Software Detail
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
Number of items displayed
WordPress Number Of NVD 349 CRITICAL 17 HIGH 79 MEDIUM 235 LOW 18
URL https://wordpress.org/
Explanation It is an open source blogging software written in PHP.
It can be used not only for blogs, but also for personal and corporate web sites, and offers a large number of additional features and good-looking themes.
It may be the most used Content Management System (CMS) in the world.

There are many plugins, and if you have enough knowledge, you can build a site that can be used for commercial purposes.
However, since there are some vulnerabilities caused by plugins, you need to carefully select the right plugin to use.

Since security updates are not made for other than the latest version, it is officially announced that older versions cannot be used safely.
In some cases, security issues are fixed for older versions.
Since there are many plugins (additional functions) available for WordPress, you need to check each plugin for vulnerabilities and new versions.
Tag
  • オープンソース
  • GPL v2
  • PHP
Add Information URL
No Type Name URL
1 https://ja.wordpress.org/download/
2 https://github.com/wordpress/wordpress
3 https://wordpress.org/download/releases/
4 https://ja.wordpress.org/download/releases/
5 https://ja.wordpress.org/about/history/
6 https://wordpress.org/news/category/releases/
7 https://ja.wordpress.org/
List Of Product  [ Click to show release history and vulnerability information ]
No Name Latest Version Release date Initial release Normal Support Security Support
Service Pack Support		 Extended
for a fee		 Critical High Medium Low
211 wordpress 6 6.8.3 Sept. 30, 2025 Nov. 2, 2022 0 0 10 0
212 wordpress 5.9 5.9.5 Oct. 17, 2022 Jan. 25, 2022 0 0 10 0
213 wordpress 5.8 5.8.1 Sept. 9, 2021 July 21, 2021 0 3 13 0
214 wordpress 5.7 5.7.3 Sept. 9, 2021 March 10, 2021 2 4 14 0
215 WordPress 5.6 5.6.5 Sept. 9, 2021 Dec. 8, 2020 2 4 14 0
216 WordPress 5.5 5.5.6 Sept. 9, 2021 Aug. 11, 2020 7 5 16 0
217 WordPress 5.4 5.4.7 Sept. 9, 2021 April 28, 2020 7 7 24 2
218 WordPress 5.3 5.3.9 Sept. 11, 2021 Nov. 21, 2019 8 7 27 2
219 WordPress 5.2 5.2.12 Sept. 9, 2021 May 19, 2019 10 9 38 2
220 WordPress 5.1 5.1.11 Sept. 22, 2021 March 11, 2019 10 10 37 2
221 WordPress 5.0 5.0.14 Sept. 22, 2021 Dec. 10, 2018 11 12 43 2
222 WordPress 4.9 4.9.18 May 12, 2021 Nov. 17, 2017 11 17 49 2
223 WordPress 4.8 4.8.17 May 12, 2021 June 23, 2017 13 20 57 2
224 WordPress 4.7 4.7.18 June 11, 2020 Dec. 7, 2016 16 28 72 2
225 WordPress 4.6 4.6.19 June 11, 2020 Aug. 17, 2016 16 26 70 2
226 WordPress 4.5 4.5.22 June 11, 2020 April 14, 2016 16 33 76 2
227 WordPress 4.4 4.4.23 June 11, 2020 Dec. 9, 2015 16 36 78 2
228 WordPress 4.3 4.3.24 June 11, 2020 Aug. 19, 2015 16 36 81 2
229 WordPress 4.2 4.2.28 June 11, 2020 April 28, 2015 16 37 89 3
230 WordPress 4.1 4.1.31 June 11, 2020 Dec. 19, 2014 16 37 91 3
231 wordpress 4.0 4.0.38 Dec. 15, 2014 Dec. 15, 2014 16 37 97 3
232 WordPress 3.9 3.9.40 Nov. 30, 2022 April 17, 2014 16 38 102 4
