Software Detail
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
Number of items displayed
WordPress Number Of NVD 349 CRITICAL 17 HIGH 79 MEDIUM 235 LOW 18
URL https://wordpress.org/
Explanation It is an open source blogging software written in PHP.
It can be used not only for blogs, but also for personal and corporate web sites, and offers a large number of additional features and good-looking themes.
It may be the most used Content Management System (CMS) in the world.

There are many plugins, and if you have enough knowledge, you can build a site that can be used for commercial purposes.
However, since there are some vulnerabilities caused by plugins, you need to carefully select the right plugin to use.

Since security updates are not made for other than the latest version, it is officially announced that older versions cannot be used safely.
In some cases, security issues are fixed for older versions.
Since there are many plugins (additional functions) available for WordPress, you need to check each plugin for vulnerabilities and new versions.
Tag
  • GPL v2
  • PHP
  • オープンソース
Add Information URL
No Type Name URL
1 https://ja.wordpress.org/download/
2 https://github.com/wordpress/wordpress
3 https://wordpress.org/download/releases/
4 https://ja.wordpress.org/download/releases/
5 https://ja.wordpress.org/about/history/
6 https://wordpress.org/news/category/releases/
7 https://ja.wordpress.org/
List Of Product  [ Click to show release history and vulnerability information ]
No Name Latest Version Release date Initial release Normal Support Security Support
Service Pack Support		 Extended
for a fee		 Critical High Medium Low
311 wordpress 6 6.8.3 Sept. 30, 2025 Nov. 2, 2022 0 0 10 0
312 wordpress 5.9 5.9.5 Oct. 17, 2022 Jan. 25, 2022 0 0 10 0
313 wordpress 5.8 5.8.1 Sept. 9, 2021 July 21, 2021 0 3 13 0
314 wordpress 5.7 5.7.3 Sept. 9, 2021 March 10, 2021 2 4 14 0
315 WordPress 5.6 5.6.5 Sept. 9, 2021 Dec. 8, 2020 2 4 14 0
316 WordPress 5.5 5.5.6 Sept. 9, 2021 Aug. 11, 2020 7 5 16 0
317 WordPress 5.4 5.4.7 Sept. 9, 2021 April 28, 2020 7 7 24 2
318 WordPress 5.3 5.3.9 Sept. 11, 2021 Nov. 21, 2019 8 7 27 2
319 WordPress 5.2 5.2.12 Sept. 9, 2021 May 19, 2019 10 9 38 2
320 WordPress 5.1 5.1.11 Sept. 22, 2021 March 11, 2019 10 10 37 2
321 WordPress 5.0 5.0.14 Sept. 22, 2021 Dec. 10, 2018 11 12 43 2
322 WordPress 4.9 4.9.18 May 12, 2021 Nov. 17, 2017 11 17 49 2
323 WordPress 4.8 4.8.17 May 12, 2021 June 23, 2017 13 20 57 2
324 WordPress 4.7 4.7.18 June 11, 2020 Dec. 7, 2016 16 28 72 2
325 WordPress 4.6 4.6.19 June 11, 2020 Aug. 17, 2016 16 26 70 2
326 WordPress 4.5 4.5.22 June 11, 2020 April 14, 2016 16 33 76 2
327 WordPress 4.4 4.4.23 June 11, 2020 Dec. 9, 2015 16 36 78 2
328 WordPress 4.3 4.3.24 June 11, 2020 Aug. 19, 2015 16 36 81 2
329 WordPress 4.2 4.2.28 June 11, 2020 April 28, 2015 16 37 89 3
330 WordPress 4.1 4.1.31 June 11, 2020 Dec. 19, 2014 16 37 91 3
331 wordpress 4.0 4.0.38 Dec. 15, 2014 Dec. 15, 2014 16 37 97 3
332 WordPress 3.9 3.9.40 Nov. 30, 2022 April 17, 2014 16 38 102 4
333 WordPress 3.8 3.8.41 Nov. 30, 2022 Dec. 16, 2013 16 37 102 4
334 WordPress 3.7 3.7.5 Nov. 30, 2022 Oct. 25, 2013 16 37 102 4
335 wordpress 3.6 3.6.1 Sept. 11, 2013 Aug. 1, 2013 Jan. 1, 2000 15 37 94 4
336 wordpress 3.5 3.5.2 June 21, 2013 Nov. 11, 2012 Jan. 1, 2000 15 37 105 4
337 wordpress 3.4 3.4.2 Sept. 6, 2012 June 13, 2012 Jan. 1, 2000 15 37 108 7
338 wordpress 3.3 3.3.3 June 27, 2012 Dec. 12, 2011 Jan. 1, 2000 15 40 119 6
339 wordpress 3.2 3.2.1 July 12, 2011 July 4, 2011 Jan. 1, 2000 15 44 122 5
340 wordpress 3.1 3.1.4 June 29, 2011 Feb. 23, 2011 Jan. 1, 2000 15 44 125 5
341 wordpress 3.0 3.0.6 April 26, 2011 June 17, 2010 Jan. 1, 2000 15 40 132 7
342 wordpress 2.9 2.9.2 Feb. 15, 2010 Dec. 18, 2009 Jan. 1, 2000 15 39 133 7
343 wordpress 2.8 2.8.6 Nov. 12, 2009 June 11, 2009 Jan. 1, 2000 15 41 137 8
344 wordpress 2.7 2.7.1 Feb. 10, 2009 Dec. 10, 2008 Jan. 1, 2000 15 41 140 8
345 wordpress 2.6 2.6.5 Nov. 25, 2008 July 15, 2008 Jan. 1, 2000 15 44 143 8
346 wordpress 2.5 2.5.1 April 25, 2008 March 29, 2008 Jan. 1, 2000 15 46 143 8
347 wordpress 2.3 2.3.3 Feb. 5, 2008 Sept. 25, 2007 Jan. 1, 2000 16 46 147 9
348 wordpress 2.2 2.2.3 Sept. 24, 2007 Sept. 24, 2007 Jan. 1, 2000 16 48 158 9
349 wordpress 2.1 2.1.3 Sept. 24, 2007 Sept. 24, 2007 Jan. 1, 2000 16 51 157 9
350 wordpress 2.0 2.0.9 Sept. 24, 2007 Sept. 24, 2007 Jan. 1, 2000 16 55 180 9
351 wordpress 1.5 1.5.2 Sept. 24, 2007 Sept. 24, 2007 Jan. 1, 2000 16 58 173 8
352 wordpress 1.2 1.2.5 Sept. 24, 2007 Sept. 24, 2007 Jan. 1, 2000 15 55 175 8
353 wordpress 1.6 1.6.2 Jan. 1, 2000 16 49 161 8
354 wordpress 1.3 1.3.3 Jan. 1, 2000 15 49 164 8
355 wordpress 1.1 1.1.1 Jan. 1, 2000 15 49 163 8
356 wordpress 1.0 1.0.2 Sept. 24, 2007 Jan. 1, 2000 15 53 169 8
357 wordpress 0.72 0.72 Jan. 1, 2000 15 51 163 8
358 wordpress 0.711 0.711 Jan. 1, 2000 15 51 163 8
359 wordpress 0.71 0.71 Sept. 24, 2007 Jan. 1, 2000 15 53 167 8
NVD Vulnerability Information
  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW
No CVSS3
CVSS2		 Level
Attach Vector		 Title CWE CVE cpe23Uri or higher or less more than less than Update date
Published date		 Show Affected Exploit
PoC
Search
311 -
6.8 		MEDIUM Cross-site request forgery (CSRF) vulnerability in the AdminPanel in WordPress 2.1.1 and earlier allows remote attackers to perform privileged actions as administrators, as demonstrated using the del… NVD-CWE-Other
CVE-2007-1244 cpe:2.3:a:wordpress:wordpress:*:* 2.1.1 2026-04-23 09:35
2007-03-4 		Show GitHub Exploit DB Packet Storm
312 -
5.8 		MEDIUM Multiple cross-site scripting (XSS) vulnerabilities in wp-includes/functions.php in WordPress before 2.1.2-alpha allow remote attackers to inject arbitrary web script or HTML via (1) the Referer HTTP… NVD-CWE-Other
CVE-2007-1230 cpe:2.3:a:wordpress:wordpress:2.1:* 2026-04-23 09:35
2007-03-3 		Show GitHub Exploit DB Packet Storm
313 -
