Software Detail
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
Number of items displayed
WordPress Number Of NVD 349 CRITICAL 17 HIGH 79 MEDIUM 235 LOW 18
URL https://wordpress.org/
Explanation It is an open source blogging software written in PHP.
It can be used not only for blogs, but also for personal and corporate web sites, and offers a large number of additional features and good-looking themes.
It may be the most used Content Management System (CMS) in the world.

There are many plugins, and if you have enough knowledge, you can build a site that can be used for commercial purposes.
However, since there are some vulnerabilities caused by plugins, you need to carefully select the right plugin to use.

Since security updates are not made for other than the latest version, it is officially announced that older versions cannot be used safely.
In some cases, security issues are fixed for older versions.
Since there are many plugins (additional functions) available for WordPress, you need to check each plugin for vulnerabilities and new versions.
Tag
  • GPL v2
  • PHP
  • オープンソース
Add Information URL
No Type Name URL
1 https://ja.wordpress.org/download/
2 https://github.com/wordpress/wordpress
3 https://wordpress.org/download/releases/
4 https://ja.wordpress.org/download/releases/
5 https://ja.wordpress.org/about/history/
6 https://wordpress.org/news/category/releases/
7 https://ja.wordpress.org/
List Of Product  [ Click to show release history and vulnerability information ]
No Name Latest Version Release date Initial release Normal Support Security Support
Service Pack Support		 Extended
for a fee		 Critical High Medium Low
41 wordpress 6 6.8.3 Sept. 30, 2025 Nov. 2, 2022 0 0 10 0
42 wordpress 5.9 5.9.5 Oct. 17, 2022 Jan. 25, 2022 0 0 10 0
43 wordpress 5.8 5.8.1 Sept. 9, 2021 July 21, 2021 0 3 13 0
44 wordpress 5.7 5.7.3 Sept. 9, 2021 March 10, 2021 2 4 14 0
45 WordPress 5.6 5.6.5 Sept. 9, 2021 Dec. 8, 2020 2 4 14 0
46 WordPress 5.5 5.5.6 Sept. 9, 2021 Aug. 11, 2020 7 5 16 0
47 WordPress 5.4 5.4.7 Sept. 9, 2021 April 28, 2020 7 7 24 2
48 WordPress 5.3 5.3.9 Sept. 11, 2021 Nov. 21, 2019 8 7 27 2
49 WordPress 5.2 5.2.12 Sept. 9, 2021 May 19, 2019 10 9 38 2
50 WordPress 5.1 5.1.11 Sept. 22, 2021 March 11, 2019 10 10 37 2
51 WordPress 5.0 5.0.14 Sept. 22, 2021 Dec. 10, 2018 11 12 43 2
52 WordPress 4.9 4.9.18 May 12, 2021 Nov. 17, 2017 11 17 49 2
53 WordPress 4.8 4.8.17 May 12, 2021 June 23, 2017 13 20 57 2
54 WordPress 4.7 4.7.18 June 11, 2020 Dec. 7, 2016 16 28 72 2
55 WordPress 4.6 4.6.19 June 11, 2020 Aug. 17, 2016 16 26 70 2
56 WordPress 4.5 4.5.22 June 11, 2020 April 14, 2016 16 33 76 2
57 WordPress 4.4 4.4.23 June 11, 2020 Dec. 9, 2015 16 36 78 2
58 WordPress 4.3 4.3.24 June 11, 2020 Aug. 19, 2015 16 36 81 2
59 WordPress 4.2 4.2.28 June 11, 2020 April 28, 2015 16 37 89 3
60 WordPress 4.1 4.1.31 June 11, 2020 Dec. 19, 2014 16 37 91 3
61 wordpress 4.0 4.0.38 Dec. 15, 2014 Dec. 15, 2014 16 37 97 3
62 WordPress 3.9 3.9.40 Nov. 30, 2022 April 17, 2014 16 38 102 4
63 WordPress 3.8 3.8.41 Nov. 30, 2022 Dec. 16, 2013 16 37 102 4
64 WordPress 3.7 3.7.5 Nov. 30, 2022 Oct. 25, 2013 16 37 102 4