233 WordPress 3.8 3.8.41 Nov. 30, 2022 Dec. 16, 2013 16 37 102 4
234 WordPress 3.7 3.7.5 Nov. 30, 2022 Oct. 25, 2013 16 37 102 4
235 wordpress 3.6 3.6.1 Sept. 11, 2013 Aug. 1, 2013 Jan. 1, 2000 15 37 94 4
236 wordpress 3.5 3.5.2 June 21, 2013 Nov. 11, 2012 Jan. 1, 2000 15 37 105 4
237 wordpress 3.4 3.4.2 Sept. 6, 2012 June 13, 2012 Jan. 1, 2000 15 37 108 7
238 wordpress 3.3 3.3.3 June 27, 2012 Dec. 12, 2011 Jan. 1, 2000 15 40 119 6
239 wordpress 3.2 3.2.1 July 12, 2011 July 4, 2011 Jan. 1, 2000 15 44 122 5
240 wordpress 3.1 3.1.4 June 29, 2011 Feb. 23, 2011 Jan. 1, 2000 15 44 125 5
241 wordpress 3.0 3.0.6 April 26, 2011 June 17, 2010 Jan. 1, 2000 15 40 132 7
242 wordpress 2.9 2.9.2 Feb. 15, 2010 Dec. 18, 2009 Jan. 1, 2000 15 39 133 7
243 wordpress 2.8 2.8.6 Nov. 12, 2009 June 11, 2009 Jan. 1, 2000 15 41 137 8
244 wordpress 2.7 2.7.1 Feb. 10, 2009 Dec. 10, 2008 Jan. 1, 2000 15 41 140 8
245 wordpress 2.6 2.6.5 Nov. 25, 2008 July 15, 2008 Jan. 1, 2000 15 44 143 8
246 wordpress 2.5 2.5.1 April 25, 2008 March 29, 2008 Jan. 1, 2000 15 46 143 8
247 wordpress 2.3 2.3.3 Feb. 5, 2008 Sept. 25, 2007 Jan. 1, 2000 16 46 147 9
248 wordpress 2.2 2.2.3 Sept. 24, 2007 Sept. 24, 2007 Jan. 1, 2000 16 48 158 9
249 wordpress 2.1 2.1.3 Sept. 24, 2007 Sept. 24, 2007 Jan. 1, 2000 16 51 157 9
250 wordpress 2.0 2.0.9 Sept. 24, 2007 Sept. 24, 2007 Jan. 1, 2000 16 55 180 9
251 wordpress 1.5 1.5.2 Sept. 24, 2007 Sept. 24, 2007 Jan. 1, 2000 16 58 173 8
252 wordpress 1.2 1.2.5 Sept. 24, 2007 Sept. 24, 2007 Jan. 1, 2000 15 55 175 8
253 wordpress 1.6 1.6.2 Jan. 1, 2000 16 49 161 8
254 wordpress 1.3 1.3.3 Jan. 1, 2000 15 49 164 8
255 wordpress 1.1 1.1.1 Jan. 1, 2000 15 49 163 8
256 wordpress 1.0 1.0.2 Sept. 24, 2007 Jan. 1, 2000 15 53 169 8
257 wordpress 0.72 0.72 Jan. 1, 2000 15 51 163 8
258 wordpress 0.711 0.711 Jan. 1, 2000 15 51 163 8
259 wordpress 0.71 0.71 Sept. 24, 2007 Jan. 1, 2000 15 53 167 8
NVD Vulnerability Information
  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW
No CVSS3
CVSS2		 Level
Attach Vector		 Title CWE CVE cpe23Uri or higher or less more than less than Update date
Published date		 Show Affected Exploit
PoC
Search
211 -
4.3 		MEDIUM wp-includes/class-phpass.php in WordPress 3.5.1, when a password-protected post exists, allows remote attackers to cause a denial of service (CPU consumption) via a crafted value of a certain wp-post… CWE-310
Cryptographic Issues 		CVE-2013-2173 cpe:2.3:a:wordpress:wordpress:3.5.1:* 2024-11-21 10:51
2013-06-21 		Show GitHub Exploit DB Packet Storm
212 -
2.6 		LOW Cross-site scripting (XSS) vulnerability in the My Calendar plugin before 1.10.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. CWE-79
Cross-site Scripting 		CVE-2012-6527 cpe:2.3:a:wordpress:wordpress:-:* 2024-11-21 10:46
2013-01-31 		Show GitHub Exploit DB Packet Storm
213 -
2.6 		LOW WordPress 3.4.2 does not invalidate a wordpress_sec session cookie upon an administrator's logout action, which makes it easier for remote attackers to discover valid session identifiers via a brute-… CWE-200
Information Exposure 		CVE-2012-5868 cpe:2.3:a:wordpress:wordpress:3.4.2:* 2024-11-21 10:45
