Wordfence Intelligence   >   Vulnerability Database   >   WordPress Core

Showing 101-120 of 359 WordPress Core vulnerabilities

WordPress Core <= 2.5.1 - Arbitrary File Upload
7.2
CVE-2008-2392
Apr 25, 2008
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
WordPress Core <= 2.0.9 - Cross-Site Scripting
7.2
CVE-2008-0192
Apr 3, 2007
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
WordPress Core < 2.09 - Cross-Site Scripting
7.2
CVE-2007-1049
Feb 21, 2007
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
WordPress Core <= 2.0.1 - Cross-Site Scripting
7.2
CVE-2006-0985
Mar 10, 2006
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
WordPress Core <= 1.5.2 - SQL Injection
7.2
CVE-2006-1012
Dec 31, 2005
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
WordPress Core <= 1.5.1.2 - Cross-Site Scripting
7.2
CVE-2005-2107
Jun 29, 2005
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
WordPress Core < 5.7.1 - XXE Injection
7.1
CVE-2021-29447
Apr 15, 2021
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
WordPress Core < 3.1.3 - Clickjacking
7.1
CVE-2011-3127
May 25, 2011
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
WordPress Core 5.8 beta - Block Editor Authorization Bypass
6.8
CVE-2021-39203
Sep 9, 2021
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
WordPress Core < 5.4.2 - Authenticated Stored Cross-Site Scripting
6.8
CVE-2020-4047
Jun 10, 2020
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N
WordPress Core < 5.8.3 - Super Admin Multi-Site Installation Object Injection
6.6
CVE-2022-21663
Jan 6, 2022
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
WordPress Core < 6.4.3 - Authenticated(Administrator+) PHP File Upload
6.6
CVE-2018-14028
Aug 4, 2018
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
WordPress Core < 6.2.1 - Shortcode Execution in User Generated Content
6.5
CVE ID Unknown
May 19, 2023
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
WordPress Core < 6.2.2 - Shortcode Execution in User Generated Content
6.5
CVE ID Unknown
May 19, 2023
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
WordPress Core < 5.7.1 - Sensitive Information Disclosure
6.5
CVE-2021-29450
Apr 15, 2021
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
WordPress Core <= 5.0.3 - Path Traversal and Local File Inclusion
6.5
CVE-2019-8943
Feb 19, 2019
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
WordPress Core < 4.6.1 - Authenticated Directory Traversal to Arbitrary File Access
6.5
CVE-2016-7169
Sep 7, 2016
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
WordPress Core <= 4.5.3 - Denial of Service
6.5
CVE-2016-6896
Aug 22, 2016
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
WordPress Core < 4.2.3 - Authorization Bypass
6.5
CVE-2015-5623
Jul 23, 2015
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
WordPress Core < 3.9.2 - Denial of Service via XML #2
6.5
CVE-2014-5266
Aug 6, 2014
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Title CVE ID CVSS Vector Date
WordPress Core <= 2.5.1 - Arbitrary File Upload CVE-2008-2392 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H April 25, 2008
WordPress Core <= 2.0.9 - Cross-Site Scripting CVE-2008-0192 7.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N April 3, 2007
WordPress Core < 2.09 - Cross-Site Scripting CVE-2007-1049 7.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N February 21, 2007
WordPress Core <= 2.0.1 - Cross-Site Scripting CVE-2006-0985 7.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N March 10, 2006
WordPress Core <= 1.5.2 - SQL Injection CVE-2006-1012 7.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N December 31, 2005
WordPress Core <= 1.5.1.2 - Cross-Site Scripting CVE-2005-2107 7.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N June 29, 2005
WordPress Core < 5.7.1 - XXE Injection CVE-2021-29447 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N April 15, 2021
WordPress Core < 3.1.3 - Clickjacking CVE-2011-3127 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L May 25, 2011
WordPress Core 5.8 beta - Block Editor Authorization Bypass CVE-2021-39203 6.8 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N September 9, 2021
WordPress Core < 5.4.2 - Authenticated Stored Cross-Site Scripting CVE-2020-4047 6.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N June 10, 2020
WordPress Core < 5.8.3 - Super Admin Multi-Site Installation Object Injection CVE-2022-21663 6.6 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H January 6, 2022
WordPress Core < 6.4.3 - Authenticated(Administrator+) PHP File Upload CVE-2018-14028 6.6 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H August 4, 2018
WordPress Core < 6.2.1 - Shortcode Execution in User Generated Content 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N May 19, 2023
WordPress Core < 6.2.2 - Shortcode Execution in User Generated Content 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N May 19, 2023
WordPress Core < 5.7.1 - Sensitive Information Disclosure CVE-2021-29450 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N April 15, 2021
WordPress Core <= 5.0.3 - Path Traversal and Local File Inclusion CVE-2019-8943 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N February 19, 2019
WordPress Core < 4.6.1 - Authenticated Directory Traversal to Arbitrary File Access CVE-2016-7169 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N September 7, 2016
WordPress Core <= 4.5.3 - Denial of Service CVE-2016-6896 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H August 22, 2016
WordPress Core < 4.2.3 - Authorization Bypass CVE-2015-5623 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N July 23, 2015
WordPress Core < 3.9.2 - Denial of Service via XML #2 CVE-2014-5266 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H August 6, 2014

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation