Software Detail
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
Number of items displayed
WordPress Number Of NVD 349 CRITICAL 17 HIGH 79 MEDIUM 235 LOW 18
URL https://wordpress.org/
Explanation It is an open source blogging software written in PHP.
It can be used not only for blogs, but also for personal and corporate web sites, and offers a large number of additional features and good-looking themes.
It may be the most used Content Management System (CMS) in the world.

There are many plugins, and if you have enough knowledge, you can build a site that can be used for commercial purposes.
However, since there are some vulnerabilities caused by plugins, you need to carefully select the right plugin to use.

Since security updates are not made for other than the latest version, it is officially announced that older versions cannot be used safely.
In some cases, security issues are fixed for older versions.
Since there are many plugins (additional functions) available for WordPress, you need to check each plugin for vulnerabilities and new versions.
Tag
  • GPL v2
  • PHP
  • オープンソース
Add Information URL
No Type Name URL
1 https://ja.wordpress.org/download/
2 https://github.com/wordpress/wordpress
3 https://wordpress.org/download/releases/
4 https://ja.wordpress.org/download/releases/
5 https://ja.wordpress.org/about/history/
6 https://wordpress.org/news/category/releases/
7 https://ja.wordpress.org/
List Of Product  [ Click to show release history and vulnerability information ]
No Name Latest Version Release date Initial release Normal Support Security Support
Service Pack Support		 Extended
for a fee		 Critical High Medium Low
281 wordpress 6 6.8.3 Sept. 30, 2025 Nov. 2, 2022 0 0 10 0
282 wordpress 5.9 5.9.5 Oct. 17, 2022 Jan. 25, 2022 0 0 10 0
283 wordpress 5.8 5.8.1 Sept. 9, 2021 July 21, 2021 0 3 13 0
284 wordpress 5.7 5.7.3 Sept. 9, 2021 March 10, 2021 2 4 14 0
285 WordPress 5.6 5.6.5 Sept. 9, 2021 Dec. 8, 2020 2 4 14 0
286 WordPress 5.5 5.5.6 Sept. 9, 2021 Aug. 11, 2020 7 5 16 0
287 WordPress 5.4 5.4.7 Sept. 9, 2021 April 28, 2020 7 7 24 2
288 WordPress 5.3 5.3.9 Sept. 11, 2021 Nov. 21, 2019 8 7 27 2
289 WordPress 5.2 5.2.12 Sept. 9, 2021 May 19, 2019 10 9 38 2
290 WordPress 5.1 5.1.11 Sept. 22, 2021 March 11, 2019 10 10 37 2
291 WordPress 5.0 5.0.14 Sept. 22, 2021 Dec. 10, 2018 11 12 43 2
292 WordPress 4.9 4.9.18 May 12, 2021 Nov. 17, 2017 11 17 49 2
293 WordPress 4.8 4.8.17 May 12, 2021 June 23, 2017 13 20 57 2
294 WordPress 4.7 4.7.18 June 11, 2020 Dec. 7, 2016 16 28 72 2
295 WordPress 4.6 4.6.19 June 11, 2020 Aug. 17, 2016 16 26 70 2
296 WordPress 4.5 4.5.22 June 11, 2020 April 14, 2016 16 33 76 2
297 WordPress 4.4 4.4.23 June 11, 2020 Dec. 9, 2015 16 36 78 2
298 WordPress 4.3 4.3.24 June 11, 2020 Aug. 19, 2015 16 36 81 2
299 WordPress 4.2 4.2.28 June 11, 2020 April 28, 2015 16 37 89 3
300 WordPress 4.1 4.1.31 June 11, 2020 Dec. 19, 2014 16 37 91 3
301 wordpress 4.0 4.0.38 Dec. 15, 2014 Dec. 15, 2014 16 37 97 3
302 WordPress 3.9 3.9.40 Nov. 30, 2022 April 17, 2014 16 38 102 4
303 WordPress 3.8 3.8.41 Nov. 30, 2022 Dec. 16, 2013 16 37 102 4
304 WordPress 3.7 3.7.5 Nov. 30, 2022 Oct. 25, 2013 16 37 102 4
305 wordpress 3.6 3.6.1 Sept. 11, 2013 Aug. 1, 2013 Jan. 1, 2000 15 37 94 4
306 wordpress 3.5 3.5.2 June 21, 2013 Nov. 11, 2012 Jan. 1, 2000 15 37 105 4
307 wordpress 3.4 3.4.2 Sept. 6, 2012 June 13, 2012 Jan. 1, 2000 15 37 108 7
308 wordpress 3.3 3.3.3 June 27, 2012 Dec. 12, 2011 Jan. 1, 2000 15 40 119 6
309 wordpress 3.2 3.2.1 July 12, 2011 July 4, 2011 Jan. 1, 2000 15 44 122 5
310 wordpress 3.1 3.1.4 June 29, 2011 Feb. 23, 2011 Jan. 1, 2000 15 44 125 5
311 wordpress 3.0 3.0.6 April 26, 2011 June 17, 2010 Jan. 1, 2000 15 40 132 7
312 wordpress 2.9 2.9.2 Feb. 15, 2010 Dec. 18, 2009 Jan. 1, 2000 15 39 133 7
313 wordpress 2.8 2.8.6 Nov. 12, 2009 June 11, 2009 Jan. 1, 2000 15 41 137 8
314 wordpress 2.7 2.7.1 Feb. 10, 2009 Dec. 10, 2008 Jan. 1, 2000 15 41 140 8
315 wordpress 2.6 2.6.5 Nov. 25, 2008 July 15, 2008 Jan. 1, 2000 15 44 143 8
316 wordpress 2.5 2.5.1 April 25, 2008 March 29, 2008 Jan. 1, 2000 15 46 143 8
317 wordpress 2.3 2.3.3 Feb. 5, 2008 Sept. 25, 2007 Jan. 1, 2000 16 46 147 9
318 wordpress 2.2 2.2.3 Sept. 24, 2007 Sept. 24, 2007 Jan. 1, 2000 16 48 158 9
319 wordpress 2.1 2.1.3 Sept. 24, 2007 Sept. 24, 2007 Jan. 1, 2000 16 51 157 9
320 wordpress 2.0 2.0.9 Sept. 24, 2007 Sept. 24, 2007 Jan. 1, 2000 16 55 180 9
321 wordpress 1.5 1.5.2 Sept. 24, 2007 Sept. 24, 2007 Jan. 1, 2000 16 58 173 8
322 wordpress 1.2 1.2.5 Sept. 24, 2007 Sept. 24, 2007 Jan. 1, 2000 15 55 175 8
323 wordpress 1.6 1.6.2 Jan. 1, 2000 16 49 161 8
324 wordpress 1.3 1.3.3 Jan. 1, 2000 15 49 164 8
325 wordpress 1.1 1.1.1 Jan. 1, 2000 15 49 163 8
326 wordpress 1.0 1.0.2 Sept. 24, 2007 Jan. 1, 2000 15 53 169 8
327 wordpress 0.72 0.72 Jan. 1, 2000 15 51 163 8
328 wordpress 0.711 0.711 Jan. 1, 2000 15 51 163 8
329 wordpress 0.71 0.71 Sept. 24, 2007 Jan. 1, 2000 15 53 167 8
NVD Vulnerability Information
  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW
No CVSS3
CVSS2		 Level
Attach Vector		 Title CWE CVE cpe23Uri or higher or less more than less than Update date
Published date		 Show Affected Exploit
PoC
Search
281 -
7.5 		HIGH Directory traversal vulnerability in wp-db-backup.php in WordPress 2.0.3 and earlier allows remote attackers to read arbitrary files, delete arbitrary files, and cause a denial of service via a .. (d… CWE-22
Path Traversal 		CVE-2008-0194 cpe:2.3:a:wordpress:wordpress:*:* 2.0.3 2026-04-23 09:35
2008-01-10 		Show GitHub Exploit DB Packet Storm
282 -
5.0 		MEDIUM WordPress 2.0.11 and earlier allows remote attackers to obtain sensitive information via an empty value of the page parameter to certain PHP scripts under wp-admin/, which reveals the path in various… CWE-200
Information Exposure 		CVE-2008-0195 cpe:2.3:a:wordpress:wordpress:*:* 2.0.11 2026-04-23 09:35
2008-01-10 		Show GitHub Exploit DB Packet Storm
283 -
5.0 		MEDIUM Multiple directory traversal vulnerabilities in WordPress 2.0.11 and earlier allow remote attackers to read arbitrary files via a .. (dot dot) in (1) the page parameter to certain PHP scripts under w… CWE-22
