WordPress core <= 6.0.2 - Cross-Site Scripting (XSS) vulnerability |
Fixed in: 5.0.18 |
Details |
WordPress core <= 6.0.2 - Cross-Site Scripting (XSS) vulnerability |
Fixed in: 5.0.18 |
Details |
WordPress core <= 6.0.2 - Stored Cross-Site Scripting (XSS) vulnerability |
Fixed in: 5.0.18 |
Details |
WordPress core <= 6.0.2 - Cross-Site Scripting (XSS) vulnerability |
Fixed in: 5.0.18 |
Details |
WordPress core <= 6.0.2 - SQL Injection (SQLi) vulnerability |
Fixed in: 5.0.18 |
Details |
WordPress core <= 6.0.2 - Content From Multipart Emails Leak vulnerability |
Fixed in: 5.0.18 |
Details |
WordPress core <= 6.0.2 - Cross-Site Request Forgery (CSRF) vulnerability in wp-trackback.php |
Fixed in: 5.0.18 |
Details |
WordPress core <= 6.0.2 - Stored Cross-Site Scripting (XSS) vulnerability in Comment editing |
Fixed in: 5.0.18 |
Details |
WordPress core <= 6.0.2 - Stored Cross-Site Scripting (XSS) vulnerability |
Fixed in: 5.0.18 |
Details |
WordPress core <= 6.0.2 - Stored Cross-Site Scripting (XSS) vulnerability |
Fixed in: 5.0.18 |
Details |
WordPress core <= 6.0.2 - Reflected Cross-Site Scripting (XSS) vulnerability |
Fixed in: 5.0.18 |
Details |
WordPress core <= 6.0.2 - Senderâs Email Address Exposure vulnerability |
Fixed in: 5.0.18 |
Details |
WordPress core <= 6.0.2 - Stored Cross-Site Scripting (XSS) vulnerability |
Fixed in: 5.0.18 |
Details |
WordPress core <= 6.0.2 - Data Exposure vulnerability via REST API |
Fixed in: 5.0.18 |
Details |
WordPress core <= 6.0.2 - Open redirect vulnerability |
Fixed in: 5.0.18 |
Details |
WordPress <= 6.0.1 - Authenticated Cross-Site Scripting (XSS) vulnerability |
Fixed in: 5.0.17 |
Details |
WordPress <= 6.0.1 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability |
Fixed in: 5.0.17 |
Details |
WordPress <= 6.0.1 - Authenticated SQL Injection (SQLi) vulnerability via Link API |
Fixed in: 5.0.17 |
Details |
WordPress <= 5.9.1 - Stored Cross-Site Scripting (XSS) vulnerability |
Fixed in: 5.9.2 |
Details |
WordPress <= 5.8.2 - Authenticated Object Injection in Multisites |
Fixed in: 5.0.15 |
Details |
WordPress <= 5.8.2 - SQL Injection (SQLi) vulnerability |
Fixed in: 5.0.15 |
Details |
WordPress <= 5.8.2 - SQL Injection (SQLi) vulnerability |
Fixed in: 5.0.15 |
Details |
WordPress <= 5.8.2 - Stored Cross-Site Scripting (XSS) vulnerability |
Fixed in: 5.0.15 |
Details |
WordPress < 5.8 - Plugin Confusion vulnerability |
Fixed in: 5.8 |
Details |
WordPress core <= 5.8.1 - Expired DST Root CA X3 Certificate issue |
Fixed in: 5.2.13 |
Details |
WordPress core <= 5.8 - Command injection vulnerability in the Lodash library |
Fixed in: 5.0.14 |
Details |
WordPress core <= 5.8 - Data Exposure via REST API vulnerability |
Fixed in: 5.0.14 |
Details |
WordPress core <= 5.8 - Authenticated Cross-Site Scripting (XSS) vulnerability |
Fixed in: 5.0.14 |
Details |
WordPress <= 5.7.1 - Object injection in PHPMailer vulnerability |
Fixed in: 5.0.13 |
