Software Detail

Software Informaton Top

CMS

Software Detail

WordPress

Number Of NVD

349

CRITICAL

HIGH

MEDIUM

235

LOW

URL	https://wordpress.org/
Explanation	It is an open source blogging software written in PHP. It can be used not only for blogs, but also for personal and corporate web sites, and offers a large number of additional features and good-looking themes. It may be the most used Content Management System (CMS) in the world. There are many plugins, and if you have enough knowledge, you can build a site that can be used for commercial purposes. However, since there are some vulnerabilities caused by plugins, you need to carefully select the right plugin to use. Since security updates are not made for other than the latest version, it is officially announced that older versions cannot be used safely. In some cases, security issues are fixed for older versions. Since there are many plugins (additional functions) available for WordPress, you need to check each plugin for vulnerabilities and new versions.
Tag	GPL v2 PHP オープンソース

Add Information URL

No	Type	Name	URL
1			https://ja.wordpress.org/download/
2			https://github.com/wordpress/wordpress
3			https://wordpress.org/download/releases/
4			https://ja.wordpress.org/download/releases/
5			https://ja.wordpress.org/about/history/
6			https://wordpress.org/news/category/releases/
7			https://ja.wordpress.org/

List Of Product [ Click to show release history and vulnerability information ]

No	Name	Latest Version	Release date	Initial release	Normal Support	Critical	High	Medium	Low
1	wordpress 6	6.8.3	Sept. 30, 2025	Nov. 2, 2022		0	0	10	0
2	wordpress 5.9	5.9.5	Oct. 17, 2022	Jan. 25, 2022		0	0	10	0
3	wordpress 5.8	5.8.1	Sept. 9, 2021	July 21, 2021		0	3	13	0
4	wordpress 5.7	5.7.3	Sept. 9, 2021	March 10, 2021		2	4	14	0
5	WordPress 5.6	5.6.5	Sept. 9, 2021	Dec. 8, 2020		2	4	14	0
6	WordPress 5.5	5.5.6	Sept. 9, 2021	Aug. 11, 2020		7	5	16	0
7	WordPress 5.4	5.4.7	Sept. 9, 2021	April 28, 2020		7	7	24	2
8	WordPress 5.3	5.3.9	Sept. 11, 2021	Nov. 21, 2019		8	7	27	2
9	WordPress 5.2	5.2.12	Sept. 9, 2021	May 19, 2019		10	9	38	2
10	WordPress 5.1	5.1.11	Sept. 22, 2021	March 11, 2019		10	10	37	2
11	WordPress 5.0	5.0.14	Sept. 22, 2021	Dec. 10, 2018		11	12	43	2
12	WordPress 4.9	4.9.18	May 12, 2021	Nov. 17, 2017		11	17	49	2
13	WordPress 4.8	4.8.17	May 12, 2021	June 23, 2017		13	20	57	2
14	WordPress 4.7	4.7.18	June 11, 2020	Dec. 7, 2016		16	28	72	2
15	WordPress 4.6	4.6.19	June 11, 2020	Aug. 17, 2016		16	26	70	2
16	WordPress 4.5	4.5.22	June 11, 2020	April 14, 2016		16	33	76	2
17	WordPress 4.4	4.4.23	June 11, 2020	Dec. 9, 2015		16	36	78	2
18	WordPress 4.3	4.3.24	June 11, 2020	Aug. 19, 2015		16	36	81	2
19	WordPress 4.2	4.2.28	June 11, 2020	April 28, 2015		16	37	89	3
20	WordPress 4.1	4.1.31	June 11, 2020	Dec. 19, 2014		16	37	91	3
21	wordpress 4.0	4.0.38	Dec. 15, 2014	Dec. 15, 2014		16	37	97	3
22	WordPress 3.9	3.9.40	Nov. 30, 2022	April 17, 2014		16	38	102	4
23	WordPress 3.8	3.8.41	Nov. 30, 2022	Dec. 16, 2013		16	37	102	4
24	WordPress 3.7	3.7.5	Nov. 30, 2022	Oct. 25, 2013		16	37	102	4
25	wordpress 3.6	3.6.1	Sept. 11, 2013	Aug. 1, 2013	Jan. 1, 2000	15	37	94	4
26	wordpress 3.5	3.5.2	June 21, 2013	Nov. 11, 2012	Jan. 1, 2000	15	37	105	4
27	wordpress 3.4	3.4.2	Sept. 6, 2012	June 13, 2012	Jan. 1, 2000	15	37	108	7
28	wordpress 3.3	3.3.3	June 27, 2012	Dec. 12, 2011	Jan. 1, 2000	15	40	119	6
29	wordpress 3.2	3.2.1	July 12, 2011	July 4, 2011	Jan. 1, 2000	15	44	122	5
30	wordpress 3.1	3.1.4	June 29, 2011	Feb. 23, 2011	Jan. 1, 2000	15	44	125	5
31	wordpress 3.0	3.0.6	April 26, 2011	June 17, 2010	Jan. 1, 2000	15	40	132	7
32	wordpress 2.9	2.9.2	Feb. 15, 2010	Dec. 18, 2009	Jan. 1, 2000	15	39	133	7
33	wordpress 2.8	2.8.6	Nov. 12, 2009	June 11, 2009	Jan. 1, 2000	15	41	137	8
34	wordpress 2.7	2.7.1	Feb. 10, 2009	Dec. 10, 2008	Jan. 1, 2000	15	41	140	8
35	wordpress 2.6	2.6.5	Nov. 25, 2008	July 15, 2008	Jan. 1, 2000	15	44	143	8
36	wordpress 2.5	2.5.1	April 25, 2008	March 29, 2008	Jan. 1, 2000	15	46	143	8
37	wordpress 2.3	2.3.3	Feb. 5, 2008	Sept. 25, 2007	Jan. 1, 2000	16	46	147	9
38	wordpress 2.2	2.2.3	Sept. 24, 2007	Sept. 24, 2007	Jan. 1, 2000	16	48	158	9
39	wordpress 2.1	2.1.3	Sept. 24, 2007	Sept. 24, 2007	Jan. 1, 2000	16	51	157	9
40	wordpress 2.0	2.0.9	Sept. 24, 2007	Sept. 24, 2007	Jan. 1, 2000	16	55	180	9
41	wordpress 1.5	1.5.2	Sept. 24, 2007	Sept. 24, 2007	Jan. 1, 2000	16	58	173	8
42	wordpress 1.2	1.2.5	Sept. 24, 2007	Sept. 24, 2007	Jan. 1, 2000	15	55	175	8
43	wordpress 1.6	1.6.2			Jan. 1, 2000	16	49	161	8
44	wordpress 1.3	1.3.3			Jan. 1, 2000	15	49	164	8
45	wordpress 1.1	1.1.1			Jan. 1, 2000	15	49	163	8
46	wordpress 1.0	1.0.2	Sept. 24, 2007		Jan. 1, 2000	15	53	169	8
47	wordpress 0.72	0.72			Jan. 1, 2000	15	51	163	8
48	wordpress 0.711	0.711			Jan. 1, 2000	15	51	163	8
49	wordpress 0.71	0.71	Sept. 24, 2007		Jan. 1, 2000	15	53	167	8

