WordPress Core Vulnerabilities

🧹It's time for some spring cleaning! All researchers earn over 6.25x our normal bounty rates, through May 27th, 2024, when Wordfence handles responsible disclosure for our Spring Cleaning Bug Extravaganza! Learn more about our bug bounty program
Register as a researcher and submit your vulnerabilities today!

Wordfence Intelligence > Vulnerability Database > WordPress Core

Showing 61-80 of 358 WordPress Core vulnerabilities

WordPress Core < 5.4.2 - Comment Disclosure

5.3

CVE-2020-25286

Jun 10, 2020

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

WordPress Core < 5.4.2 - Authenticated Stored Cross-Site Scripting

5.4

CVE-2020-4046

Jun 10, 2020

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

WordPress Core < 5.4.2 - Authenticated Stored Cross-Site Scripting

6.8

CVE-2020-4047

Jun 10, 2020

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N

WordPress Core < 5.4.1 - Private Post Disclosure

5.8

CVE-2020-11028

Apr 29, 2020

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:N/A:N

WordPress Core < 5.4.1 - Authenticated Cross-Site Scripting via Customizer

5.8

CVE-2020-11025

Apr 29, 2020

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:N/A:N

WordPress Core < 5.4.1 - Reflected Cross Site Scripting

5.8

CVE-2020-11029

Apr 29, 2020

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:N/A:N

WordPress Core < 5.4.1 - Password Reset Link Non-Expiration

6.1

CVE-2020-11027

Apr 29, 2020

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N

WordPress Core < 5.4.1 - Cross-Site Scripting in the Block Editor

6.4

CVE-2020-11030

Apr 29, 2020

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

WordPress Core < 5.4.1 - Authenticated (Author+) Cross-Site Scripting via File Uploads

6.4

CVE-2020-11026

Apr 29, 2020

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

WordPress Core < 5.3.1 - Authenticated Stored Cross-Site Scripting

6.4

CVE-2019-20042

Dec 13, 2019

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

WordPress Core < 5.3.1 - Stored Cross-Site Scripting via Block Editor

5.8

CVE-2019-16780

Dec 13, 2019

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:N/A:N

WordPress Core < 5.3.1 - Authenticated Stored Cross-Site Scripting

5.8

CVE-2019-16781

Dec 13, 2019

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:N/A:N

WordPress Core < 5.3.1 - Authenticated Stored Cross-Site Scripting

6.4

CVE-2019-20041

Dec 13, 2019

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

WordPress Core < 5.3.1 - Authorization Bypass

4.3

CVE-2019-20043

Dec 1, 2019

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

WordPress Core < 5.2.4 - Type Confusion

5.5

CVE-2019-17675

Oct 14, 2019

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L

WordPress Core < 5.2.4 - Authorization Bypass

5.3

CVE-2019-17671

Oct 14, 2019

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

WordPress Core < 5.2.4 - Authenticated Stored Cross-Site Scripting via Customizer

5.5

CVE-2019-17674

Oct 14, 2019

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N

WordPress Core < 5.2.4 - Cache Poisoning

7.3

CVE-2019-17673

Oct 14, 2019

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

WordPress Core < 5.2.4 - Server Side Request Forgery #2

5.4

CVE-2019-17670

Oct 14, 2019

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

WordPress Core < 5.2.4 - Server Side Request Forgery

5.4

CVE-2019-17669

Oct 14, 2019

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Title	CVE ID	CVSS	Vector	Date
WordPress Core < 5.4.2 - Comment Disclosure	CVE-2020-25286	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N	June 10, 2020
WordPress Core < 5.4.2 - Authenticated Stored Cross-Site Scripting	CVE-2020-4046	5.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N	June 10, 2020
WordPress Core < 5.4.2 - Authenticated Stored Cross-Site Scripting	CVE-2020-4047	6.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N	June 10, 2020
WordPress Core < 5.4.1 - Private Post Disclosure	CVE-2020-11028	5.8	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:N/A:N	April 29, 2020
WordPress Core < 5.4.1 - Authenticated Cross-Site Scripting via Customizer	CVE-2020-11025	5.8	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:N/A:N	April 29, 2020
WordPress Core < 5.4.1 - Reflected Cross Site Scripting	CVE-2020-11029	5.8	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:N/A:N	April 29, 2020
WordPress Core < 5.4.1 - Password Reset Link Non-Expiration	CVE-2020-11027	6.1	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N	April 29, 2020
WordPress Core < 5.4.1 - Cross-Site Scripting in the Block Editor	CVE-2020-11030	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	April 29, 2020
WordPress Core < 5.4.1 - Authenticated (Author+) Cross-Site Scripting via File Uploads	CVE-2020-11026	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	April 29, 2020
WordPress Core < 5.3.1 - Authenticated Stored Cross-Site Scripting	CVE-2019-20042	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	December 13, 2019
WordPress Core < 5.3.1 - Stored Cross-Site Scripting via Block Editor	CVE-2019-16780	5.8	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:N/A:N	December 13, 2019
WordPress Core < 5.3.1 - Authenticated Stored Cross-Site Scripting	CVE-2019-16781	5.8	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:N/A:N	December 13, 2019
WordPress Core < 5.3.1 - Authenticated Stored Cross-Site Scripting	CVE-2019-20041	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	December 13, 2019
WordPress Core < 5.3.1 - Authorization Bypass	CVE-2019-20043	4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N	December 1, 2019
WordPress Core < 5.2.4 - Type Confusion	CVE-2019-17675	5.5	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L	October 14, 2019
WordPress Core < 5.2.4 - Authorization Bypass	CVE-2019-17671	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N	October 14, 2019
WordPress Core < 5.2.4 - Authenticated Stored Cross-Site Scripting via Customizer	CVE-2019-17674	5.5	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N	October 14, 2019
WordPress Core < 5.2.4 - Cache Poisoning	CVE-2019-17673	7.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L	October 14, 2019
WordPress Core < 5.2.4 - Server Side Request Forgery #2	CVE-2019-17670	5.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N	October 14, 2019
WordPress Core < 5.2.4 - Server Side Request Forgery	CVE-2019-17669	5.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N	October 14, 2019

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation