Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

wordpress — Vulnerabilities & Security Advisories 27

All 27 CVE vulnerabilities found in wordpress, with AI-generated Chinese analysis, references, and POCs.

This page provides a comprehensive aggregation of security vulnerabilities associated with the WordPress product, focusing on common weakness types and relevant security tags. It collects data on various vulnerability classifications, including cross-site scripting, SQL injection, and privilege escalation flaws, covering reports disclosed from 2009 to the present. Users can leverage this resource to track vendor advisories from the official WordPress security team, gain a deeper understanding of specific weakness classes impacting the platform, and look up a product’s vulnerability history to assess long-term risk trends. The content is structured to help developers, security researchers, and system administrators identify recurring patterns in code quality and configuration errors within the WordPress ecosystem. By reviewing these aggregated entries, readers can better understand how specific versions have been patched over time and what types of attack vectors have historically affected the software. This historical perspective is crucial for maintaining secure deployments and prioritizing updates based on the severity and exploitability of reported issues. The database includes details on impact, detection methods, and remediation steps where available, ensuring that professionals have the necessary context to make informed decisions. Whether you are auditing an existing installation or evaluating the security posture of a future upgrade, this page serves as a centralized reference for all known defects. The information presented is derived from official advisories, community reports, and automated scans, providing a holistic view of the security landscape surrounding the WordPress content management system.

Vendor: n/a

CVE IDTitleCVSSSeverityPublished
CVE-2026-3906 WordPress 6.9 - 6.9.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Note Creation via REST API CWE-862 4.3 Medium2026-03-11
CVE-2025-58674 WordPress <= 6.8.2 - (Author+) Cross Site Scripting (XSS) Vulnerability CWE-79 5.9 Medium2025-09-23
CVE-2025-58246 WordPress <= 6.8.2 - (Contributor+) Sensitive Data Exposure Vulnerability CWE-201 4.3 Medium2025-09-23
CVE-2025-54352 WordPress 安全漏洞 CWE-669 3.7 Low2025-07-21
CVE-2022-4973 WordPress Core < 6.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via use of the_meta(); function CWE-79 4.9 Medium2024-10-16
CVE-2024-32111 WordPress core < 6.5.5 - Auth. Arbitrary .html File Read (Windows Only) vulnerability CWE-22 5.0 Medium2024-06-25
CVE-2024-31111 WordPress Core < 6.5.5 - Cross Site Scripting (XSS) vulnerability CWE-79 6.5 Medium2024-06-25
CVE-2024-6307 WordPress Core < 6.5.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via HTML API 6.4 Medium2024-06-25
CVE-2024-4439 WordPress 跨站脚本漏洞 7.2 High2024-05-03
CVE-2023-5692 WordPress Core <= 6.4.3 - Sensitive Information Exposure via redirect_guess_404_permalink CWE-200 5.3 Medium2024-04-05
CVE-2023-5561 WordPress < 6.3.2 - Unauthenticated Post Author Email Disclosure 5.3 -2023-10-16
CVE-2023-39999 WordPress < 6.3.2 is vulnerable to Broken Access Control CWE-200 4.3 Medium2023-10-13
CVE-2023-38000 Auth. Stored Cross-Site Scripting (XSS) vulnerability in WordPress core and Gutenberg plugin via Navigation Links Block CWE-79 6.5 Medium2023-10-13
CVE-2023-2745 WordPress Core < 6.2.1 - Directory Traversal CWE-22 5.4 Medium2023-05-17
CVE-2022-3590 WP <= 6.1.1 - Unauthenticated Blind SSRF via DNS Rebinding 5.9 -2022-12-14
CVE-2022-43504 WordPress 授权问题漏洞 5.3 -2022-12-05
CVE-2022-43500 WordPress 跨站脚本漏洞 6.1 -2022-12-05
CVE-2022-43497 WordPress 跨站脚本漏洞 6.1 -2022-12-05
CVE-2011-1762 Wordpress 安全漏洞 CWE-284 6.5 -2022-04-18
CVE-2020-11026 Specially crafted filenames in WordPress leading to XSS CWE-707 8.7 High2020-04-30
CVE-2020-11028 Unauthenticated disclosure of certain private posts in WordPress CWE-284 5.8 Medium2020-04-30
CVE-2020-11029 Cross-site scripting in stats method (object cache) in WordPress CWE-79 5.8 Medium2020-04-30
CVE-2020-11030 Cross-site scripting (XSS) in Search block in WordPress CWE-707 6.4 Medium2020-04-30
CVE-2020-11025 Authenticated cross-site scripting (XSS) in WordPress Customizer CWE-79 5.8 Medium2020-04-30
CVE-2020-11027 Password reset links invalidation issue in WordPress CWE-672 6.1 Medium2020-04-30
CVE-2019-16781 Stored cross-site scripting (XSS) in WordPress block editor CWE-79 5.8 Medium2019-12-26
CVE-2019-16780 Stored cross-site scripting (XSS) in WordPress block editor CWE-79 5.8 Medium2019-12-26

All 27 known CVE vulnerabilities affecting wordpress with full Chinese analysis, references, and POCs where available.