NVD Vulnerability Information

CRITICAL
HIGH
MEDIUM
LOW

No	CVSS3 CVSS2	Level Attach Vector	Title	CWE	CVE	cpe23Uri	or higher	or less	less than	Update date Published date	Show Affected	Exploit PoC Search
1	5.4 -	MEDIUM Network	WordPress Core, in versions up to 6.0.2, is vulnerable to Authenticated Stored Cross-Site Scripting that can be exploited by users with access to the WordPress post and page editor, typically consist…	CWE-79 Cross-site Scripting	CVE-2022-4973	cpe:2.3:a:wordpress:wordpress::		6.0.2		2024-10-31 00:58 2024-10-16	Show	GitHub Exploit DB Packet Storm

2	5.3 -	MEDIUM Network	WordPress does not properly restrict which user fields are searchable via the REST API, allowing unauthenticated attackers to discern the email addresses of users who have published public posts on a…	NVD-CWE-noinfo	CVE-2023-5561	cpe:2.3:a:wordpress:wordpress::	6.3 6.2 6.1 6.0 5.9 5.8 5.7 5.6 5.5 5.4 5.3 5.2 5.1 5.0 4.9 4.8 4.7		6.3.2 6.2.3 6.1.4 6.0.6 5.9.8 5.8.8 5.7.10 5.6.12 5.5.13 5.4.14 5.3.16 5.2.19 5.1.1…	2024-11-21 17:42 2023-10-17	Show	GitHub Exploit DB Packet Storm

3	4.3 -	MEDIUM Network	Exposure of Sensitive Information to an Unauthorized Actor in WordPress from 6.3 through 6.3.1, from 6.2 through 6.2.2, from 6.1 through 6.13, from 6.0 through 6.0.5, from 5.9 through 5.9.7, from 5.8…	-	CVE-2023-39999	cpe:2.3:a:wordpress:wordpress::	6.2 6.1 6.0 5.9 6.3 5.8 5.7 5.6 5.5 5.4 5.3 5.2 5.1 5.0 4.9 4.8 4.7 …	6.2.2 6.1.3 6.0.5 5.9.7 5.8.7 5.7.9 5.6.11 5.5.12 5.4.13 5.3.15 5.2.18 5.1.16 5…	6.3.2	2024-11-21 17:16 2023-10-13	Show	GitHub Exploit DB Packet Storm

