Software Detail

Software Informaton Top

CMS

Software Detail

WordPress

Number Of NVD

349

CRITICAL

HIGH

MEDIUM

235

LOW

URL	https://wordpress.org/
Explanation	It is an open source blogging software written in PHP. It can be used not only for blogs, but also for personal and corporate web sites, and offers a large number of additional features and good-looking themes. It may be the most used Content Management System (CMS) in the world. There are many plugins, and if you have enough knowledge, you can build a site that can be used for commercial purposes. However, since there are some vulnerabilities caused by plugins, you need to carefully select the right plugin to use. Since security updates are not made for other than the latest version, it is officially announced that older versions cannot be used safely. In some cases, security issues are fixed for older versions. Since there are many plugins (additional functions) available for WordPress, you need to check each plugin for vulnerabilities and new versions.
Tag	PHP オープンソース GPL v2

Add Information URL

No	Type	Name	URL
1			https://ja.wordpress.org/download/
2			https://github.com/wordpress/wordpress
3			https://wordpress.org/download/releases/
4			https://ja.wordpress.org/download/releases/
5			https://ja.wordpress.org/about/history/
6			https://wordpress.org/news/category/releases/
7			https://ja.wordpress.org/

List Of Product [ Click to show release history and vulnerability information ]

No	Name	Latest Version	Release date	Initial release	Normal Support	Critical	High	Medium	Low
221	wordpress 6	6.8.3	Sept. 30, 2025	Nov. 2, 2022		0	0	10	0
222	wordpress 5.9	5.9.5	Oct. 17, 2022	Jan. 25, 2022		0	0	10	0
223	wordpress 5.8	5.8.1	Sept. 9, 2021	July 21, 2021		0	3	13	0
224	wordpress 5.7	5.7.3	Sept. 9, 2021	March 10, 2021		2	4	14	0
225	WordPress 5.6	5.6.5	Sept. 9, 2021	Dec. 8, 2020		2	4	14	0
226	WordPress 5.5	5.5.6	Sept. 9, 2021	Aug. 11, 2020		7	5	16	0
227	WordPress 5.4	5.4.7	Sept. 9, 2021	April 28, 2020		7	7	24	2
228	WordPress 5.3	5.3.9	Sept. 11, 2021	Nov. 21, 2019		8	7	27	2
229	WordPress 5.2	5.2.12	Sept. 9, 2021	May 19, 2019		10	9	38	2
230	WordPress 5.1	5.1.11	Sept. 22, 2021	March 11, 2019		10	10	37	2
231	WordPress 5.0	5.0.14	Sept. 22, 2021	Dec. 10, 2018		11	12	43	2
232	WordPress 4.9	4.9.18	May 12, 2021	Nov. 17, 2017		11	17	49	2
233	WordPress 4.8	4.8.17	May 12, 2021	June 23, 2017		13	20	57	2
234	WordPress 4.7	4.7.18	June 11, 2020	Dec. 7, 2016		16	28	72	2