Details |
WordPress core 4.7-5.7 - Sensitive Data Exposure vulnerability |
Fixed in: 5.0.12 |
Details |
WordPress core 4.7-5.7 - XML External Entity (XXE) vulnerability |
Fixed in: 5.0.12 |
Details |
WordPress <= 5.5.1 - Mishandled deserialization requests vulnerability |
Fixed in: 5.0.11 |
Details |
WordPress <= 5.5.1 - Mishandling Embeds From Disabled Sites On a Multisite Network vulnerability |
Fixed in: 5.0.11 |
Details |
WordPress <= 5.5.1 - Cross-Site Scripting (XSS) via Global Variables vulnerability |
Fixed in: 5.0.11 |
Details |
WordPress <= 5.5.1 - XML-RPC Privilege Escalation vulnerability |
Fixed in: 5.0.11 |
Details |
WordPress <= 5.5.1 - Unauthenticated Denial-of-Service (DoS) Attack to Remote Code Execution (RCE) vulnerability |
Fixed in: 5.0.11 |
Details |
WordPress <= 5.5.1 - Stored Cross-Site Scripting (XSS) in Post Slugs vulnerability |
Fixed in: 5.0.11 |
Details |
WordPress <= 5.5.1 - Bypass Protected Meta That Could Lead To Arbitrary File Deletion vulnerability |
Fixed in: 5.0.11 |
Details |
WordPress <= 5.5.1 - Cross-Site Request Forgery (CSRF) vulnerability |
Fixed in: 5.0.11 |
Details |
WordPress <= 5.3 - wp_kses_bad_protocol() Colon Bypass vulnerability |
Fixed in: 5.0.8 |
Details |
WordPress <= 5.3 - Stored Cross-Site Scripting (XSS) vulnerability |
Fixed in: 5.0.8 |
Details |
WordPress <= 5.2.3 - Multiple security issues (XSS, SSRF, Cache Poisoning) |
Fixed in: 5.0.7 |
Details |
WordPress core <= 5.2.2 - Cross-Site Scripting (XSS) vulnerability |
Fixed in: 5.0.6 |
Details |
WordPress 3.9-5.1 - Cross-Site Scripting (XSS) vulnerability |
Fixed in: 5.0.5 |
Details |
WordPress 3.7-5.0 (except 4.9.9) - Authenticated Code Execution vulnerability |
Fixed in: 5.0.1 |
Details |
WordPress <= 5.0 - File Upload to XSS on Apache Web Servers vulnerability |
Fixed in: 5.0.1 |
Details |
WordPress <= 5.0 - User Activation Screen Search Engine Indexing |
Fixed in: 5.0.1 |
Details |
WordPress <= 5.0 - Cross-Site Scripting (XSS) vulnerability that could affect plugins |
Fixed in: 5.0.1 |
Details |
WordPress <= 5.0 - Authenticated Cross-Site Scripting (XSS) vulnerability |
Fixed in: 5.0.1 |
Details |
WordPress <= 5.0 - PHP Object Injection via Meta Data vulnerability |
Fixed in: 5.0.1 |
Details |
WordPress <= 5.0 - Authenticated Post Type Bypass vulnerability |
Fixed in: 5.0.1 |
Details |
WordPress <= 5.0 - Authenticated File Delete vulnerability |
Fixed in: 5.0.1 |
Details |
WordPress core <= 6.2 - Insufficient Sanitization of Block Attributes vulnerabilities |
Fixed in: 4.9.23 |
Details |
WordPress core <= 6.2 - Auth. Stored Cross-Site Scripting (XSS) vulnerability |
Fixed in: 4.9.23 |
Details |
WordPress core <= 6.2 - Unauth. Shortcode Execution vulnerability |
Fixed in: 4.9.23 |
Details |
WordPress core <= 6.2 - Unauth. Directory Traversal vulnerability |
Fixed in: 4.9.23 |
Details |
WordPress core <= 6.2 - Cross-Site Request Forgery vulnerability |
Fixed in: 4.9.23 |
Details |