Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

WordPress — Vulnerabilities & Security Advisories 32

Browse all 32 CVE security advisories affecting WordPress. AI-powered Chinese analysis, POCs, and references for each vulnerability.

WordPress operates as an open-source content management system powering a significant portion of the global web, primarily enabling users to create and manage websites without extensive coding knowledge. Its widespread adoption has made it a frequent target for attackers, resulting in thirty-two recorded Common Vulnerabilities and Exposures. Historically, the platform has been susceptible to remote code execution, cross-site scripting, and privilege escalation flaws, often stemming from insecure plugin architectures or insufficient input validation. Security incidents frequently involve unauthorized administrative access or data exfiltration through exploited themes and extensions. While the core software undergoes rigorous review, the extensive ecosystem of third-party contributions introduces variability in security hygiene. Regular updates and strict adherence to security best practices are essential for mitigating risks associated with its complex, modular structure and high visibility in the digital landscape.

Top products by WordPress: wordpress-develop WordPress Requests Social-Share-Buttons
High2026-05-02
Simple Link Directory – WordPress plugin | WordPress.org
Medium2026-04-28
Social Post Embed <= 2.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Threads Embed
Low2026-04-23
Fast & Fancy Filter – 3F <= 1.2.2 - Cross-Site Request Forgery to Settings Modification via fff_save_settins AJAX Action
HighCVE-2026-27172026-04-23
HTTP Headers <= 1.19.2 - Authenticated (Administrator+) External Control of File Name or Path to RCE via 'hh_htpasswd_pa
MediumCVE-2024-24832026-04-19
Email Encoder – Protect Email Addresses and Phone Numbers <= 2.4.4 - Authenticated (Contributor+) Stored Cross-Site Scri
Unknown2026-04-11
Download Manager <= 3.3.51 - Missing Authorization to Authenticated (Contributor+) Media File Protection Removal
CriticalCVE-2025-65862026-04-09
GitHub - d0n601/CVE-2025-6586: Download Plugin <= 2.2.8 - Authenticated (Administrator+) Arbitrary File Upload · GitHub
CriticalCVE-2024-43782026-04-04
CVE-2026-26058: Protect again path traversal when importing uploads. · zulip/zulip@2df49e7 · GitHub
High2026-04-04
Fix plugin upload temp path traversal by melohagan · Pull Request #18240 · Budibase/budibase · GitHub
Critical2026-04-03
Fix SSRF + Information Disclosure via stylesheet links to a local net… · roundcube/roundcubemail@27ec6cc · GitHub
CriticalCVE-2024-46662026-04-03
Merge commit from fork · vshakitskiy/ewe@ce4ff21 · GitHub
Critical2026-04-03
fix: require `--trust` for `_external_data` paths outside subproject … · copier-org/copier@5413062 · GitHub
Low2026-04-02
Cross Site Scripting (XSS) in WordPress MSTW League Manager Plugin - Patchstack
High2026-04-02
[winpr,sspi] Fix context nullptr handling · FreeRDP/FreeRDP@8078b8a · GitHub
High2026-04-02
Stored Cross-Site Scripting via crafted EPUB file · Advisory · filebrowser/filebrowser · GitHub
UnknownCVE-2024-388762026-04-02
Add TrustHosts middleware · freescout-help-desk/freescout@889d75c · GitHub
MediumCVE-2018-102682026-04-02
Improve external data file handling - onnx.load (#7717) · onnx/onnx@4755f80 · GitHub
High2026-04-02
[openssl] Don't set openssldir to a potentially-world-writable locati… · microsoft/vcpkg@5111afd · GitHub
High2026-04-02
fix: Shared PDF authentication bypass (CVE-2026-34376) · mrmn2/PdfDing@ae579ea · GitHub
High2026-04-02
Security_Note/Vulnerability_Discovery/yudaoCloudv2026.01.md at main · NarcherAlter/Security_Note · GitHub

Showing up to 20 recent security advisories. View all →

This page lists every published CVE security advisory associated with WordPress. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.