 2
206 WordPress 4.5 4.5.22 June 11, 2020 April 14, 2016 16 33 76 2
207 WordPress 4.4 4.4.23 June 11, 2020 Dec. 9, 2015 16 36 78 2
208 WordPress 4.3 4.3.24 June 11, 2020 Aug. 19, 2015 16 36 81 2
209 WordPress 4.2 4.2.28 June 11, 2020 April 28, 2015 16 37 89 3
210 WordPress 4.1 4.1.31 June 11, 2020 Dec. 19, 2014 16 37 91 3
211 wordpress 4.0 4.0.38 Dec. 15, 2014 Dec. 15, 2014 16 37 97 3
212 WordPress 3.9 3.9.40 Nov. 30, 2022 April 17, 2014 16 38 102 4
213 WordPress 3.8 3.8.41 Nov. 30, 2022 Dec. 16, 2013 16 37 102 4
214 WordPress 3.7 3.7.5 Nov. 30, 2022 Oct. 25, 2013 16 37 102 4
215 wordpress 3.6 3.6.1 Sept. 11, 2013 Aug. 1, 2013 Jan. 1, 2000 15 37 94 4
216 wordpress 3.5 3.5.2 June 21, 2013 Nov. 11, 2012 Jan. 1, 2000 15 37 105 4
217 wordpress 3.4 3.4.2 Sept. 6, 2012 June 13, 2012 Jan. 1, 2000 15 37 108 7
218 wordpress 3.3 3.3.3 June 27, 2012 Dec. 12, 2011 Jan. 1, 2000 15 40 119 6
219 wordpress 3.2 3.2.1 July 12, 2011 July 4, 2011 Jan. 1, 2000 15 44 122 5
220 wordpress 3.1 3.1.4 June 29, 2011 Feb. 23, 2011 Jan. 1, 2000 15 44 125 5
221 wordpress 3.0 3.0.6 April 26, 2011 June 17, 2010 Jan. 1, 2000 15 40 132 7
222 wordpress 2.9 2.9.2 Feb. 15, 2010 Dec. 18, 2009 Jan. 1, 2000 15 39 133 7
223 wordpress 2.8 2.8.6 Nov. 12, 2009 June 11, 2009 Jan. 1, 2000 15 41 137 8
224 wordpress 2.7 2.7.1 Feb. 10, 2009 Dec. 10, 2008 Jan. 1, 2000 15 41 140 8
225 wordpress 2.6 2.6.5 Nov. 25, 2008 July 15, 2008 Jan. 1, 2000 15 44 143 8
226 wordpress 2.5 2.5.1 April 25, 2008 March 29, 2008 Jan. 1, 2000 15 46 143 8
227 wordpress 2.3 2.3.3 Feb. 5, 2008 Sept. 25, 2007 Jan. 1, 2000 16 46 147 9
228 wordpress 2.2 2.2.3 Sept. 24, 2007 Sept. 24, 2007 Jan. 1, 2000 16 48 158 9
229 wordpress 2.1 2.1.3 Sept. 24, 2007 Sept. 24, 2007 Jan. 1, 2000 16 51 157 9
230 wordpress 2.0 2.0.9 Sept. 24, 2007 Sept. 24, 2007 Jan. 1, 2000 16 55 180 9
231 wordpress 1.5 1.5.2 Sept. 24, 2007 Sept. 24, 2007 Jan. 1, 2000 16 58 173 8
232 wordpress 1.2 1.2.5 Sept. 24, 2007 Sept. 24, 2007 Jan. 1, 2000 15 55 175 8
233 wordpress 1.6 1.6.2 Jan. 1, 2000 16 49 161 8
234 wordpress 1.3 1.3.3 Jan. 1, 2000 15 49 164 8
235 wordpress 1.1 1.1.1 Jan. 1, 2000 15 49 163 8
236 wordpress 1.0 1.0.2 Sept. 24, 2007 Jan. 1, 2000 15 53 169 8
237 wordpress 0.72 0.72 Jan. 1, 2000 15 51 163 8
238 wordpress 0.711 0.711 Jan. 1, 2000 15 51 163 8
239 wordpress 0.71 0.71 Sept. 24, 2007 Jan. 1, 2000 15 53 167 8
NVD Vulnerability Information
  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW
No CVSS3
CVSS2
Level
Attach Vector
Title CWE CVE cpe23Uri or higher or less more than less than Update date
Published date
Show Affected Exploit
PoC
Search
191 -
4.3
MEDIUM Multiple cross-site scripting (XSS) vulnerabilities in the request_filesystem_credentials function in wp-admin/includes/file.php in WordPress before 3.0.2 allow remote servers to inject arbitrary web… CWE-79
Cross-site Scripting
CVE-2010-5294 cpe:2.3:a:wordpress:wordpress:3.0:*
cpe:2.3:a:wordpress:wordpress:2.9:*
cpe:2.3:a:wordpress:wordpress:2.9.2:*
3.0.1 2024-11-21 10:22
2014-01-21
Show GitHub Exploit DB Packet Storm
192 -
5.8
MEDIUM wp-includes/comment.php in WordPress before 3.0.2 does not properly whitelist trackbacks and pingbacks in the blogroll, which allows remote attackers to bypass intended spam restrictions via a crafte… CWE-264
