ThreatPress

WordPress Vulnerabilities Database

WordPress Core Vulnerabilities

Please use the search to find what you're looking for

Product Title Disclosure Date
WordPress WordPress <=4.9 - Authenticated JavaScript File Upload vulnerability 2017-12-01
WordPress WordPress <=4.8.2 - potential SQL injection (SQLi), $wpdb->prepare() issue, possible unsafe queries 2017-10-31
WordPress WordPress <=4.8.1 - SQL injection (SQLi) vulnerability 2017-09-19
WordPress WordPress <=4.8.1 - Cross-Site Scripting (XSS) vulnerability (oEmbed) 2017-09-19
WordPress WordPress <=4.8.1 - Cross-Site Scripting (XSS) vulnerability (visual editor) 2017-09-19
WordPress WordPress <=4.8.1 - Cross-Site Scripting (XSS) vulnerability (plugin editor) 2017-09-19
WordPress WordPress <=4.8.1 - Cross-Site Scripting (XSS) vulnerability (template names) 2017-09-19
WordPress WordPress <=4.8.1 - Cross-Site Scripting (XSS) vulnerability (link modal) 2017-09-19
WordPress WordPress <=4.8.1 - Path traversal vulnerability (file unzipping code) 2017-09-19
WordPress WordPress <=4.8.1 - Path traversal vulnerability (customizer) 2017-09-19
WordPress WordPress <=4.8.1 - Open redirect vulnerability (user and term edit screens) 2017-09-19
WordPress WordPress <=4.7.4 - Insufficient Redirect Validation vulnerability 2017-05-17
WordPress WordPress <=4.7.4 - Post Meta Data Values Improper Handling in XML-RPC API 2017-05-16
WordPress WordPress <=4.7.4 - Host Header Injection in Password Reset 2017-05-03
WordPress WordPress <= 4.5.3 - Path traversal 2016-07-12
WordPress WordPress <= 4.5.2 - BYPASS #1 2016-06-23
WordPress WordPress <= 4.5.2 - BYPASS #2 2016-06-23
WordPress WordPress <= 4.5.2 - BYPASS #3 2016-06-23
WordPress WordPress <= 4.5.2 - Denial of Service Attacks 2016-06-23
WordPress WordPress <= 4.5.2 - Session Hijacking 2016-06-23