Software Detail

Software Informaton Top

CMS

Software Detail

WordPress

Number Of NVD

349

CRITICAL

HIGH

MEDIUM

235

LOW

URL	https://wordpress.org/
Explanation	It is an open source blogging software written in PHP. It can be used not only for blogs, but also for personal and corporate web sites, and offers a large number of additional features and good-looking themes. It may be the most used Content Management System (CMS) in the world. There are many plugins, and if you have enough knowledge, you can build a site that can be used for commercial purposes. However, since there are some vulnerabilities caused by plugins, you need to carefully select the right plugin to use. Since security updates are not made for other than the latest version, it is officially announced that older versions cannot be used safely. In some cases, security issues are fixed for older versions. Since there are many plugins (additional functions) available for WordPress, you need to check each plugin for vulnerabilities and new versions.
Tag	オープンソース GPL v2 PHP

Add Information URL

No	Type	Name	URL
1			https://ja.wordpress.org/download/
2			https://github.com/wordpress/wordpress
3			https://wordpress.org/download/releases/
4			https://ja.wordpress.org/download/releases/
5			https://ja.wordpress.org/about/history/
6			https://wordpress.org/news/category/releases/
7			https://ja.wordpress.org/

List Of Product [ Click to show release history and vulnerability information ]

No	Name	Latest Version	Release date	Initial release	Normal Support	Critical	High	Medium	Low
201	wordpress 6	6.8.3	Sept. 30, 2025	Nov. 2, 2022		0	0	10	0
202	wordpress 5.9	5.9.5	Oct. 17, 2022	Jan. 25, 2022		0	0	10	0
203	wordpress 5.8	5.8.1	Sept. 9, 2021	July 21, 2021		0	3	13	0
204	wordpress 5.7	5.7.3	Sept. 9, 2021	March 10, 2021		2	4	14	0
205	WordPress 5.6	5.6.5	Sept. 9, 2021	Dec. 8, 2020		2	4	14	0
206	WordPress 5.5	5.5.6	Sept. 9, 2021	Aug. 11, 2020		7	5	16	0
207	WordPress 5.4	5.4.7	Sept. 9, 2021	April 28, 2020		7	7	24	2
208	WordPress 5.3	5.3.9	Sept. 11, 2021	Nov. 21, 2019		8	7	27	2
209	WordPress 5.2	5.2.12	Sept. 9, 2021	May 19, 2019		10	9	38	2
210	WordPress 5.1	5.1.11	Sept. 22, 2021	March 11, 2019		10	10	37	2
211	WordPress 5.0	5.0.14	Sept. 22, 2021	Dec. 10, 2018		11	12	43	2
212	WordPress 4.9	4.9.18	May 12, 2021	Nov. 17, 2017		11	17	49	2
213	WordPress 4.8	4.8.17	May 12, 2021	June 23, 2017		13	20	57	2
214	WordPress 4.7	4.7.18	June 11, 2020	Dec. 7, 2016		16	28	72	2
215	WordPress 4.6	4.6.19	June 11, 2020	Aug. 17, 2016		16	26	70	2
216	WordPress 4.5	4.5.22	June 11, 2020	April 14, 2016		16	33	76	2
217	WordPress 4.4	4.4.23	June 11, 2020	Dec. 9, 2015		16	36	78	2
218	WordPress 4.3	4.3.24	June 11, 2020	Aug. 19, 2015		16	36	81	2
219	WordPress 4.2	4.2.28	June 11, 2020	April 28, 2015		16	37	89	3
220	WordPress 4.1	4.1.31	June 11, 2020	Dec. 19, 2014		16	37	91	3
221	wordpress 4.0	4.0.38	Dec. 15, 2014	Dec. 15, 2014		16	37	97	3
222	WordPress 3.9	3.9.40	Nov. 30, 2022	April 17, 2014		16	38	102	4
223	WordPress 3.8	3.8.41	Nov. 30, 2022	Dec. 16, 2013		16	37	102	4
224	WordPress 3.7	3.7.5	Nov. 30, 2022	Oct. 25, 2013		16	37	102	4
225	wordpress 3.6	3.6.1	Sept. 11, 2013	Aug. 1, 2013	Jan. 1, 2000	15	37	94	4
226	wordpress 3.5	3.5.2	June 21, 2013	Nov. 11, 2012	Jan. 1, 2000	15	37	105	4
227	wordpress 3.4	3.4.2	Sept. 6, 2012	June 13, 2012	Jan. 1, 2000	15	37	108	7
228	wordpress 3.3	3.3.3	June 27, 2012	Dec. 12, 2011	Jan. 1, 2000	15	40	119	6
229	wordpress 3.2	3.2.1	July 12, 2011	July 4, 2011	Jan. 1, 2000	15	44	122	5
230	wordpress 3.1	3.1.4	June 29, 2011	Feb. 23, 2011	Jan. 1, 2000	15	44	125	5
231	wordpress 3.0	3.0.6	April 26, 2011	June 17, 2010	Jan. 1, 2000	15	40	132	7
232	wordpress 2.9	2.9.2	Feb. 15, 2010	Dec. 18, 2009	Jan. 1, 2000	15	39	133	7
233	wordpress 2.8	2.8.6	Nov. 12, 2009	June 11, 2009	Jan. 1, 2000	15	41	137	8
234	wordpress 2.7	2.7.1	Feb. 10, 2009	Dec. 10, 2008	Jan. 1, 2000	15	41	140	8
235	wordpress 2.6	2.6.5	Nov. 25, 2008	July 15, 2008	Jan. 1, 2000	15	44	143	8
236	wordpress 2.5	2.5.1	April 25, 2008	March 29, 2008	Jan. 1, 2000	15	46	143	8
237	wordpress 2.3	2.3.3	Feb. 5, 2008	Sept. 25, 2007	Jan. 1, 2000	16	46	147	9
238	wordpress 2.2	2.2.3	Sept. 24, 2007	Sept. 24, 2007	Jan. 1, 2000	16	48	158	9
239	wordpress 2.1	2.1.3	Sept. 24, 2007	Sept. 24, 2007	Jan. 1, 2000	16	51	157	9
240	wordpress 2.0	2.0.9	Sept. 24, 2007	Sept. 24, 2007	Jan. 1, 2000	16	55	180	9
241	wordpress 1.5	1.5.2	Sept. 24, 2007	Sept. 24, 2007	Jan. 1, 2000	16	58	173	8
242	wordpress 1.2	1.2.5	Sept. 24, 2007	Sept. 24, 2007	Jan. 1, 2000	15	55	175	8
243	wordpress 1.6	1.6.2			Jan. 1, 2000	16	49	161	8
244	wordpress 1.3	1.3.3			Jan. 1, 2000	15	49	164	8
245	wordpress 1.1	1.1.1			Jan. 1, 2000	15	49	163	8
246	wordpress 1.0	1.0.2	Sept. 24, 2007		Jan. 1, 2000	15	53	169	8
247	wordpress 0.72	0.72			Jan. 1, 2000	15	51	163	8
248	wordpress 0.711	0.711			Jan. 1, 2000	15	51	163	8
249	wordpress 0.71	0.71	Sept. 24, 2007		Jan. 1, 2000	15	53	167	8