Permissions, Privileges, and Access Controls
CVE-2010-5293 cpe:2.3:a:wordpress:wordpress:3.0:*
cpe:2.3:a:wordpress:wordpress:2.9:*
cpe:2.3:a:wordpress:wordpress:2.9.2:*
3.0.1 2024-11-21 10:22
2014-01-21
Show GitHub Exploit DB Packet Storm
193 -
5.0
MEDIUM Directory traversal vulnerability in download-file.php in the Advanced Dewplayer plugin 1.2 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the dew_file parameter. CWE-22
Path Traversal
CVE-2013-7240 cpe:2.3:a:wordpress:wordpress:-:* 2024-11-21 11:00
2014-01-4
Show GitHub Exploit DB Packet Storm
194 -
6.8
MEDIUM Cross-site request forgery (CSRF) vulnerability in the retrospam component in wp-admin/options-discussion.php in WordPress 2.0.11 and earlier allows remote attackers to hijack the authentication of a… CWE-352
 Origin Validation Error
CVE-2013-7233 cpe:2.3:a:wordpress:wordpress:2.0:*
cpe:2.3:a:wordpress:wordpress:2.0.9:*
cpe:2.3:a:wordpress:wordpress:2.0.8:*
2.0.11 2024-11-21 11:00
2013-12-30
Show GitHub Exploit DB Packet Storm
195 -
3.5
LOW The default configuration of WordPress before 3.6.1 does not prevent uploads of .swf and .exe files, which might make it easier for remote authenticated users to conduct cross-site scripting (XSS) at… CWE-79
Cross-site Scripting
CVE-2013-5739 cpe:2.3:a:wordpress:wordpress:*:* 3.6 2024-11-21 10:58
2013-09-12
Show GitHub Exploit DB Packet Storm
196 -
4.3
MEDIUM The get_allowed_mime_types function in wp-includes/functions.php in WordPress before 3.6.1 does not require the unfiltered_html capability for uploads of .htm and .html files, which might make it eas… CWE-20
 Improper Input Validation 
CVE-2013-5738 cpe:2.3:a:wordpress:wordpress:*:* 3.6 2024-11-21 10:58
2013-09-12
Show GitHub Exploit DB Packet Storm
197 -
3.5
LOW wp-admin/includes/post.php in WordPress before 3.6.1 allows remote authenticated users to spoof the authorship of a post by leveraging the Author role and providing a modified user_ID parameter. CWE-264
Permissions, Privileges, and Access Controls
CVE-2013-4340 cpe:2.3:a:wordpress:wordpress:*:* 3.6 2024-11-21 10:55
2013-09-12
Show GitHub Exploit DB Packet Storm
198 -
7.5
HIGH WordPress before 3.6.1 does not properly validate URLs before use in an HTTP redirect, which allows remote attackers to bypass intended redirection restrictions via a crafted string. CWE-20
 Improper Input Validation 
CVE-2013-4339 cpe:2.3:a:wordpress:wordpress:*:* 3.6 2024-11-21 10:55
2013-09-12
Show GitHub Exploit DB Packet Storm
199 -
7.5
HIGH wp-includes/functions.php in WordPress before 3.6.1 does not properly determine whether data has been serialized, which allows remote attackers to execute arbitrary code by triggering erroneous PHP u… CWE-94
Code Injection
CVE-2013-4338 cpe:2.3:a:wordpress:wordpress:*:* 3.6 2024-11-21 10:55
2013-09-12
Show GitHub Exploit DB Packet Storm
200 -
4.3
MEDIUM Cross-site scripting (XSS) vulnerability in swfupload.swf in SWFUpload 2.2.0.1 and earlier, as used in WordPress before 3.3.2, TinyMCE Image Manager 1.1, and other products, allows remote attackers t… CWE-79
Cross-site Scripting
CVE-2012-3414 cpe:2.3:a:wordpress:wordpress:3.3:*
cpe:2.3:a:wordpress:wordpress:3.2:*
cpe:2.3:a:wordpress:wordpress:3.2.1:*
3.3.1 2024-11-21 10:40
2013-07-19
Show GitHub Exploit DB Packet Storm