65 wordpress 3.6 3.6.1 Sept. 11, 2013 Aug. 1, 2013 Jan. 1, 2000 15 37 94 4
66 wordpress 3.5 3.5.2 June 21, 2013 Nov. 11, 2012 Jan. 1, 2000 15 37 105 4
67 wordpress 3.4 3.4.2 Sept. 6, 2012 June 13, 2012 Jan. 1, 2000 15 37 108 7
68 wordpress 3.3 3.3.3 June 27, 2012 Dec. 12, 2011 Jan. 1, 2000 15 40 119 6
69 wordpress 3.2 3.2.1 July 12, 2011 July 4, 2011 Jan. 1, 2000 15 44 122 5
70 wordpress 3.1 3.1.4 June 29, 2011 Feb. 23, 2011 Jan. 1, 2000 15 44 125 5
71 wordpress 3.0 3.0.6 April 26, 2011 June 17, 2010 Jan. 1, 2000 15 40 132 7
72 wordpress 2.9 2.9.2 Feb. 15, 2010 Dec. 18, 2009 Jan. 1, 2000 15 39 133 7
73 wordpress 2.8 2.8.6 Nov. 12, 2009 June 11, 2009 Jan. 1, 2000 15 41 137 8
74 wordpress 2.7 2.7.1 Feb. 10, 2009 Dec. 10, 2008 Jan. 1, 2000 15 41 140 8
75 wordpress 2.6 2.6.5 Nov. 25, 2008 July 15, 2008 Jan. 1, 2000 15 44 143 8
76 wordpress 2.5 2.5.1 April 25, 2008 March 29, 2008 Jan. 1, 2000 15 46 143 8
77 wordpress 2.3 2.3.3 Feb. 5, 2008 Sept. 25, 2007 Jan. 1, 2000 16 46 147 9
78 wordpress 2.2 2.2.3 Sept. 24, 2007 Sept. 24, 2007 Jan. 1, 2000 16 48 158 9
79 wordpress 2.1 2.1.3 Sept. 24, 2007 Sept. 24, 2007 Jan. 1, 2000 16 51 157 9
80 wordpress 2.0 2.0.9 Sept. 24, 2007 Sept. 24, 2007 Jan. 1, 2000 16 55 180 9
81 wordpress 1.5 1.5.2 Sept. 24, 2007 Sept. 24, 2007 Jan. 1, 2000 16 58 173 8
82 wordpress 1.2 1.2.5 Sept. 24, 2007 Sept. 24, 2007 Jan. 1, 2000 15 55 175 8
83 wordpress 1.6 1.6.2 Jan. 1, 2000 16 49 161 8
84 wordpress 1.3 1.3.3 Jan. 1, 2000 15 49 164 8
85 wordpress 1.1 1.1.1 Jan. 1, 2000 15 49 163 8
86 wordpress 1.0 1.0.2 Sept. 24, 2007 Jan. 1, 2000 15 53 169 8
87 wordpress 0.72 0.72 Jan. 1, 2000 15 51 163 8
88 wordpress 0.711 0.711 Jan. 1, 2000 15 51 163 8
89 wordpress 0.71 0.71 Sept. 24, 2007 Jan. 1, 2000 15 53 167 8
NVD Vulnerability Information
  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW
No CVSS3
CVSS2		 Level
Attach Vector		 Title CWE CVE cpe23Uri or higher or less more than less than Update date
Published date		 Show Affected Exploit
PoC
Search
41 8.1
5.5 		HIGH
Network 		In affected versions of WordPress, a password reset link emailed to a user does not expire upon changing the user password. Access would be needed to the email account of the user by a malicious part… - CVE-2020-11027 cpe:2.3:a:wordpress:wordpress:5.4:*
cpe:2.3:a:wordpress:wordpress:*:* 		5.3
5.2
5.1
5.0
4.9
4.8
4.7
4.6
4.5
4.4
4.3
4.2
4.1
4.0
3.9
3.8
3.7































5.3.3
5.2.6
5.1.5
5.0.9
4.9.14
4.8.13
4.7.17
4.6.18
4.5.21
4.4.22
4.3.23
4.2.27
4.1… 		2024-11-21 13:56
2020-05-1 		Show GitHub Exploit DB Packet Storm
42 5.4
3.5 		MEDIUM
Network 		In affected versions of WordPress, a special payload can be crafted that can lead to scripts getting executed within the search block of the block editor. This requires an authenticated user with the… CWE-79
Cross-site Scripting 		CVE-2020-11030 cpe:2.3:a:wordpress:wordpress:*:* 5.4.1 2024-11-21 13:56
2020-05-1 		Show GitHub Exploit DB Packet Storm
43 5.4
3.5 		MEDIUM
Network 		In affected versions of WordPress, files with a specially crafted name when uploaded to the Media section can lead to script execution upon accessing the file. This requires an authenticated user wit… CWE-79