Path Traversal 		CVE-2008-0196 cpe:2.3:a:wordpress:wordpress:*:* 2.0.11 2026-04-23 09:35
2008-01-10 		Show GitHub Exploit DB Packet Storm
284 -
6.8 		MEDIUM SQL injection vulnerability in wp-includes/query.php in WordPress 2.3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the s parameter, when DB_CHARSET is set to (1) Big5, … CWE-89
SQL Injection 		CVE-2007-6318 cpe:2.3:a:wordpress:wordpress:2.3:*
cpe:2.3:a:wordpress:wordpress:2.3.1:*
cpe:2.3:a:wordpress:wordpress:2.2_revis… 		2026-04-23 09:35
2007-12-12 		Show GitHub Exploit DB Packet Storm
285 9.8
6.8 		CRITICAL
Network 		Wordpress 1.5 through 2.3.1 uses cookie values based on the MD5 hash of a password MD5 hash, which allows attackers to bypass authentication by obtaining the MD5 hash from the user database, then gen… CWE-327
 Use of a Broken or Risky Cryptographic Algorithm 		CVE-2007-6013 cpe:2.3:a:wordpress:wordpress:*:* 1.5 2.3.1 2026-04-23 09:35
2007-11-20 		Show GitHub Exploit DB Packet Storm
286 -
2.6 		LOW Cross-site scripting (XSS) vulnerability in wp-admin/edit-post-rows.php in WordPress 2.3 allows remote attackers to inject arbitrary web script or HTML via the posts_columns array parameter. CWE-79
Cross-site Scripting 		CVE-2007-5710 cpe:2.3:a:wordpress:wordpress:2.3:* 2026-04-23 09:35
2007-10-31 		Show GitHub Exploit DB Packet Storm
287 -
4.3 		MEDIUM Cross-site scripting (XSS) vulnerability in wp-register.php in WordPress 2.0 and 2.0.1 allows remote attackers to inject arbitrary web script or HTML via the user_email parameter. CWE-79
Cross-site Scripting 		CVE-2007-5105 cpe:2.3:a:wordpress:wordpress:2.0:*
cpe:2.3:a:wordpress:wordpress:2.0.1:* 		2026-04-23 09:35
2007-09-27 		Show GitHub Exploit DB Packet Storm
288 -
4.3 		MEDIUM Cross-site scripting (XSS) vulnerability in wp-register.php in WordPress 2.0 allows remote attackers to inject arbitrary web script or HTML via the user_login parameter. CWE-79
Cross-site Scripting 		CVE-2007-5106 cpe:2.3:a:wordpress:wordpress:2.0:* 2026-04-23 09:35
2007-09-27 		Show GitHub Exploit DB Packet Storm
289 -
4.3 		MEDIUM wp-admin/admin-functions.php in Wordpress before 2.2.3 and Wordpress multi-user (MU) before 1.2.5a does not properly verify the unfiltered_html privilege, which allows remote attackers to conduct cro… CWE-352
 Origin Validation Error 		CVE-2007-4893 cpe:2.3:a:wordpress:wordpress:2.2_revision5003:*
cpe:2.3:a:wordpress:wordpress:2.2_revision5002:*
cpe:2.3:a:wordp… 		2026-04-23 09:35
2007-09-15 		Show GitHub Exploit DB Packet Storm
290 -
7.5 		HIGH Multiple SQL injection vulnerabilities in Wordpress before 2.2.3 and Wordpress multi-user (MU) before 1.2.5a allow remote attackers to execute arbitrary SQL commands via the post_type parameter to th… CWE-89
SQL Injection 		CVE-2007-4894 cpe:2.3:a:wordpress:wordpress:2.2_revision5003:*
cpe:2.3:a:wordpress:wordpress:2.2_revision5002:*
cpe:2.3:a:wordp… 		2026-04-23 09:35
2007-09-15 		Show GitHub Exploit DB Packet Storm