Software Detail

Software Informaton Top

CMS

Software Detail

WordPress

Number Of NVD

349

CRITICAL

HIGH

MEDIUM

235

LOW

URL	https://wordpress.org/
Explanation	It is an open source blogging software written in PHP. It can be used not only for blogs, but also for personal and corporate web sites, and offers a large number of additional features and good-looking themes. It may be the most used Content Management System (CMS) in the world. There are many plugins, and if you have enough knowledge, you can build a site that can be used for commercial purposes. However, since there are some vulnerabilities caused by plugins, you need to carefully select the right plugin to use. Since security updates are not made for other than the latest version, it is officially announced that older versions cannot be used safely. In some cases, security issues are fixed for older versions. Since there are many plugins (additional functions) available for WordPress, you need to check each plugin for vulnerabilities and new versions.
Tag	GPL v2 PHP オープンソース

Add Information URL

No	Type	Name	URL
1			https://ja.wordpress.org/download/
2			https://github.com/wordpress/wordpress
3			https://wordpress.org/download/releases/
4			https://ja.wordpress.org/download/releases/
5			https://ja.wordpress.org/about/history/
6			https://wordpress.org/news/category/releases/
7			https://ja.wordpress.org/

List Of Product [ Click to show release history and vulnerability information ]

No	Name	Latest Version	Release date	Initial release	Normal Support	Critical	High	Medium	Low
261	wordpress 6	6.8.3	Sept. 30, 2025	Nov. 2, 2022		0	0	10	0
262	wordpress 5.9	5.9.5	Oct. 17, 2022	Jan. 25, 2022		0	0	10	0
263	wordpress 5.8	5.8.1	Sept. 9, 2021	July 21, 2021		0	3	13	0
264	wordpress 5.7	5.7.3	Sept. 9, 2021	March 10, 2021		2	4	14	0
265	WordPress 5.6	5.6.5	Sept. 9, 2021	Dec. 8, 2020		2	4	14	0
266	WordPress 5.5	5.5.6	Sept. 9, 2021	Aug. 11, 2020		7	5	16	0
267	WordPress 5.4	5.4.7	Sept. 9, 2021	April 28, 2020		7	7	24	2
268	WordPress 5.3	5.3.9	Sept. 11, 2021	Nov. 21, 2019		8	7	27	2
269	WordPress 5.2	5.2.12	Sept. 9, 2021	May 19, 2019		10	9	38	2
270	WordPress 5.1	5.1.11	Sept. 22, 2021	March 11, 2019		10	10	37	2
271	WordPress 5.0	5.0.14	Sept. 22, 2021	Dec. 10, 2018		11	12	43	2
272	WordPress 4.9	4.9.18	May 12, 2021	Nov. 17, 2017		11	17	49	2
273	WordPress 4.8	4.8.17	May 12, 2021	June 23, 2017		13	20	57	2
274	WordPress 4.7	4.7.18	June 11, 2020	Dec. 7, 2016		16	28	72	2
275	WordPress 4.6	4.6.19	June 11, 2020	Aug. 17, 2016		16	26	70	2
276	WordPress 4.5	4.5.22	June 11, 2020	April 14, 2016		16	33	76	2
277	WordPress 4.4	4.4.23	June 11, 2020	Dec. 9, 2015		16	36	78	2
278	WordPress 4.3	4.3.24	June 11, 2020	Aug. 19, 2015		16	36	81	2
279	WordPress 4.2	4.2.28	June 11, 2020	April 28, 2015		16	37	89	3
280	WordPress 4.1	4.1.31	June 11, 2020	Dec. 19, 2014		16	37	91	3
281	wordpress 4.0	4.0.38	Dec. 15, 2014	Dec. 15, 2014		16	37	97	3