NVD Vulnerability Information

CRITICAL
HIGH
MEDIUM
LOW

No	CVSS3 CVSS2	Level Attach Vector	Title	CWE	CVE	cpe23Uri	or less	Update date Published date	Show Affected	Exploit PoC Search
201	- 4.3	MEDIUM	The default configuration of SWFUpload in WordPress before 3.5.2 has an unrestrictive security.allowDomain setting, which allows remote attackers to bypass the Same Origin Policy and conduct cross-si…	CWE-79 CWE-16 Cross-site Scripting Configuration	CVE-2013-2205	cpe:2.3:a:wordpress:wordpress:3.5.0:* cpe:2.3:a:wordpress:wordpress:3.4.2:* cpe:2.3:a:wordpress:wordpress:3.4.1:*…	3.5.1	2024-11-21 10:51 2013-07-9	Show	GitHub Exploit DB Packet Storm

202	- 4.3	MEDIUM	moxieplayer.as in Moxiecode moxieplayer, as used in the TinyMCE Media plugin in WordPress before 3.5.2 and other products, does not consider the presence of a # (pound sign) character during extracti…	CWE-20 Improper Input Validation	CVE-2013-2204	cpe:2.3:a:wordpress:wordpress:3.5.0:* cpe:2.3:a:wordpress:wordpress:3.4.2:* cpe:2.3:a:wordpress:wordpress:3.4.1:*…	3.5.1	2024-11-21 10:51 2013-07-9	Show	GitHub Exploit DB Packet Storm