4	5.4 -	MEDIUM Network	Auth. Stored (contributor+) Cross-Site Scripting (XSS) vulnerability in WordPress core 6.3 through 6.3.1, from 6.2 through 6.2.2, from 6.1 through 6.1.3, from 6.0 through 6.0.5, from 5.9 through 5.9.…	-	CVE-2023-38000	cpe:2.3:a:wordpress:wordpress::	6.3 6.2 6.1 6.0 5.9	6.3.1 6.2.2 6.1.3 6.0.5 5.9.7		2024-11-21 17:12 2023-10-13	Show	GitHub Exploit DB Packet Storm

5	6.1 -	MEDIUM Network	WordPress Core is vulnerable to Directory Traversal in versions up to, and including, 6.2, via the ‘wp_lang’ parameter. This allows unauthenticated attackers to access and load arbitrary translation …	CWE-22 Path Traversal	CVE-2023-2745	cpe:2.3:a:wordpress:wordpress:6.2:* cpe:2.3:a:wordpress:wordpress::	4.2 4.3 4.4 4.5 4.6 4.7 4.8 4.9 5.0 5.1 5.2 5.3 5.4 5.5 5.6 5.7 5.8…		4.1.38 4.2.35 4.3.31 4.4.30 4.5.29 4.6.26 4.7.26 4.8.22 4.9.23 5.0.19 5.1.16 5.2.18	2026-04-9 04:18 2023-05-17	Show	GitHub Exploit DB Packet Storm

6	5.3 -	MEDIUM Adjacent	WordPress through 6.1.1 depends on unpredictable client visits to cause wp-cron.php execution and the resulting security updates, and the source code describes "the scenario where a site may not rece…	NVD-CWE-Other	CVE-2023-22622	cpe:2.3:a:wordpress:wordpress::		6.1.1		2024-11-21 16:45 2023-01-5	Show	GitHub Exploit DB Packet Storm

7	5.9 -	MEDIUM Network	WordPress is affected by an unauthenticated blind SSRF in the pingback feature. Because of a TOCTOU race condition between the validation checks and the HTTP request, attackers can reach internal hos…	CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition	CVE-2022-3590	cpe:2.3:a:wordpress:wordpress:4.1:- cpe:2.3:a:wordpress:wordpress::	4.2	6.1.1		2024-11-21 16:19 2022-12-14	Show	GitHub Exploit DB Packet Storm

8	5.3 -	MEDIUM Network	Improper authentication vulnerability in WordPress versions prior to 6.0.3 allows a remote unauthenticated attacker to obtain the email address of the user who posted a blog using the WordPress Post …	CWE-287 Improper Authentication	CVE-2022-43504	cpe:2.3:a:wordpress:wordpress::	6.0 5.9 5.8 5.7 5.6 5.5 5.4 5.3 5.2 5.1 5.0 4.9 4.8 4.7 4.6 4.5 4.4 …		6.0.3 5.9.5 5.8.6 5.7.8 5.6.10 5.5.11 5.4.12 5.3.14 5.2.17 5.1.15 5.0.18 4.9.22 4.8…	2024-11-21 16:26 2022-12-5	Show	GitHub Exploit DB Packet Storm

9	6.1 -	MEDIUM Network	Cross-site scripting vulnerability in WordPress versions prior to 6.0.3 allows a remote unauthenticated attacker to inject an arbitrary script. The developer also provides new patched releases for al…	CWE-79 Cross-site Scripting	CVE-2022-43500	cpe:2.3:a:wordpress:wordpress::	6.0 5.9 5.8 5.7 5.6 5.5 5.4 5.3 5.2 5.1 5.0 4.9 4.8 4.7 4.6 4.5 4.4 …		6.0.3 5.9.5 5.8.6 5.7.8 5.6.10 5.5.11 5.4.12 5.3.14 5.2.17 5.1.15 5.0.18 4.9.22 4.8…	2024-11-21 16:26 2022-12-5	Show	GitHub Exploit DB Packet Storm

10	6.1 -	MEDIUM Network	Cross-site scripting vulnerability in WordPress versions prior to 6.0.3 allows a remote unauthenticated attacker to inject an arbitrary script. The developer also provides new patched releases for al…	CWE-79 Cross-site Scripting	CVE-2022-43497	cpe:2.3:a:wordpress:wordpress::	6.0 5.9 5.8 5.7 5.6 5.5 5.4 5.3 5.2 5.1 5.0 4.9 4.8 4.7 4.6 4.5 4.4 …		6.0.3 5.9.5 5.8.6 5.7.8 5.6.10 5.5.11 5.4.12 5.3.14 5.2.17 5.1.15 5.0.18 4.9.22 4.8…	2024-11-21 16:26 2022-12-5	Show	GitHub Exploit DB Packet Storm