282	WordPress 3.9	3.9.40	Nov. 30, 2022	April 17, 2014		16	38	102	4
283	WordPress 3.8	3.8.41	Nov. 30, 2022	Dec. 16, 2013		16	37	102	4
284	WordPress 3.7	3.7.5	Nov. 30, 2022	Oct. 25, 2013		16	37	102	4
285	wordpress 3.6	3.6.1	Sept. 11, 2013	Aug. 1, 2013	Jan. 1, 2000	15	37	94	4
286	wordpress 3.5	3.5.2	June 21, 2013	Nov. 11, 2012	Jan. 1, 2000	15	37	105	4
287	wordpress 3.4	3.4.2	Sept. 6, 2012	June 13, 2012	Jan. 1, 2000	15	37	108	7
288	wordpress 3.3	3.3.3	June 27, 2012	Dec. 12, 2011	Jan. 1, 2000	15	40	119	6
289	wordpress 3.2	3.2.1	July 12, 2011	July 4, 2011	Jan. 1, 2000	15	44	122	5
290	wordpress 3.1	3.1.4	June 29, 2011	Feb. 23, 2011	Jan. 1, 2000	15	44	125	5
291	wordpress 3.0	3.0.6	April 26, 2011	June 17, 2010	Jan. 1, 2000	15	40	132	7
292	wordpress 2.9	2.9.2	Feb. 15, 2010	Dec. 18, 2009	Jan. 1, 2000	15	39	133	7
293	wordpress 2.8	2.8.6	Nov. 12, 2009	June 11, 2009	Jan. 1, 2000	15	41	137	8
294	wordpress 2.7	2.7.1	Feb. 10, 2009	Dec. 10, 2008	Jan. 1, 2000	15	41	140	8
295	wordpress 2.6	2.6.5	Nov. 25, 2008	July 15, 2008	Jan. 1, 2000	15	44	143	8
296	wordpress 2.5	2.5.1	April 25, 2008	March 29, 2008	Jan. 1, 2000	15	46	143	8
297	wordpress 2.3	2.3.3	Feb. 5, 2008	Sept. 25, 2007	Jan. 1, 2000	16	46	147	9
298	wordpress 2.2	2.2.3	Sept. 24, 2007	Sept. 24, 2007	Jan. 1, 2000	16	48	158	9
299	wordpress 2.1	2.1.3	Sept. 24, 2007	Sept. 24, 2007	Jan. 1, 2000	16	51	157	9
300	wordpress 2.0	2.0.9	Sept. 24, 2007	Sept. 24, 2007	Jan. 1, 2000	16	55	180	9
301	wordpress 1.5	1.5.2	Sept. 24, 2007	Sept. 24, 2007	Jan. 1, 2000	16	58	173	8
302	wordpress 1.2	1.2.5	Sept. 24, 2007	Sept. 24, 2007	Jan. 1, 2000	15	55	175	8
303	wordpress 1.6	1.6.2			Jan. 1, 2000	16	49	161	8
304	wordpress 1.3	1.3.3			Jan. 1, 2000	15	49	164	8
305	wordpress 1.1	1.1.1			Jan. 1, 2000	15	49	163	8
306	wordpress 1.0	1.0.2	Sept. 24, 2007		Jan. 1, 2000	15	53	169	8
307	wordpress 0.72	0.72			Jan. 1, 2000	15	51	163	8
308	wordpress 0.711	0.711			Jan. 1, 2000	15	51	163	8
309	wordpress 0.71	0.71	Sept. 24, 2007		Jan. 1, 2000	15	53	167	8

NVD Vulnerability Information

CRITICAL
HIGH
MEDIUM
LOW

No	CVSS3 CVSS2	Level Attach Vector	Title	CWE	CVE	cpe23Uri	or less	less than	Update date Published date	Show Affected	Exploit PoC Search
261	- 4.9	MEDIUM	wp-admin/admin.php in WordPress and WordPress MU before 2.8.1 does not require administrative authentication to access the configuration of a plugin, which allows remote attackers to specify a config…	CWE-287 Improper Authentication	CVE-2009-2334	cpe:2.3:a:wordpress:wordpress:2.6:* cpe:2.3:a:wordpress:wordpress:2.6.5:* cpe:2.3:a:wordpress:wordpress:2.6.3:*	2.7.1		2026-04-23 09:35 2009-07-11	Show	GitHub Exploit DB Packet Storm

262	- 10.0	HIGH	wp-admin/upgrade.php in WordPress, probably 2.6.x, allows remote attackers to upgrade the application, and possibly cause a denial of service (application outage), via a direct request.	NVD-CWE-noinfo	CVE-2008-6767	cpe:2.3:a:wordpress:wordpress:2.6:*			2026-04-23 09:35 2009-04-29	Show	GitHub Exploit DB Packet Storm