203	- 4.3	MEDIUM	WordPress before 3.5.2, when the uploads directory forbids write access, allows remote attackers to obtain sensitive information via an invalid upload request, which reveals the absolute path in an X…	CWE-264 Permissions, Privileges, and Access Controls	CVE-2013-2203	cpe:2.3:a:wordpress:wordpress:3.5.0:* cpe:2.3:a:wordpress:wordpress:3.4.2:* cpe:2.3:a:wordpress:wordpress:3.4.1:*…	3.5.1	2024-11-21 10:51 2013-07-9	Show	GitHub Exploit DB Packet Storm

204	- 4.3	MEDIUM	WordPress before 3.5.2 allows remote attackers to read arbitrary files via an oEmbed XML provider response containing an external entity declaration in conjunction with an entity reference, related t…	CWE-200 Information Exposure	CVE-2013-2202	cpe:2.3:a:wordpress:wordpress:3.5.0:* cpe:2.3:a:wordpress:wordpress:3.4.2:* cpe:2.3:a:wordpress:wordpress:3.4.1:*…	3.5.1	2024-11-21 10:51 2013-07-9	Show	GitHub Exploit DB Packet Storm

205	- 4.3	MEDIUM	Multiple cross-site scripting (XSS) vulnerabilities in WordPress before 3.5.2 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) uploads of media files, (2) editi…	CWE-79 Cross-site Scripting	CVE-2013-2201	cpe:2.3:a:wordpress:wordpress:3.5.0:* cpe:2.3:a:wordpress:wordpress:3.4.2:* cpe:2.3:a:wordpress:wordpress:3.4.1:*…	3.5.1	2024-11-21 10:51 2013-07-9	Show	GitHub Exploit DB Packet Storm

206	- 4.0	MEDIUM	WordPress before 3.5.2 does not properly check the capabilities of roles, which allows remote authenticated users to bypass intended restrictions on publishing and authorship reassignment via unspeci…	CWE-264 Permissions, Privileges, and Access Controls	CVE-2013-2200	cpe:2.3:a:wordpress:wordpress:3.5.0:* cpe:2.3:a:wordpress:wordpress:3.4.2:* cpe:2.3:a:wordpress:wordpress:3.4.1:*…	3.5.1	2024-11-21 10:51 2013-07-9	Show	GitHub Exploit DB Packet Storm

207	- 4.3	MEDIUM	The HTTP API in WordPress before 3.5.2 allows remote attackers to send HTTP requests to intranet servers via unspecified vectors, related to a Server-Side Request Forgery (SSRF) issue, a similar vuln…	CWE-264 Permissions, Privileges, and Access Controls	CVE-2013-2199	cpe:2.3:a:wordpress:wordpress:3.5.0:* cpe:2.3:a:wordpress:wordpress:3.4.2:* cpe:2.3:a:wordpress:wordpress:3.4.1:*…	3.5.1	2024-11-21 10:51 2013-07-9	Show	GitHub Exploit DB Packet Storm

208	- 4.3	MEDIUM	Cross-site scripting (XSS) vulnerability in Plupload.as in Moxiecode plupload before 1.5.5, as used in WordPress before 3.5.1 and other products, allows remote attackers to inject arbitrary web scrip…	CWE-79 Cross-site Scripting	CVE-2013-0237	cpe:2.3:a:wordpress:wordpress:3.4.2:* cpe:2.3:a:wordpress:wordpress:3.4.1:* cpe:2.3:a:wordpress:wordpress:3.4.0:*…	3.5.0	2024-11-21 10:47 2013-07-9	Show	GitHub Exploit DB Packet Storm

209	- 4.3	MEDIUM	Multiple cross-site scripting (XSS) vulnerabilities in WordPress before 3.5.1 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) gallery shortcodes or (2) the con…	CWE-79 Cross-site Scripting	CVE-2013-0236	cpe:2.3:a:wordpress:wordpress:3.4.2:* cpe:2.3:a:wordpress:wordpress:3.4.1:* cpe:2.3:a:wordpress:wordpress:3.4.0:*…	3.5.0	2024-11-21 10:47 2013-07-9	Show	GitHub Exploit DB Packet Storm

210	- 6.4	MEDIUM	The XMLRPC API in WordPress before 3.5.1 allows remote attackers to send HTTP requests to intranet servers, and conduct port-scanning attacks, by specifying a crafted source URL for a pingback, relat…	NVD-CWE-Other	CVE-2013-0235	cpe:2.3:a:wordpress:wordpress:3.4.2:* cpe:2.3:a:wordpress:wordpress:3.4.1:* cpe:2.3:a:wordpress:wordpress:3.4.0:*…	3.5.0	2024-11-21 10:47 2013-07-9	Show	GitHub Exploit DB Packet Storm