2012-12-27 		Show GitHub Exploit DB Packet Storm
214 -
7.5 		HIGH SQL injection vulnerability in ajax.php in SCORM Cloud For WordPress plugin before 1.0.7 for WordPress allows remote attackers to execute arbitrary SQL commands via the active parameter. NOTE: some … CWE-89
SQL Injection 		CVE-2011-5216 cpe:2.3:a:wordpress:wordpress:-:* 2024-11-21 10:33
2012-10-26 		Show GitHub Exploit DB Packet Storm
215 -
6.8 		MEDIUM Cross-site request forgery (CSRF) vulnerability in wp-admin/index.php in WordPress 3.4.2 allows remote attackers to hijack the authentication of administrators for requests that modify an RSS URL via… CWE-352
 Origin Validation Error 		CVE-2012-4448 cpe:2.3:a:wordpress:wordpress:3.4.2:* 2024-11-21 10:42
2012-09-29 		Show GitHub Exploit DB Packet Storm
216 -
3.5 		LOW wp-admin/plugins.php in WordPress before 3.4.2, when the multisite feature is enabled, does not check for network-administrator privileges before performing a network-wide activation of an installed … CWE-264
Permissions, Privileges, and Access Controls 		CVE-2012-4422 cpe:2.3:a:wordpress:wordpress:3.4.0:*
cpe:2.3:a:wordpress:wordpress:3.3:*
cpe:2.3:a:wordpress:wordpress:3.3.3:* 		3.4.1 2024-11-21 10:42
2012-09-15 		Show GitHub Exploit DB Packet Storm
217 -
4.0 		MEDIUM The create_post function in wp-includes/class-wp-atom-server.php in WordPress before 3.4.2 does not perform a capability check, which allows remote authenticated users to bypass intended access restr… CWE-264
Permissions, Privileges, and Access Controls 		CVE-2012-4421 cpe:2.3:a:wordpress:wordpress:3.4.0:*
cpe:2.3:a:wordpress:wordpress:3.3:*
cpe:2.3:a:wordpress:wordpress:3.3.3:* 		3.4.1 2024-11-21 10:42
2012-09-15 		Show GitHub Exploit DB Packet Storm
218 -
6.5 		MEDIUM The XML-RPC remote publishing interface in xmlrpc.php in WordPress before 3.0.3 does not properly check capabilities, which allows remote authenticated users to bypass intended access restrictions, a… CWE-264
Permissions, Privileges, and Access Controls 		CVE-2010-5106 cpe:2.3:a:wordpress:wordpress:3.0:*
cpe:2.3:a:wordpress:wordpress:3.0.1:*
cpe:2.3:a:wordpress:wordpress:2.9:*
 3.0.2 2024-11-21 10:22
2012-09-15 		Show GitHub Exploit DB Packet Storm
219 -
4.3 		MEDIUM Multiple cross-site scripting (XSS) vulnerabilities in bad-behavior-wordpress-admin.php in the Bad Behavior plugin before 2.0.47 and 2.2.x before 2.2.5 for WordPress allow remote attackers to inject … CWE-79
Cross-site Scripting 		CVE-2012-4271 cpe:2.3:a:wordpress:wordpress:-:* 2024-11-21 10:42
2012-08-14 		Show GitHub Exploit DB Packet Storm
220 -
5.0 		MEDIUM WordPress before 3.4.1 does not properly restrict access to post contents such as private or draft posts, which allows remote authors or contributors to obtain sensitive information via unknown vecto… CWE-264
Permissions, Privileges, and Access Controls 		CVE-2012-3385 cpe:2.3:a:wordpress:wordpress:3.3:*
cpe:2.3:a:wordpress:wordpress:3.3.3:*
cpe:2.3:a:wordpress:wordpress:3.3.2:* 		3.4.0 2024-11-21 10:40
2012-07-23 		Show GitHub Exploit DB Packet Storm