263	- 4.3	MEDIUM	Open redirect vulnerability in wp-admin/upgrade.php in WordPress, probably 2.6.x, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the backto…	CWE-59 Link Following	CVE-2008-6762	cpe:2.3:a:wordpress:wordpress:2.6:*			2026-04-23 09:35 2009-04-29	Show	GitHub Exploit DB Packet Storm

264	- 8.5	HIGH	wp-admin/options.php in WordPress MU before 1.3.2, and WordPress 2.3.2 and earlier, does not properly validate requests to update an option, which allows remote authenticated users with manage_option…	CWE-20 Improper Input Validation	CVE-2008-5695	cpe:2.3:a:wordpress:wordpress::	2.3.2		2026-04-23 09:35 2008-12-20	Show	GitHub Exploit DB Packet Storm

265	- 4.3	MEDIUM	Cross-site scripting (XSS) vulnerability in the self_link function in in the RSS Feed Generator (wp-includes/feed.php) for WordPress before 2.6.5 allows remote attackers to inject arbitrary web scrip…	CWE-79 Cross-site Scripting	CVE-2008-5278	cpe:2.3:a:wordpress:wordpress:2.6:* cpe:2.3:a:wordpress:wordpress:2.6.1:* cpe:2.3:a:wordpress:wordpress:2.5:* …	2.6.3		2026-04-23 09:35 2008-11-29	Show	GitHub Exploit DB Packet Storm

266	- 4.0	MEDIUM	WordPress 2.6.3 relies on the REQUEST superglobal array in certain dangerous situations, which makes it easier for remote attackers to conduct delayed and persistent cross-site request forgery (CSRF)…	CWE-352 Origin Validation Error	CVE-2008-5113	cpe:2.3:a:wordpress:wordpress:2.6.3:*			2026-04-23 09:35 2008-11-18	Show	GitHub Exploit DB Packet Storm

267	- 10.0	HIGH	The _httpsrequest function (Snoopy/Snoopy.class.php) in Snoopy 1.2.3 and earlier, as used in (1) ampache, (2) libphp-snoopy, (3) mahara, (4) mediamate, (5) opendb, (6) pixelpost, and possibly other p…	CWE-78 OS Command	CVE-2008-4796	cpe:2.3:a:wordpress:wordpress::		2.6.3	2026-04-23 09:35 2008-10-31	Show	GitHub Exploit DB Packet Storm

268	- 9.3	HIGH	Directory traversal vulnerability in the get_category_template function in wp-includes/theme.php in WordPress 2.3.3 and earlier, and 2.5, allows remote attackers to include and possibly execute arbit…	CWE-22 Path Traversal	CVE-2008-4769	cpe:2.3:a:wordpress:wordpress:2.5:* cpe:2.3:a:wordpress:wordpress:2.3:* cpe:2.3:a:wordpress:wordpress:2.3.2:* …	2.3.3		2026-04-23 09:35 2008-10-28	Show	GitHub Exploit DB Packet Storm

269	- 5.1	MEDIUM	WordPress before 2.6.2 does not properly handle MySQL warnings about insertion of username strings that exceed the maximum column width of the user_login column, and does not properly handle space ch…	CWE-20 Improper Input Validation	CVE-2008-4106	cpe:2.3:a:wordpress:wordpress:2.6:* cpe:2.3:a:wordpress:wordpress:2.5:* cpe:2.3:a:wordpress:wordpress:2.5.1:* …	2.6.1		2026-04-23 09:35 2008-09-19	Show	GitHub Exploit DB Packet Storm

270	- 7.5	HIGH	The (1) get_edit_post_link and (2) get_edit_comment_link functions in wp-includes/link-template.php in WordPress before 2.6.1 do not force SSL communication in the intended situations, which might al…	CWE-264 Permissions, Privileges, and Access Controls	CVE-2008-3747	cpe:2.3:a:wordpress:wordpress:2.6:* cpe:2.3:a:wordpress:wordpress:2.5:* cpe:2.3:a:wordpress:wordpress:2.5.1:* …			2026-04-23 09:35 2008-08-28	Show	GitHub Exploit DB Packet Storm