Browse all 6 CVE security advisories affecting WordPress.org. AI-powered Chinese analysis, POCs, and references for each vulnerability.
WordPress.org powers over 40% of websites as an open-source content management system enabling website creation and management. Historically, it has faced vulnerabilities including remote code execution, cross-site scripting, and privilege escalation, often stemming from plugin and theme insecurities. The platform maintains a security team that regularly releases patches, though its extensive plugin ecosystem remains a primary attack vector. In 2021, a critical flaw in a core component allowed unauthenticated attacks, affecting millions of sites. Despite these challenges, WordPress.org's transparency in vulnerability reporting and regular security updates help mitigate risks for its vast user base.
Showing up to 20 recent security advisories. View all →
This page lists every published CVE security advisory associated with WordPress.org. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.