ThreatPress

WordPress Vulnerabilities Database

WordPress Core Vulnerabilities

Please use the search to find what you're looking for

Product Title Disclosure Date
WordPress WordPress <= 5.0 - Authenticated File Delete vulnerability 2018-12-13
WordPress WordPress <= 5.0 - Authenticated Post Type Bypass vulnerability 2018-12-13
WordPress WordPress <= 5.0 - PHP Object Injection via Meta Data vulnerability 2018-12-13
WordPress WordPress <= 5.0 - Authenticated Cross-Site Scripting (XSS) vulnerability 2018-12-13
WordPress WordPress <= 5.0 - Cross-Site Scripting (XSS) vulnerability that could affect plugins 2018-12-13
WordPress WordPress <= 5.0 - User Activation Screen Search Engine Indexing 2018-12-13
WordPress WordPress <= 5.0 - File Upload to XSS on Apache Web Servers vulnerability 2018-12-13
WordPress WordPress <=4.9.6 - Arbitrary Code Execution vulnerability 2018-06-27
WordPress WordPress <=4.9.4 - Vulnerable due to "localhost" default parameter 2018-04-05
WordPress WordPress <=4.9.4 - Use Safe Redirect for Login 2018-04-05
WordPress WordPress <=4.9.4 - Escape Version in Generator Tag 2018-04-05
WordPress WordPress <=4.9.2 - Application Denial of Service (DoS) vulnerability 2018-02-05
WordPress WordPress 3.7-4.9.1 - Cross-Site Scripting vulnerability 2018-01-17
WordPress WordPress <=4.9 - Authenticated JavaScript File Upload vulnerability 2017-12-01
WordPress WordPress 1.5.0-4.9 - RSS and Atom Feed Escaping 2017-11-29
WordPress WordPress 4.3.0-4.9 - HTML Language Attribute Escaping 2017-11-29
WordPress WordPress 3.7-4.9 - newbloguser Key Bypass 2017-11-29
WordPress WordPress <=4.8.2 - potential SQL injection (SQLi), $wpdb->prepare() issue, possible unsafe queries 2017-10-31
WordPress WordPress <=4.8.1 - SQL injection (SQLi) vulnerability 2017-09-19
WordPress WordPress <=4.8.1 - Cross-Site Scripting (XSS) vulnerability (oEmbed) 2017-09-19