Cross-site Scripting 		CVE-2020-11026 cpe:2.3:a:wordpress:wordpress:5.4:*
cpe:2.3:a:wordpress:wordpress:*:* 		5.3
5.2
5.1
5.0
4.9
4.8
4.7
4.6
4.5
4.4
4.3
4.2
4.1
4.0
3.9
3.8
3.7































5.3.3
5.2.6
5.1.5
5.0.9
4.9.14
4.8.13
4.7.17
4.6.18
4.5.21
4.4.22
4.3.23
4.2.27
4.1… 		2024-11-21 13:56
2020-05-1 		Show GitHub Exploit DB Packet Storm
44 5.4
3.5 		MEDIUM
Network 		In affected versions of WordPress, a cross-site scripting (XSS) vulnerability in the navigation section of Customizer allows JavaScript code to be executed. Exploitation requires an authenticated use… CWE-79
Cross-site Scripting 		CVE-2020-11025 cpe:2.3:a:wordpress:wordpress:*:* 4.7 5.4.1 2024-11-21 13:56
2020-05-1 		Show GitHub Exploit DB Packet Storm
45 4.3
5.0 		MEDIUM
Network 		In in wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php in WordPress 3.7 to 5.3.0, authenticated users who do not have the rights to publish a post are able to mark posts as sticky or… CWE-269
 Improper Privilege Management 		CVE-2019-20043 cpe:2.3:a:wordpress:wordpress:*:* 3.7 5.3.1 2024-11-21 13:37
2019-12-27 		Show GitHub Exploit DB Packet Storm
46 6.1
4.3 		MEDIUM
Network 		In wp-includes/formatting.php in WordPress 3.7 to 5.3.0, the function wp_targeted_link_rel() can be used in a particular way to result in a stored cross-site scripting (XSS) vulnerability. This has b… CWE-79
Cross-site Scripting 		CVE-2019-20042 cpe:2.3:a:wordpress:wordpress:*:* 3.7 5.3.1 2024-11-21 13:37
2019-12-27 		Show GitHub Exploit DB Packet Storm
47 9.8
7.5 		CRITICAL
Network 		wp_kses_bad_protocol in wp-includes/kses.php in WordPress before 5.3.1 mishandles the HTML5 colon named entity, allowing attackers to bypass input sanitization, as demonstrated by the javascript&colo… CWE-20
 Improper Input Validation  		CVE-2019-20041 cpe:2.3:a:wordpress:wordpress:*:* 5.3.1 2024-11-21 13:37
2019-12-27 		Show GitHub Exploit DB Packet Storm
48 5.4
3.5 		MEDIUM
Network 		In WordPress before 5.3.1, authenticated users with lower privileges (like contributors) can inject JavaScript code in the block editor, which is executed within the dashboard. It can lead to an admi… CWE-79
Cross-site Scripting 		CVE-2019-16781 cpe:2.3:a:wordpress:wordpress:*:* 5.3.1 2024-11-21 13:31
2019-12-27 		Show GitHub Exploit DB Packet Storm
49 5.4
3.5 		MEDIUM
Network 		WordPress users with lower privileges (like contributors) can inject JavaScript code in the block editor using a specific payload, which is executed within the dashboard. This can lead to XSS if an a… CWE-79
Cross-site Scripting 		CVE-2019-16780 cpe:2.3:a:wordpress:wordpress:3.7:-
cpe:2.3:a:wordpress:wordpress:*:* 		3.7 5.3.1 2024-11-21 13:31
2019-12-27 		Show GitHub Exploit DB Packet Storm
50 8.8
6.8 		HIGH
Network 		WordPress before 5.2.4 does not properly consider type confusion during validation of the referer in the admin pages, possibly leading to CSRF. CWE-352
CWE-843
 Origin Validation Error
Type Confusion 		CVE-2019-17675 cpe:2.3:a:wordpress:wordpress:*:* 5.2.4 2024-11-21 13:32
2019-10-17 		Show GitHub Exploit DB Packet Storm