235	WordPress 4.6	4.6.19	June 11, 2020	Aug. 17, 2016		16	26	70	2
236	WordPress 4.5	4.5.22	June 11, 2020	April 14, 2016		16	33	76	2
237	WordPress 4.4	4.4.23	June 11, 2020	Dec. 9, 2015		16	36	78	2
238	WordPress 4.3	4.3.24	June 11, 2020	Aug. 19, 2015		16	36	81	2
239	WordPress 4.2	4.2.28	June 11, 2020	April 28, 2015		16	37	89	3
240	WordPress 4.1	4.1.31	June 11, 2020	Dec. 19, 2014		16	37	91	3
241	wordpress 4.0	4.0.38	Dec. 15, 2014	Dec. 15, 2014		16	37	97	3
242	WordPress 3.9	3.9.40	Nov. 30, 2022	April 17, 2014		16	38	102	4
243	WordPress 3.8	3.8.41	Nov. 30, 2022	Dec. 16, 2013		16	37	102	4
244	WordPress 3.7	3.7.5	Nov. 30, 2022	Oct. 25, 2013		16	37	102	4
245	wordpress 3.6	3.6.1	Sept. 11, 2013	Aug. 1, 2013	Jan. 1, 2000	15	37	94	4
246	wordpress 3.5	3.5.2	June 21, 2013	Nov. 11, 2012	Jan. 1, 2000	15	37	105	4
247	wordpress 3.4	3.4.2	Sept. 6, 2012	June 13, 2012	Jan. 1, 2000	15	37	108	7
248	wordpress 3.3	3.3.3	June 27, 2012	Dec. 12, 2011	Jan. 1, 2000	15	40	119	6
249	wordpress 3.2	3.2.1	July 12, 2011	July 4, 2011	Jan. 1, 2000	15	44	122	5
250	wordpress 3.1	3.1.4	June 29, 2011	Feb. 23, 2011	Jan. 1, 2000	15	44	125	5
251	wordpress 3.0	3.0.6	April 26, 2011	June 17, 2010	Jan. 1, 2000	15	40	132	7
252	wordpress 2.9	2.9.2	Feb. 15, 2010	Dec. 18, 2009	Jan. 1, 2000	15	39	133	7
253	wordpress 2.8	2.8.6	Nov. 12, 2009	June 11, 2009	Jan. 1, 2000	15	41	137	8
254	wordpress 2.7	2.7.1	Feb. 10, 2009	Dec. 10, 2008	Jan. 1, 2000	15	41	140	8
255	wordpress 2.6	2.6.5	Nov. 25, 2008	July 15, 2008	Jan. 1, 2000	15	44	143	8
256	wordpress 2.5	2.5.1	April 25, 2008	March 29, 2008	Jan. 1, 2000	15	46	143	8
257	wordpress 2.3	2.3.3	Feb. 5, 2008	Sept. 25, 2007	Jan. 1, 2000	16	46	147	9
258	wordpress 2.2	2.2.3	Sept. 24, 2007	Sept. 24, 2007	Jan. 1, 2000	16	48	158	9
259	wordpress 2.1	2.1.3	Sept. 24, 2007	Sept. 24, 2007	Jan. 1, 2000	16	51	157	9
260	wordpress 2.0	2.0.9	Sept. 24, 2007	Sept. 24, 2007	Jan. 1, 2000	16	55	180	9
261	wordpress 1.5	1.5.2	Sept. 24, 2007	Sept. 24, 2007	Jan. 1, 2000	16	58	173	8
262	wordpress 1.2	1.2.5	Sept. 24, 2007	Sept. 24, 2007	Jan. 1, 2000	15	55	175	8
263	wordpress 1.6	1.6.2			Jan. 1, 2000	16	49	161	8
264	wordpress 1.3	1.3.3			Jan. 1, 2000	15	49	164	8
265	wordpress 1.1	1.1.1			Jan. 1, 2000	15	49	163	8
266	wordpress 1.0	1.0.2	Sept. 24, 2007		Jan. 1, 2000	15	53	169	8
267	wordpress 0.72	0.72			Jan. 1, 2000	15	51	163	8
268	wordpress 0.711	0.711			Jan. 1, 2000	15	51	163	8
269	wordpress 0.71	0.71	Sept. 24, 2007		Jan. 1, 2000	15	53	167	8

NVD Vulnerability Information

CRITICAL
HIGH
MEDIUM
LOW

No	CVSS3 CVSS2	Level Attach Vector	Title	CWE	CVE	cpe23Uri	or less	Update date Published date	Show Affected	Exploit PoC Search
221	- 6.8	MEDIUM	Cross-site request forgery (CSRF) vulnerability in the customizer in WordPress before 3.4.1 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.	CWE-352 Origin Validation Error	CVE-2012-3384	cpe:2.3:a:wordpress:wordpress:3.3:* cpe:2.3:a:wordpress:wordpress:3.3.3:* cpe:2.3:a:wordpress:wordpress:3.3.2:*	3.4.0	2024-11-21 10:40 2012-07-23	Show	GitHub Exploit DB Packet Storm

222	- 2.6	LOW	The map_meta_cap function in wp-includes/capabilities.php in WordPress 3.4.x before 3.4.2, when the multisite feature is enabled, does not properly assign the unfiltered_html capability, which allows…	CWE-264 Permissions, Privileges, and Access Controls	CVE-2012-3383	cpe:2.3:a:wordpress:wordpress:3.4.0:*		2024-11-21 10:40 2012-07-23	Show	GitHub Exploit DB Packet Storm

223	- 5.0	MEDIUM	The make_clickable function in wp-includes/formatting.php in WordPress before 3.1.1 does not properly check URLs before passing them to the PCRE library, which allows remote attackers to cause a deni…	CWE-20 Improper Input Validation	CVE-2011-4957	cpe:2.3:a:wordpress:wordpress:3.0:* cpe:2.3:a:wordpress:wordpress:3.0.6:* cpe:2.3:a:wordpress:wordpress:3.0.5:*	3.1	2024-11-21 10:33 2012-06-28	Show	GitHub Exploit DB Packet Storm

224	- 4.3	MEDIUM	Cross-site scripting (XSS) vulnerability in WordPress before 3.1.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.	CWE-79 Cross-site Scripting	CVE-2011-4956	cpe:2.3:a:wordpress:wordpress:3.0:* cpe:2.3:a:wordpress:wordpress:3.0.6:* cpe:2.3:a:wordpress:wordpress:3.0.5:*	3.1	2024-11-21 10:33 2012-06-28	Show	GitHub Exploit DB Packet Storm

225	- 6.8	MEDIUM	The wp_create_nonce function in wp-includes/pluggable.php in WordPress 3.3.1 and earlier associates a nonce with a user account instead of a user session, which might make it easier for remote attack…	CWE-352 Origin Validation Error	CVE-2012-1936	cpe:2.3:a:wordpress:wordpress:3.3:* cpe:2.3:a:wordpress:wordpress:3.2:beta1 cpe:2.3:a:wordpress:wordpress:3.2.1:*…	3.3.1	2024-11-21 10:38 2012-05-4	Show	GitHub Exploit DB Packet Storm

226	- 4.3	MEDIUM	wp-comments-post.php in WordPress before 3.3.2 supports offsite redirects, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via unspecified vectors.	CWE-79 Cross-site Scripting	CVE-2012-2404	cpe:2.3:a:wordpress:wordpress:3.3:* cpe:2.3:a:wordpress:wordpress:3.1:* cpe:2.3:a:wordpress:wordpress:3.1.3:* …	3.3.1	2024-11-21 10:39 2012-04-22	Show	GitHub Exploit DB Packet Storm

227	- 4.3	MEDIUM	wp-includes/formatting.php in WordPress before 3.3.2 attempts to enable clickable links inside attributes, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via…	CWE-79 Cross-site Scripting	CVE-2012-2403	cpe:2.3:a:wordpress:wordpress:3.3:* cpe:2.3:a:wordpress:wordpress:3.1:* cpe:2.3:a:wordpress:wordpress:3.1.3:* …	3.3.1	2024-11-21 10:39 2012-04-22	Show	GitHub Exploit DB Packet Storm

228	- 5.5	MEDIUM	wp-admin/plugins.php in WordPress before 3.3.2 allows remote authenticated site administrators to bypass intended access restrictions and deactivate network-wide plugins via unspecified vectors.	CWE-264 Permissions, Privileges, and Access Controls	CVE-2012-2402	cpe:2.3:a:wordpress:wordpress:3.3:* cpe:2.3:a:wordpress:wordpress:3.1:* cpe:2.3:a:wordpress:wordpress:3.1.3:* …	3.3.1	2024-11-21 10:39 2012-04-22	Show	GitHub Exploit DB Packet Storm

229	- 5.0	MEDIUM	Plupload before 1.5.4, as used in wp-includes/js/plupload/ in WordPress before 3.3.2 and other products, enables scripting regardless of the domain from which the SWF content was loaded, which allows…	CWE-264 Permissions, Privileges, and Access Controls	CVE-2012-2401	cpe:2.3:a:wordpress:wordpress:3.3:* cpe:2.3:a:wordpress:wordpress:3.1:* cpe:2.3:a:wordpress:wordpress:3.1.3:* …	3.3.1	2024-11-21 10:39 2012-04-22	Show	GitHub Exploit DB Packet Storm

230	- 10.0	HIGH	Unspecified vulnerability in wp-includes/js/swfobject.js in WordPress before 3.3.2 has unknown impact and attack vectors.	NVD-CWE-noinfo	CVE-2012-2400	cpe:2.3:a:wordpress:wordpress:3.3:* cpe:2.3:a:wordpress:wordpress:3.1:* cpe:2.3:a:wordpress:wordpress:3.1.3:* …	3.3.1	2024-11-21 10:39 2012-04-22	Show	GitHub Exploit DB Packet Storm