wordpress

Top products

The 15 most recently published vulnerabilities affecting wordpress.

• CVE-2020-37233WordPress Plugin Buddypress 6.2.0 Persistent Cross-Site Scripting6.4May 16, 2026
• CVE-2023-54333Social-Share-Buttons 2.2.3 - SQL Injection via project_id Parameter8.2Jan 13, 2026
• CVE-2025-58674WordPress <= 6.8.2 - (Author+) Cross Site Scripting (XSS) Vulnerability5.9Sep 23, 2025
• CVE-2025-58246WordPress <= 6.8.2 - (Contributor+) Sensitive Data Exposure Vulnerability4.3Sep 23, 2025
• CVE-2025-54352WordPress 3.5 through 6.8.2 allows remote attackers to guess titles of private and draft posts via pingback.ping XML-RPC requests. NOTE: the Supplier is not changing this behavior.3.7Jul 21, 2025
• CVE-2022-4973WordPress Core < 6.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via use of the_meta(); function4.9Oct 16, 2024
• CVE-2024-8914Thanh Toán Quét Mã QR Code Tự Động – MoMo, ViettelPay, VNPay và 40 ngân hàng Việt Nam <= 2.0.1 - Unauthenticated Stored Cross-Site Scripting7.2Sep 24, 2024
• CVE-2024-4439WordPress Core is vulnerable to Stored Cross-Site Scripting via user display names in the Avatar block in various versions up to 6.5.2 due to insufficient output escaping on the display name. This ...7.2May 3, 2024
• CVE-2024-31211Remote Code Execution in `WP_HTML_Token`5.5Apr 4, 2024
• CVE-2024-31210PHP file upload bypass via Plugin installer7.6Apr 4, 2024
• CVE-2023-5561WordPress < 6.3.2 - Unauthenticated Post Author Email Disclosure5.3Oct 16, 2023
• CVE-2023-39999WordPress < 6.3.2 is vulnerable to Broken Access Control4.3Oct 13, 2023
• CVE-2023-38000Auth. Stored Cross-Site Scripting (XSS) vulnerability in WordPress core and Gutenberg plugin via Navigation Links Block6.5Oct 13, 2023
• CVE-2013-10027Blogger Importer Plugin blogger-importer.php restart cross-site request forgery4.3Jun 4, 2023
• CVE-2022-47174WordPress Performance Lab Plugin <= 2.2.0 is vulnerable to Cross Site Request Forgery (CSRF)4.3May 25, 2023