4.3 		MEDIUM Cross-site scripting (XSS) vulnerability in the wp_explain_nonce function in the nonce AYS functionality (wp-includes/functions.php) for WordPress 2.0 before 2.0.9 and 2.1 before 2.1.1 allows remote … NVD-CWE-Other
CVE-2007-1049 cpe:2.3:a:wordpress:wordpress:2.0:*
cpe:2.3:a:wordpress:wordpress:2.0.7:*
cpe:2.3:a:wordpress:wordpress:2.0.6:* 		2026-04-23 09:35
2007-02-22 		Show GitHub Exploit DB Packet Storm
314 -
7.8 		HIGH The wp_remote_fopen function in WordPress before 2.1 allows remote attackers to cause a denial of service (bandwidth or thread consumption) via pingback service calls with a source URI that correspon… NVD-CWE-Other
CVE-2007-0539 cpe:2.3:a:wordpress:wordpress:*:* 2.0 2026-04-23 09:35
2007-01-30 		Show GitHub Exploit DB Packet Storm
315 -
5.0 		MEDIUM WordPress allows remote attackers to cause a denial of service (bandwidth or thread consumption) via pingback service calls with a source URI that corresponds to a file with a binary content type, wh… NVD-CWE-Other
CVE-2007-0540 cpe:2.3:a:wordpress:wordpress:*:* 2.0 2026-04-23 09:35
2007-01-30 		Show GitHub Exploit DB Packet Storm
316 -
5.0 		MEDIUM WordPress allows remote attackers to determine the existence of arbitrary files, and possibly read portions of certain files, via pingback service calls with a source URI that corresponds to a local … CWE-264
Permissions, Privileges, and Access Controls 		CVE-2007-0541 cpe:2.3:a:wordpress:wordpress:*:* 2.0 2026-04-23 09:35
2007-01-30 		Show GitHub Exploit DB Packet Storm
317 -
7.8 		HIGH WordPress 2.0.6, and 2.1Alpha 3 (SVN:4662), does not properly verify that the m parameter value has the string data type, which allows remote attackers to obtain sensitive information via an invalid … NVD-CWE-Other
CVE-2007-0262 cpe:2.3:a:wordpress:wordpress:2.1:alpha_3
cpe:2.3:a:wordpress:wordpress:2.0.6:* 		2026-04-23 09:35
2007-01-17 		Show GitHub Exploit DB Packet Storm
318 -
7.5 		HIGH wp-trackback.php in WordPress 2.0.6 and earlier does not properly unset variables when the input data includes a numeric parameter with a value matching an alphanumeric parameter's hash value, which … NVD-CWE-Other
CVE-2007-0233 cpe:2.3:a:wordpress:wordpress:2.0:*
cpe:2.3:a:wordpress:wordpress:2.0.6:*
cpe:2.3:a:wordpress:wordpress:2.0.5:* 		2026-04-23 09:35
2007-01-13 		Show GitHub Exploit DB Packet Storm
319 -
6.8 		MEDIUM Cross-site scripting (XSS) vulnerability in the CSRF protection scheme in WordPress before 2.0.6 allows remote attackers to inject arbitrary web script or HTML via a CSRF attack with an invalid token… NVD-CWE-Other
CVE-2007-0106 cpe:2.3:a:wordpress:wordpress:2.0:*
cpe:2.3:a:wordpress:wordpress:2.0.5:*
cpe:2.3:a:wordpress:wordpress:2.0.4:* 		2026-04-23 09:35
2007-01-9 		Show GitHub Exploit DB Packet Storm
320 -
6.8 		MEDIUM WordPress before 2.0.6, when mbstring is enabled for PHP, decodes alternate character sets after escaping the SQL query, which allows remote attackers to bypass SQL injection protection schemes and e… NVD-CWE-Other
CVE-2007-0107 cpe:2.3:a:wordpress:wordpress:*:* 2.0.5 2026-04-23 09:35
2007-01-9 		Show GitHub Exploit DB Packet Storm