Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

WordPress — Vulnerabilities & Security Advisories 32

Browse all 32 CVE security advisories affecting WordPress. AI-powered Chinese analysis, POCs, and references for each vulnerability.

WordPress operates as an open-source content management system powering a significant portion of the global web, primarily enabling users to create and manage websites without extensive coding knowledge. Its widespread adoption has made it a frequent target for attackers, resulting in thirty-two recorded Common Vulnerabilities and Exposures. Historically, the platform has been susceptible to remote code execution, cross-site scripting, and privilege escalation flaws, often stemming from insecure plugin architectures or insufficient input validation. Security incidents frequently involve unauthorized administrative access or data exfiltration through exploited themes and extensions. While the core software undergoes rigorous review, the extensive ecosystem of third-party contributions introduces variability in security hygiene. Regular updates and strict adherence to security best practices are essential for mitigating risks associated with its complex, modular structure and high visibility in the digital landscape.

Found 17 results / 32Clear Filters
Top products by WordPress: wordpress-develop WordPress Requests Social-Share-Buttons
CVE IDTitleCVSSSeverityPublished
CVE-2024-31211 Remote Code Execution in `WP_HTML_Token` — wordpress-developCWE-502 5.5 Medium2024-04-04
CVE-2024-31210 PHP file upload bypass via Plugin installer — wordpress-developCWE-434 7.7 High2024-04-04
CVE-2022-21662 Stored XSS in WordPress — wordpress-developCWE-79 8.0 High2022-01-06
CVE-2022-21663 Authenticated Object Injection in Multisites in WordPress — wordpress-developCWE-74 6.6 Medium2022-01-06
CVE-2022-21664 SQL injection in WordPress — wordpress-developCWE-89 7.4 High2022-01-06
CVE-2022-21661 SQL injection in WordPress — wordpress-developCWE-89 8.0 High2022-01-06
CVE-2021-39203 Private data disclosure/privilege escalation through the block editor in Wordpress — wordpress-developCWE-200 6.8 Medium2021-09-09
CVE-2021-39202 WordPress 5.8 beta: Stored Cross-Site Scripting (XSS) vulnerability in widget — wordpress-developCWE-79 7.6 High2021-09-09
CVE-2021-39201 Authenticated cross-site scripting (XSS) in WordPress editor — wordpress-developCWE-79 7.6 High2021-09-09
CVE-2021-39200 Information Disclosure in wp_die() via JSONP in wordpress — wordpress-developCWE-200 5.3 Medium2021-09-09
CVE-2021-29450 WordPress Authenticated disclosure of password-protected posts and pages — wordpress-developCWE-200 6.5 Medium2021-04-15
CVE-2021-29447 WordPress Authenticated XXE attack when installation is running PHP 8 — wordpress-developCWE-611 7.1 High2021-04-15
CVE-2020-4047 Authenticated XSS via media attachment page in WordPress — wordpress-developCWE-80 6.8 Medium2020-06-12
CVE-2020-4048 Open redirect in wp_validate_redirect() in WordPress — wordpress-developCWE-601 5.7 Medium2020-06-12
CVE-2020-4049 Authenticated self-XSS via theme uploads in WordPress — wordpress-developCWE-80 2.4 Low2020-06-12
CVE-2020-4050 set-screen-option filter misuse by plugins leading to privilege escalation in WordPress — wordpress-developCWE-288 3.5 Low2020-06-12
CVE-2020-4046 Authenticated XSS through embed block in WordPress — wordpress-developCWE-80 5.4 Medium2020-06-12

This page lists every published CVE security advisory associated with WordPress. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.