Showing 21-40 of 362 WordPress Core vulnerabilities

Title CVE ID CVSS Vector Date
WordPress Core < 6.0.3 & Gutenberg < 14.3.1 - Authenticated Cross-Site Scripting in Various Blocks 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N October 18, 2022
WordPress Core < 6.0.3 - Authenticated Information Disclosure via REST-API 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N October 18, 2022
WordPress Core < 6.0.3 - Authenticated (Admin+) Stored Cross-Site Scripting via Customizer 5.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N October 18, 2022
WordPress Core < 6.0.3 - Information Disclosure (Multi-Part Email Leak) 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N October 18, 2022
WordPress Core < 6.0.3 - Open Redirect 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N October 18, 2022
WordPress Core < 6.0.3 - Cross-Site Request Forgery via wp-trackback.php 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H October 18, 2022
WordPress Core < 6.0.3 - Reflected Cross-Site Scripting via SQL Injection CVE-2022-43497 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H October 18, 2022
WordPress Core < 6.0.3 - SQL Injection via WP_Date_Query 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H October 18, 2022
WordPress Core < 6.0.3 - Information Disclosure (Email Address) CVE-2022-43504 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N October 18, 2022
WordPress Core < 6.0.3 - Authenticated (Editor+) Stored Cross-Site Scripting via Comments 5.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N October 18, 2022
WordPress Core < 6.0.3 - Stored Cross-Site Scripting via wp-mail.php CVE-2022-43504 7.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N October 18, 2022
WordPress Core - All known versions - Unauthenticated Blind Server Side Request Forgery CVE-2022-3590 4.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N September 6, 2022
WordPress Core < 6.0.2 - Stored Cross-Site Scripting via Plugin Deactivation and Deletion Errors 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N August 30, 2022
WordPress Core < 6.0.2 - Authenticated SQL Injection 8.0 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H August 30, 2022
WordPress Core < 6.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via use of the_meta(); function 4.9 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N August 30, 2022
WordPress Core < 5.9.1 - jQuery Prototype Pollution CVE-2021-20083 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H March 11, 2022
WordPress Core < 5.9.2 & Gutenberg < 12.7.2 - Prototype Pollution via Block Editor 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N March 11, 2022
WordPress Core 5.9 - 5.9.1 - Authenticated (Contributor+) Stored Cross-Site Scripting 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N March 11, 2022
WordPress Core < 5.8.3 - SQL Injection via WP_Meta_Query CVE-2022-21664 7.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L January 6, 2022
WordPress Core < 5.8.3 - Super Admin Multi-Site Installation Object Injection CVE-2022-21663 6.6 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H January 6, 2022

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation