ThreatPress

WordPress Vulnerabilities Database

WordPress Core Vulnerabilities

Please use the search to find what you're looking for

Product Title Disclosure Date
WordPress WordPress <=4.9.6 - Arbitrary Code Execution vulnerability 2018-06-27
WordPress WordPress <=4.9.4 - Vulnerable due to "localhost" default parameter 2018-04-05
WordPress WordPress <=4.9.4 - Use Safe Redirect for Login 2018-04-05
WordPress WordPress <=4.9.4 - Escape Version in Generator Tag 2018-04-05
WordPress WordPress <=4.9.2 - Application Denial of Service (DoS) vulnerability 2018-02-05
WordPress WordPress 3.7-4.9.1 - Cross-Site Scripting vulnerability 2018-01-17
WordPress WordPress <=4.9 - Authenticated JavaScript File Upload vulnerability 2017-12-01
WordPress WordPress 1.5.0-4.9 - RSS and Atom Feed Escaping 2017-11-29
WordPress WordPress 4.3.0-4.9 - HTML Language Attribute Escaping 2017-11-29
WordPress WordPress 3.7-4.9 - newbloguser Key Bypass 2017-11-29
WordPress WordPress <=4.8.2 - potential SQL injection (SQLi), $wpdb->prepare() issue, possible unsafe queries 2017-10-31
WordPress WordPress <=4.8.1 - SQL injection (SQLi) vulnerability 2017-09-19
WordPress WordPress <=4.8.1 - Cross-Site Scripting (XSS) vulnerability (oEmbed) 2017-09-19
WordPress WordPress <=4.8.1 - Cross-Site Scripting (XSS) vulnerability (visual editor) 2017-09-19
WordPress WordPress <=4.8.1 - Cross-Site Scripting (XSS) vulnerability (plugin editor) 2017-09-19
WordPress WordPress <=4.8.1 - Cross-Site Scripting (XSS) vulnerability (template names) 2017-09-19
WordPress WordPress <=4.8.1 - Cross-Site Scripting (XSS) vulnerability (link modal) 2017-09-19
WordPress WordPress <=4.8.1 - Path traversal vulnerability (file unzipping code) 2017-09-19
WordPress WordPress <=4.8.1 - Path traversal vulnerability (customizer) 2017-09-19
WordPress WordPress <=4.8.1 - Open redirect vulnerability (user and term edit screens) 2017-09-19