Browse all 6 CVE security advisories affecting WordPress Foundation. AI-powered Chinese analysis, POCs, and references for each vulnerability.
The WordPress Foundation maintains the open-source WordPress content management system, which powers over 40% of websites. Historically, common vulnerabilities include remote code execution, cross-site scripting, and privilege escalation, often stemming from plugin and theme insecurities. The platform's widespread adoption makes it a frequent target for automated attacks. While no single major incident stands out, its large attack surface consistently results in regular security advisories. The Foundation emphasizes transparency through coordinated vulnerability disclosure, though the sheer volume of third-party extensions creates persistent security challenges. With 6 current CVEs, ongoing vigilance remains critical for maintaining the platform's security posture.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-3906 | WordPress 6.9 - 6.9.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Note Creation via REST API — WordPressCWE-862 | 4.3 | Medium | 2026-03-11 |
| CVE-2022-4973 | WordPress Core < 6.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via use of the_meta(); function — WordPressCWE-79 | 4.9 | Medium | 2024-10-16 |
| CVE-2024-6307 | WordPress Core < 6.5.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via HTML API — WordPress | 6.4 | Medium | 2024-06-25 |
| CVE-2024-4439 | WordPress 跨站脚本漏洞 — WordPress | 7.2 | High | 2024-05-03 |
| CVE-2023-5692 | WordPress Core <= 6.4.3 - Sensitive Information Exposure via redirect_guess_404_permalink — WordPressCWE-200 | 5.3 | Medium | 2024-04-05 |
| CVE-2023-2745 | WordPress Core < 6.2.1 - Directory Traversal — WordPressCWE-22 | 5.4 | Medium | 2023-05-17 |
This page lists every published CVE security advisory associated with WordPress Foundation. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.