Software Detail
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
Number of items displayed
WordPress Number Of NVD 349 CRITICAL 17 HIGH 79 MEDIUM 235 LOW 18
URL https://wordpress.org/
Explanation It is an open source blogging software written in PHP.
It can be used not only for blogs, but also for personal and corporate web sites, and offers a large number of additional features and good-looking themes.
It may be the most used Content Management System (CMS) in the world.

There are many plugins, and if you have enough knowledge, you can build a site that can be used for commercial purposes.
However, since there are some vulnerabilities caused by plugins, you need to carefully select the right plugin to use.

Since security updates are not made for other than the latest version, it is officially announced that older versions cannot be used safely.
In some cases, security issues are fixed for older versions.
Since there are many plugins (additional functions) available for WordPress, you need to check each plugin for vulnerabilities and new versions.
Tag
  • GPL v2
  • PHP
  • オープンソース
Add Information URL
No Type Name URL
1 https://ja.wordpress.org/download/
2 https://github.com/wordpress/wordpress
3 https://wordpress.org/download/releases/
4 https://ja.wordpress.org/download/releases/
5 https://ja.wordpress.org/about/history/
6 https://wordpress.org/news/category/releases/
7 https://ja.wordpress.org/
List Of Product  [ Click to show release history and vulnerability information ]
No Name Latest Version Release date Initial release Normal Support Security Support
Service Pack Support		 Extended
for a fee		 Critical High Medium Low
321 wordpress 6 6.8.3 Sept. 30, 2025 Nov. 2, 2022 0 0 10 0
322 wordpress 5.9 5.9.5 Oct. 17, 2022 Jan. 25, 2022 0 0 10 0
323 wordpress 5.8 5.8.1 Sept. 9, 2021 July 21, 2021 0 3 13 0
324 wordpress 5.7 5.7.3 Sept. 9, 2021 March 10, 2021 2 4 14 0
325 WordPress 5.6 5.6.5 Sept. 9, 2021 Dec. 8, 2020 2 4 14 0
326 WordPress 5.5 5.5.6 Sept. 9, 2021 Aug. 11, 2020 7 5 16 0
327 WordPress 5.4 5.4.7 Sept. 9, 2021 April 28, 2020 7 7 24 2
328 WordPress 5.3 5.3.9 Sept. 11, 2021 Nov. 21, 2019 8 7 27 2
329 WordPress 5.2 5.2.12 Sept. 9, 2021 May 19, 2019 10 9 38 2
330 WordPress 5.1 5.1.11 Sept. 22, 2021 March 11, 2019 10 10 37 2
331 WordPress 5.0 5.0.14 Sept. 22, 2021 Dec. 10, 2018 11 12 43 2
332 WordPress 4.9 4.9.18 May 12, 2021 Nov. 17, 2017 11 17 49 2
333 WordPress 4.8 4.8.17 May 12, 2021 June 23, 2017 13 20 57 2
334 WordPress 4.7 4.7.18 June 11, 2020 Dec. 7, 2016 16 28 72 2
335 WordPress 4.6 4.6.19 June 11, 2020 Aug. 17, 2016 16 26 70 2
336 WordPress 4.5 4.5.22 June 11, 2020 April 14, 2016 16 33 76 2
337 WordPress 4.4 4.4.23 June 11, 2020 Dec. 9, 2015 16 36 78 2
338 WordPress 4.3 4.3.24 June 11, 2020 Aug. 19, 2015 16 36 81 2
339 WordPress 4.2 4.2.28 June 11, 2020 April 28, 2015 16 37 89 3
340 WordPress 4.1 4.1.31 June 11, 2020 Dec. 19, 2014 16 37 91 3
341 wordpress 4.0 4.0.38 Dec. 15, 2014 Dec. 15, 2014 16 37 97 3
342 WordPress 3.9 3.9.40 Nov. 30, 2022 April 17, 2014 16 38 102 4
343 WordPress 3.8 3.8.41 Nov. 30, 2022 Dec. 16, 2013 16 37 102 4
344 WordPress 3.7 3.7.5 Nov. 30, 2022 Oct. 25, 2013 16 37 102 4
345 wordpress 3.6 3.6.1 Sept. 11, 2013 Aug. 1, 2013 Jan. 1, 2000 15 37 94 4
346 wordpress 3.5 3.5.2 June 21, 2013 Nov. 11, 2012 Jan. 1, 2000 15 37 105 4
347 wordpress 3.4 3.4.2 Sept. 6, 2012 June 13, 2012 Jan. 1, 2000 15 37 108 7
348 wordpress 3.3 3.3.3 June 27, 2012 Dec. 12, 2011 Jan. 1, 2000 15 40 119 6
349 wordpress 3.2 3.2.1 July 12, 2011 July 4, 2011 Jan. 1, 2000 15 44 122 5
350 wordpress 3.1 3.1.4 June 29, 2011 Feb. 23, 2011 Jan. 1, 2000 15 44 125 5
351 wordpress 3.0 3.0.6 April 26, 2011 June 17, 2010 Jan. 1, 2000 15 40 132 7
352 wordpress 2.9 2.9.2 Feb. 15, 2010 Dec. 18, 2009 Jan. 1, 2000 15 39 133 7
353 wordpress 2.8 2.8.6 Nov. 12, 2009 June 11, 2009 Jan. 1, 2000 15 41 137 8
354 wordpress 2.7 2.7.1 Feb. 10, 2009 Dec. 10, 2008 Jan. 1, 2000 15 41 140 8
355 wordpress 2.6 2.6.5 Nov. 25, 2008 July 15, 2008 Jan. 1, 2000 15 44 143 8
356 wordpress 2.5 2.5.1 April 25, 2008 March 29, 2008 Jan. 1, 2000 15 46 143 8
357 wordpress 2.3 2.3.3 Feb. 5, 2008 Sept. 25, 2007 Jan. 1, 2000 16 46 147 9
358 wordpress 2.2 2.2.3 Sept. 24, 2007 Sept. 24, 2007 Jan. 1, 2000 16 48 158 9
359 wordpress 2.1 2.1.3 Sept. 24, 2007 Sept. 24, 2007 Jan. 1, 2000 16 51 157 9
360 wordpress 2.0 2.0.9 Sept. 24, 2007 Sept. 24, 2007 Jan. 1, 2000 16 55 180 9
361 wordpress 1.5 1.5.2 Sept. 24, 2007 Sept. 24, 2007 Jan. 1, 2000 16 58 173 8
362 wordpress 1.2 1.2.5 Sept. 24, 2007 Sept. 24, 2007 Jan. 1, 2000 15 55 175 8
363 wordpress 1.6 1.6.2 Jan. 1, 2000 16 49 161 8
364 wordpress 1.3 1.3.3 Jan. 1, 2000 15 49 164 8
365 wordpress 1.1 1.1.1 Jan. 1, 2000 15 49 163 8
366 wordpress 1.0 1.0.2 Sept. 24, 2007 Jan. 1, 2000 15 53 169 8
367 wordpress 0.72 0.72 Jan. 1, 2000 15 51 163 8
368 wordpress 0.711 0.711 Jan. 1, 2000 15 51 163 8
369 wordpress 0.71 0.71 Sept. 24, 2007 Jan. 1, 2000 15 53 167 8
NVD Vulnerability Information
  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW
No CVSS3
CVSS2		 Level
Attach Vector		 Title CWE CVE cpe23Uri or higher or less more than less than Update date
Published date		 Show Affected Exploit
PoC
Search
321 -
5.0 		MEDIUM wp-login.php in WordPress 2.0.5 and earlier displays different error messages if a user exists or not, which allows remote attackers to obtain sensitive information and facilitates brute force attack… NVD-CWE-Other
CVE-2007-0109 cpe:2.3:a:wordpress:wordpress:2.0:*
cpe:2.3:a:wordpress:wordpress:2.0.5:*
cpe:2.3:a:wordpress:wordpress:2.0.4:* 		2026-04-23 09:35
2007-01-9 		Show GitHub Exploit DB Packet Storm
322 -
6.8 		MEDIUM Cross-site scripting (XSS) vulnerability in wp-admin/templates.php in WordPress 2.0.5 allows remote attackers to inject arbitrary web script or HTML via the file parameter. NOTE: some sources have r… NVD-CWE-Other
CVE-2006-6808 cpe:2.3:a:wordpress:wordpress:2.0:*
cpe:2.3:a:wordpress:wordpress:2.0.4:*
cpe:2.3:a:wordpress:wordpress:2.0.3:* 		2.0.5 2026-04-23 09:35
2006-12-29 		Show GitHub Exploit DB Packet Storm
323 6.5
4.0 		MEDIUM
