WordPress Core Vulnerabilities Please use the search to find what you're looking for Product Title Disclosure Date WordPress WordPress <=4.8.1 - Open redirect vulnerability (user and term edit screens) 2017-09-19 WordPress WordPress <=4.7.4 - Insufficient Redirect Validation vulnerability 2017-05-17 WordPress WordPress <=4.7.4 - Post Meta Data Values Improper Handling in XML-RPC API 2017-05-16 WordPress WordPress <=4.7.4 - Host Header Injection in Password Reset 2017-05-03 WordPress WordPress <= 4.5.3 - Path traversal 2016-07-12 WordPress WordPress <= 4.5.2 - BYPASS #1 2016-06-23 WordPress WordPress <= 4.5.2 - BYPASS #2 2016-06-23 WordPress WordPress <= 4.5.2 - BYPASS #3 2016-06-23 WordPress WordPress <= 4.5.2 - Denial of Service Attacks 2016-06-23 WordPress WordPress <= 4.5.2 - Session Hijacking 2016-06-23 WordPress WordPress <= 4.5.2 - XSS #1 2016-06-23 WordPress WordPress <= 4.5.2 - XSS #2 2016-06-23 WordPress WordPress <= 4.5.2 - BYPASS #4 2016-06-23 WordPress WordPress <= 2.20.9 - XSS 2016-05-07 WordPress WordPress <= 4.5.1 - XSS 2016-05-07 WordPress WordPress <= 4.4 - Service Side Request Forgery 2016-04-15 WordPress WordPress <= 4.4.1 - XSS 2016-04-12 WordPress WordPress <= 4.4.1 - CSRF 2016-04-12 WordPress WordPress <= 4.2.1 - XSS 2016-03-25 WordPress WordPress <= 4.4.1 - SSRF 2016-02-05 1 2 3 4 5 ... 11 12 13