Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

WordPress — Vulnerabilities & Security Advisories 32

Browse all 32 CVE security advisories affecting WordPress. AI-powered Chinese analysis, POCs, and references for each vulnerability.

WordPress operates as an open-source content management system powering a significant portion of the global web, primarily enabling users to create and manage websites without extensive coding knowledge. Its widespread adoption has made it a frequent target for attackers, resulting in thirty-two recorded Common Vulnerabilities and Exposures. Historically, the platform has been susceptible to remote code execution, cross-site scripting, and privilege escalation flaws, often stemming from insecure plugin architectures or insufficient input validation. Security incidents frequently involve unauthorized administrative access or data exfiltration through exploited themes and extensions. While the core software undergoes rigorous review, the extensive ecosystem of third-party contributions introduces variability in security hygiene. Regular updates and strict adherence to security best practices are essential for mitigating risks associated with its complex, modular structure and high visibility in the digital landscape.

Top products by WordPress: wordpress-develop WordPress Requests Social-Share-Buttons
CVE IDTitleCVSSSeverityPublished
CVE-2023-54333 Social-Share-Buttons 2.2.3 - SQL Injection via project_id Parameter — Social-Share-ButtonsCWE-89 8.2 High2026-01-13
CVE-2025-58674 WordPress <= 6.8.2 - (Author+) Cross Site Scripting (XSS) Vulnerability — WordPressCWE-79 5.9 Medium2025-09-23
CVE-2025-58246 WordPress <= 6.8.2 - (Contributor+) Sensitive Data Exposure Vulnerability — WordPressCWE-201 4.3 Medium2025-09-23
CVE-2025-54352 WordPress 安全漏洞 — WordPressCWE-669 3.7 Low2025-07-21
CVE-2024-31211 Remote Code Execution in `WP_HTML_Token` — wordpress-developCWE-502 5.5 Medium2024-04-04
CVE-2024-31210 PHP file upload bypass via Plugin installer — wordpress-developCWE-434 7.7 High2024-04-04
CVE-2023-5561 WordPress < 6.3.2 - Unauthenticated Post Author Email Disclosure — WordPress 5.3 -2023-10-16
CVE-2022-3590 WP <= 6.1.1 - Unauthenticated Blind SSRF via DNS Rebinding — WordPress 5.9 -2022-12-14
CVE-2022-21662 Stored XSS in WordPress — wordpress-developCWE-79 8.0 High2022-01-06
CVE-2022-21663 Authenticated Object Injection in Multisites in WordPress — wordpress-developCWE-74 6.6 Medium2022-01-06
CVE-2022-21664 SQL injection in WordPress — wordpress-developCWE-89 7.4 High2022-01-06
CVE-2022-21661 SQL injection in WordPress — wordpress-developCWE-89 8.0 High2022-01-06
CVE-2021-39203 Private data disclosure/privilege escalation through the block editor in Wordpress — wordpress-developCWE-200 6.8 Medium2021-09-09
CVE-2021-39202 WordPress 5.8 beta: Stored Cross-Site Scripting (XSS) vulnerability in widget — wordpress-developCWE-79 7.6 High2021-09-09
CVE-2021-39201 Authenticated cross-site scripting (XSS) in WordPress editor — wordpress-developCWE-79 7.6 High2021-09-09
CVE-2021-39200 Information Disclosure in wp_die() via JSONP in wordpress — wordpress-developCWE-200 5.3 Medium2021-09-09
CVE-2021-29476 Insecure Deserialization of untrusted data in rmccue/requests — RequestsCWE-502 9.8 Critical2021-04-27
CVE-2021-29450 WordPress Authenticated disclosure of password-protected posts and pages — wordpress-developCWE-200 6.5 Medium2021-04-15
CVE-2021-29447 WordPress Authenticated XXE attack when installation is running PHP 8 — wordpress-developCWE-611 7.1 High2021-04-15
CVE-2020-4047 Authenticated XSS via media attachment page in WordPress — wordpress-developCWE-80 6.8 Medium2020-06-12
CVE-2020-4048 Open redirect in wp_validate_redirect() in WordPress — wordpress-developCWE-601 5.7 Medium2020-06-12
CVE-2020-4049 Authenticated self-XSS via theme uploads in WordPress — wordpress-developCWE-80 2.4 Low2020-06-12
CVE-2020-4050 set-screen-option filter misuse by plugins leading to privilege escalation in WordPress — wordpress-developCWE-288 3.5 Low2020-06-12
CVE-2020-4046 Authenticated XSS through embed block in WordPress — wordpress-developCWE-80 5.4 Medium2020-06-12
CVE-2020-11026 Specially crafted filenames in WordPress leading to XSS — WordPressCWE-707 8.7 High2020-04-30
CVE-2020-11028 Unauthenticated disclosure of certain private posts in WordPress — WordPressCWE-284 5.8 Medium2020-04-30
CVE-2020-11029 Cross-site scripting in stats method (object cache) in WordPress — WordPressCWE-79 5.8 Medium2020-04-30
CVE-2020-11030 Cross-site scripting (XSS) in Search block in WordPress — WordPressCWE-707 6.4 Medium2020-04-30
CVE-2020-11025 Authenticated cross-site scripting (XSS) in WordPress Customizer — WordPressCWE-79 5.8 Medium2020-04-30
CVE-2020-11027 Password reset links invalidation issue in WordPress — WordPressCWE-672 6.1 Medium2020-04-30

This page lists every published CVE security advisory associated with WordPress. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.