Network 		wp-admin/user-edit.php in WordPress before 2.0.5 allows remote authenticated users to read the metadata of an arbitrary user via a modified user_id parameter. NVD-CWE-Other
CWE-125
Out-of-bounds Read 		CVE-2006-6016 cpe:2.3:a:wordpress:wordpress:*:* 2.0.4 2026-04-23 09:35
2006-11-22 		Show GitHub Exploit DB Packet Storm
324 6.5
4.0 		MEDIUM
Network 		WordPress before 2.0.5 does not properly store a profile containing a string representation of a serialized object, which allows remote authenticated users to cause a denial of service (application c… NVD-CWE-Other
CWE-400
 Uncontrolled Resource Consumption 		CVE-2006-6017 cpe:2.3:a:wordpress:wordpress:*:* 2.0.5 2026-04-23 09:35
2006-11-22 		Show GitHub Exploit DB Packet Storm
325 -
6.0 		MEDIUM Multiple directory traversal vulnerabilities in plugins/wp-db-backup.php in WordPress before 2.0.5 allow remote authenticated users to read or overwrite arbitrary files via directory traversal sequen… NVD-CWE-Other
CVE-2006-5705 cpe:2.3:a:wordpress:wordpress:2.0.3:*
cpe:2.3:a:wordpress:wordpress:2.0.2:*
cpe:2.3:a:wordpress:wordpress:*:* 		2.0.4 2026-04-23 09:35
2006-11-4 		Show GitHub Exploit DB Packet Storm
326 -
5.0 		MEDIUM WordPress 2.0.2 through 2.0.5 allows remote attackers to obtain sensitive information via a direct request for (1) 404.php, (2) akismet.php, (3) archive.php, (4) archives.php, (5) attachment.php, (6)… NVD-CWE-Other
CVE-2006-4743 cpe:2.3:a:wordpress:wordpress:2.0.5:*
cpe:2.3:a:wordpress:wordpress:2.0.4:*
cpe:2.3:a:wordpress:wordpress:2.0.3:*… 		2018-10-18 06:39
2006-09-14 		Show GitHub Exploit DB Packet Storm
327 -
10.0 		HIGH Multiple unspecified vulnerabilities in WordPress before 2.0.4 have unknown impact and remote attack vectors. NOTE: due to lack of details, it is not clear how these issues are different from CVE-20… NVD-CWE-noinfo
CVE-2006-4028 cpe:2.3:a:wordpress:wordpress:2.0:*
cpe:2.3:a:wordpress:wordpress:2.0.3:*
cpe:2.3:a:wordpress:wordpress:2.0.2:* 		2011-09-1 13:00
2006-08-10 		Show GitHub Exploit DB Packet Storm
328 -
5.0 		MEDIUM index.php in WordPress 2.0.3 allows remote attackers to obtain sensitive information, such as SQL table prefixes, via an invalid paged parameter, which displays the information in an SQL error messag… NVD-CWE-Other
CVE-2006-3389 cpe:2.3:a:wordpress:wordpress:2.0.3:* 2018-10-19 01:47
2006-07-7 		Show GitHub Exploit DB Packet Storm
329 -
5.0 		MEDIUM WordPress 2.0.3 allows remote attackers to obtain the installation path via a direct request to various files, such as those in the (1) wp-admin, (2) wp-content, and (3) wp-includes directories, poss… NVD-CWE-Other
CVE-2006-3390 cpe:2.3:a:wordpress:wordpress:2.0.3:* 2018-10-19 01:47
2006-07-7 		Show GitHub Exploit DB Packet Storm
330 -
5.0 		MEDIUM vars.php in WordPress 2.0.2, possibly when running on Mac OS X, allows remote attackers to spoof their IP address via a PC_REMOTE_ADDR HTTP header, which vars.php uses to redefine $_SERVER['REMOTE_AD… NVD-CWE-Other
CVE-2006-2702 cpe:2.3:a:wordpress:wordpress:2.0.2:* 2018-10-19 01:41
2006-05-31 		Show GitHub Exploit DB Packet Storm