Wordpress-develop

This hub aggregates every CVE we track for Wordpress-develop, a product in the web cms plugins space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Wordpress-develop.

• CVE-2024-31211Remote Code Execution in `WP_HTML_Token`5.5Apr 4, 2024
• CVE-2024-31210PHP file upload bypass via Plugin installer7.6Apr 4, 2024
• CVE-2022-21662Stored XSS in WordPress8.0Jan 6, 2022
• CVE-2022-21663Authenticated Object Injection in Multisites in WordPress6.6Jan 6, 2022
• CVE-2022-21664SQL injection in WordPress7.4Jan 6, 2022
• CVE-2022-21661SQL injection in WordPress8.0Jan 6, 2022
• CVE-2021-39203Private data disclosure/privilege escalation through the block editor in Wordpress6.8Sep 9, 2021
• CVE-2021-39202WordPress 5.8 beta: Stored Cross-Site Scripting (XSS) vulnerability in widget7.6Sep 9, 2021
• CVE-2021-39201Authenticated cross-site scripting (XSS) in WordPress editor7.6Sep 9, 2021
• CVE-2021-39200Information Disclosure in wp_die() via JSONP in wordpress5.3Sep 9, 2021
• CVE-2021-29450WordPress Authenticated disclosure of password-protected posts and pages6.5Apr 15, 2021
• CVE-2021-29447WordPress Authenticated XXE attack when installation is running PHP 87.1Apr 15, 2021
• CVE-2020-4047Authenticated XSS via media attachment page in WordPress6.8Jun 12, 2020
• CVE-2020-4048Open redirect in wp_validate_redirect() in WordPress5.7Jun 12, 2020
• CVE-2020-4049Authenticated self-XSS via theme uploads in WordPress2.4Jun 12, 2020