Software Detail
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
Number of items displayed
WordPress Number Of NVD 349 CRITICAL 17 HIGH 79 MEDIUM 235 LOW 18
URL https://wordpress.org/
Explanation It is an open source blogging software written in PHP.
It can be used not only for blogs, but also for personal and corporate web sites, and offers a large number of additional features and good-looking themes.
It may be the most used Content Management System (CMS) in the world.

There are many plugins, and if you have enough knowledge, you can build a site that can be used for commercial purposes.
However, since there are some vulnerabilities caused by plugins, you need to carefully select the right plugin to use.

Since security updates are not made for other than the latest version, it is officially announced that older versions cannot be used safely.
In some cases, security issues are fixed for older versions.
Since there are many plugins (additional functions) available for WordPress, you need to check each plugin for vulnerabilities and new versions.
Tag
  • GPL v2
  • PHP
  • オープンソース
Add Information URL
No Type Name URL
1 https://ja.wordpress.org/download/
2 https://github.com/wordpress/wordpress
3 https://wordpress.org/download/releases/
4 https://ja.wordpress.org/download/releases/
5 https://ja.wordpress.org/about/history/
6 https://wordpress.org/news/category/releases/
7 https://ja.wordpress.org/
List Of Product  [ Click to show release history and vulnerability information ]
No Name Latest Version Release date Initial release Normal Support Security Support
Service Pack Support		 Extended
for a fee		 Critical High Medium Low
251 wordpress 6 6.8.3 Sept. 30, 2025 Nov. 2, 2022 0 0 10 0
252 wordpress 5.9 5.9.5 Oct. 17, 2022 Jan. 25, 2022 0 0 10 0
253 wordpress 5.8 5.8.1 Sept. 9, 2021 July 21, 2021 0 3 13 0
254 wordpress 5.7 5.7.3 Sept. 9, 2021 March 10, 2021 2 4 14 0
255 WordPress 5.6 5.6.5 Sept. 9, 2021 Dec. 8, 2020 2 4 14 0
256 WordPress 5.5 5.5.6 Sept. 9, 2021 Aug. 11, 2020 7 5 16 0
257 WordPress 5.4 5.4.7 Sept. 9, 2021 April 28, 2020 7 7 24 2
258 WordPress 5.3 5.3.9 Sept. 11, 2021 Nov. 21, 2019 8 7 27 2
259 WordPress 5.2 5.2.12 Sept. 9, 2021 May 19, 2019 10 9 38 2
260 WordPress 5.1 5.1.11 Sept. 22, 2021 March 11, 2019 10 10 37 2
261 WordPress 5.0 5.0.14 Sept. 22, 2021 Dec. 10, 2018 11 12 43 2
262 WordPress 4.9 4.9.18 May 12, 2021 Nov. 17, 2017 11 17 49 2
263 WordPress 4.8 4.8.17 May 12, 2021 June 23, 2017 13 20 57 2
264 WordPress 4.7 4.7.18 June 11, 2020 Dec. 7, 2016 16 28 72 2
265 WordPress 4.6 4.6.19 June 11, 2020 Aug. 17, 2016 16 26 70 2
266 WordPress 4.5 4.5.22 June 11, 2020 April 14, 2016 16 33 76 2
267 WordPress 4.4 4.4.23 June 11, 2020 Dec. 9, 2015 16 36 78 2
268 WordPress 4.3 4.3.24 June 11, 2020 Aug. 19, 2015 16 36 81 2
269 WordPress 4.2 4.2.28 June 11, 2020 April 28, 2015 16 37 89 3
270 WordPress 4.1 4.1.31 June 11, 2020 Dec. 19, 2014 16 37 91 3
271 wordpress 4.0 4.0.38 Dec. 15, 2014 Dec. 15, 2014 16 37 97 3
272 WordPress 3.9 3.9.40 Nov. 30, 2022 April 17, 2014 16 38 102 4
273 WordPress 3.8 3.8.41 Nov. 30, 2022 Dec. 16, 2013 16 37 102 4
274 WordPress 3.7 3.7.5 Nov. 30, 2022 Oct. 25, 2013 16 37 102 4
275 wordpress 3.6 3.6.1 Sept. 11, 2013 Aug. 1, 2013 Jan. 1, 2000 15 37 94 4
276 wordpress 3.5 3.5.2 June 21, 2013 Nov. 11, 2012 Jan. 1, 2000 15 37 105 4
277 wordpress 3.4 3.4.2 Sept. 6, 2012 June 13, 2012 Jan. 1, 2000 15 37 108 7
278 wordpress 3.3 3.3.3 June 27, 2012 Dec. 12, 2011 Jan. 1, 2000 15 40 119 6
279 wordpress 3.2 3.2.1 July 12, 2011 July 4, 2011 Jan. 1, 2000 15 44 122 5
280 wordpress 3.1 3.1.4 June 29, 2011 Feb. 23, 2011 Jan. 1, 2000 15 44 125 5
281 wordpress 3.0 3.0.6 April 26, 2011 June 17, 2010 Jan. 1, 2000 15 40 132 7
282 wordpress 2.9 2.9.2 Feb. 15, 2010 Dec. 18, 2009 Jan. 1, 2000 15 39 133 7
283 wordpress 2.8 2.8.6 Nov. 12, 2009 June 11, 2009 Jan. 1, 2000 15 41 137 8
284 wordpress 2.7 2.7.1 Feb. 10, 2009 Dec. 10, 2008 Jan. 1, 2000 15 41 140 8
285 wordpress 2.6 2.6.5 Nov. 25, 2008 July 15, 2008 Jan. 1, 2000 15 44 143 8
286 wordpress 2.5 2.5.1 April 25, 2008 March 29, 2008 Jan. 1, 2000 15 46 143 8
287 wordpress 2.3 2.3.3 Feb. 5, 2008 Sept. 25, 2007 Jan. 1, 2000 16 46 147 9
288 wordpress 2.2 2.2.3 Sept. 24, 2007 Sept. 24, 2007 Jan. 1, 2000 16 48 158 9
289 wordpress 2.1 2.1.3 Sept. 24, 2007 Sept. 24, 2007 Jan. 1, 2000 16 51 157 9
290 wordpress 2.0 2.0.9 Sept. 24, 2007 Sept. 24, 2007 Jan. 1, 2000 16 55 180 9
291 wordpress 1.5 1.5.2 Sept. 24, 2007 Sept. 24, 2007 Jan. 1, 2000 16 58 173 8
292 wordpress 1.2 1.2.5 Sept. 24, 2007 Sept. 24, 2007 Jan. 1, 2000 15 55 175 8
293 wordpress 1.6 1.6.2 Jan. 1, 2000 16 49 161 8
294 wordpress 1.3 1.3.3 Jan. 1, 2000 15 49 164 8
295 wordpress 1.1 1.1.1 Jan. 1, 2000 15 49 163 8
296 wordpress 1.0 1.0.2 Sept. 24, 2007 Jan. 1, 2000 15 53 169 8
297 wordpress 0.72 0.72 Jan. 1, 2000 15 51 163 8
298 wordpress 0.711 0.711 Jan. 1, 2000 15 51 163 8
299 wordpress 0.71 0.71 Sept. 24, 2007 Jan. 1, 2000 15 53 167 8
NVD Vulnerability Information
  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW
No CVSS3
CVSS2		 Level
Attach Vector		 Title CWE CVE cpe23Uri or higher or less more than less than Update date
Published date		 Show Affected Exploit
PoC
Search
251 -
6.0 		MEDIUM Unrestricted file upload vulnerability in the wp_check_filetype function in wp-includes/functions.php in WordPress before 2.8.6, when a certain configuration of the mod_mime module in the Apache HTTP… CWE-94
Code Injection 		CVE-2009-3890 cpe:2.3:a:wordpress:wordpress:*:* 2.8.5 2026-04-23 09:35
2009-11-18 		Show GitHub Exploit DB Packet Storm
252 -
4.3 		MEDIUM Algorithmic complexity vulnerability in wp-trackback.php in WordPress before 2.8.5 allows remote attackers to cause a denial of service (CPU consumption and server hang) via a long title parameter in… CWE-310
Cryptographic Issues 		CVE-2009-3622 cpe:2.3:a:wordpress:wordpress:*:* 2.8.4 2026-04-23 09:35
2009-10-24 		Show GitHub Exploit DB Packet Storm
253 -
6.4 		MEDIUM Wordpress before 2.8.3 does not check capabilities for certain actions, which allows remote attackers to make unauthorized edits or additions via a direct request to (1) edit-comments.php, (2) edit-p… CWE-264
Permissions, Privileges, and Access Controls 		CVE-2009-2854 cpe:2.3:a:wordpress:wordpress:*:* 2.8.2 2026-04-23 09:35
2009-08-19 		Show GitHub Exploit DB Packet Storm
254 -
10.0 		HIGH Wordpress before 2.8.3 allows remote attackers to gain privileges via a direct request to (1) admin-footer.php, (2) edit-category-form.php, (3) edit-form-advanced.php, (4) edit-form-comment.php, (5) … CWE-264
Permissions, Privileges, and Access Controls 		CVE-2009-2853 cpe:2.3:a:wordpress:wordpress:2.8:*
cpe:2.3:a:wordpress:wordpress:2.8.2:*
cpe:2.3:a:wordpress:wordpress:2.8.1:* 		2026-04-23 09:35
2009-08-19 		Show GitHub Exploit DB Packet Storm
255 -
4.3 		MEDIUM Cross-site scripting (XSS) vulnerability in the administrator interface in WordPress before 2.8.2 allows remote attackers to inject arbitrary web script or HTML via a comment author URL. CWE-79
Cross-site Scripting 		CVE-2009-2851 cpe:2.3:a:wordpress:wordpress:*:* 2.8.1 2026-04-23 09:35
2009-08-19 		Show GitHub Exploit DB Packet Storm
256 -
7.5 		HIGH wp-login.php in WordPress 2.8.3 and earlier allows remote attackers to force a password reset for the first user in the database, possibly the administrator, via a key[] array variable in a resetpass… CWE-255
Credentials Management 		CVE-2009-2762 cpe:2.3:a:wordpress:wordpress:*:* 2.8.3 2026-04-23 09:35
2009-08-14 		Show GitHub Exploit DB Packet Storm
257 -
5.0 		MEDIUM WordPress and WordPress MU before 2.8.1 allow remote attackers to obtain sensitive information via a direct request to wp-settings.php, which reveals the installation path in an error message. CWE-264
Permissions, Privileges, and Access Controls 		CVE-2009-2432 cpe:2.3:a:wordpress:wordpress:2.6:*
cpe:2.3:a:wordpress:wordpress:2.6.5:*
cpe:2.3:a:wordpress:wordpress:2.6.3:* 		2.7.1 2026-04-23 09:35
2009-07-11 		Show GitHub Exploit DB Packet Storm
258 -
5.0 		MEDIUM WordPress 2.7.1 places the username of a post's author in an HTML comment, which allows remote attackers to obtain sensitive information by reading the HTML source. CWE-20
 Improper Input Validation  		CVE-2009-2431 cpe:2.3:a:wordpress:wordpress:2.7.1:* 2026-04-23 09:35
2009-07-11 		Show GitHub Exploit DB Packet Storm
259 -
5.0 		MEDIUM The forgotten mail interface in WordPress and WordPress MU before 2.8.1 exhibits different behavior for a password request depending on whether the user account exists, which allows remote attackers … CWE-16
Configuration 		CVE-2009-2336 cpe:2.3:a:wordpress:wordpress:*:* 2.8.1 2026-04-23 09:35
2009-07-11 		Show GitHub Exploit DB Packet Storm
260 -
5.0 		MEDIUM WordPress and WordPress MU before 2.8.1 exhibit different behavior for a failed login attempt depending on whether the user account exists, which allows remote attackers to enumerate valid usernames.… CWE-16
Configuration 		CVE-2009-2335 cpe:2.3:a:wordpress:wordpress:*:* 2.8.1 2026-04-23 09:35
2009-07-11 		Show GitHub Exploit DB Packet Storm