Browse all 6 CVE security advisories affecting WordPress.org. AI-powered Chinese analysis, POCs, and references for each vulnerability.
WordPress.org powers over 40% of websites as an open-source content management system enabling website creation and management. Historically, it has faced vulnerabilities including remote code execution, cross-site scripting, and privilege escalation, often stemming from plugin and theme insecurities. The platform maintains a security team that regularly releases patches, though its extensive plugin ecosystem remains a primary attack vector. In 2021, a critical flaw in a core component allowed unauthenticated attacks, affecting millions of sites. Despite these challenges, WordPress.org's transparency in vulnerability reporting and regular security updates help mitigate risks for its vast user base.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-64253 | WordPress Health Check & Troubleshooting plugin <= 1.7.1 - Path Traversal vulnerability — Health Check & TroubleshootingCWE-35 | 4.9 | Medium | 2025-12-16 |
This page lists every published CVE security advisory associated with WordPress.org. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.