Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

wordpress — Vulnerabilities & Security Advisories 27

All 27 CVE vulnerabilities found in wordpress, with AI-generated Chinese analysis, references, and POCs.

This page aggregates security vulnerability data specifically for the WordPress product, categorized by common weakness types and associated tags. It collects reports covering a wide range of security issues, including cross-site scripting, privilege escalation, and SQL injection, spanning from early releases to the most recent updates within the last several years. By reviewing this comprehensive dataset, users can track vendor advisories issued by the WordPress community, understand the characteristics and impact of specific weakness classes affecting the platform, and look up a product's vulnerability history to assess its long-term security posture. This resource is designed to provide developers, system administrators, and security analysts with a centralized view of known flaws, enabling informed decisions regarding patching, migration, or configuration hardening. The data is structured to facilitate trend analysis and help identify recurring patterns in vulnerability reports. Understanding these historical trends allows stakeholders to prioritize remediation efforts effectively and reduce the attack surface of their WordPress installations. The information presented here supports continuous improvement in software security by making past issues accessible for review and learning. This aggregation serves as a factual reference point rather than a diagnostic tool, requiring users to apply context when evaluating specific environments. Access to this information helps bridge the gap between theoretical security knowledge and practical implementation in real-world WordPress deployments.

Vendor: n/a

CVE IDTitleCVSSSeverityPublished
CVE-2026-3906 WordPress 6.9 - 6.9.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Note Creation via REST API CWE-862 4.3 Medium2026-03-11
CVE-2025-58674 WordPress <= 6.8.2 - (Author+) Cross Site Scripting (XSS) Vulnerability CWE-79 5.9 Medium2025-09-23
CVE-2025-58246 WordPress <= 6.8.2 - (Contributor+) Sensitive Data Exposure Vulnerability CWE-201 4.3 Medium2025-09-23
CVE-2025-54352 WordPress 安全漏洞 CWE-669 3.7 Low2025-07-21
CVE-2022-4973 WordPress Core < 6.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via use of the_meta(); function CWE-79 4.9 Medium2024-10-16
CVE-2024-32111 WordPress core < 6.5.5 - Auth. Arbitrary .html File Read (Windows Only) vulnerability CWE-22 5.0 Medium2024-06-25
CVE-2024-31111 WordPress Core < 6.5.5 - Cross Site Scripting (XSS) vulnerability CWE-79 6.5 Medium2024-06-25
CVE-2024-6307 WordPress Core < 6.5.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via HTML API 6.4 Medium2024-06-25
CVE-2024-4439 WordPress 跨站脚本漏洞 7.2 High2024-05-03
CVE-2023-5692 WordPress Core <= 6.4.3 - Sensitive Information Exposure via redirect_guess_404_permalink CWE-200 5.3 Medium2024-04-05
CVE-2023-5561 WordPress < 6.3.2 - Unauthenticated Post Author Email Disclosure 5.3 -2023-10-16
CVE-2023-39999 WordPress < 6.3.2 is vulnerable to Broken Access Control CWE-200 4.3 Medium2023-10-13
CVE-2023-38000 Auth. Stored Cross-Site Scripting (XSS) vulnerability in WordPress core and Gutenberg plugin via Navigation Links Block CWE-79 6.5 Medium2023-10-13
CVE-2023-2745 WordPress Core < 6.2.1 - Directory Traversal CWE-22 5.4 Medium2023-05-17
CVE-2022-3590 WP <= 6.1.1 - Unauthenticated Blind SSRF via DNS Rebinding 5.9 -2022-12-14
CVE-2022-43504 WordPress 授权问题漏洞 5.3 -2022-12-05
CVE-2022-43500 WordPress 跨站脚本漏洞 6.1 -2022-12-05
CVE-2022-43497 WordPress 跨站脚本漏洞 6.1 -2022-12-05
CVE-2011-1762 Wordpress 安全漏洞 CWE-284 6.5 -2022-04-18
CVE-2020-11026 Specially crafted filenames in WordPress leading to XSS CWE-707 8.7 High2020-04-30
CVE-2020-11028 Unauthenticated disclosure of certain private posts in WordPress CWE-284 5.8 Medium2020-04-30
CVE-2020-11029 Cross-site scripting in stats method (object cache) in WordPress CWE-79 5.8 Medium2020-04-30
CVE-2020-11030 Cross-site scripting (XSS) in Search block in WordPress CWE-707 6.4 Medium2020-04-30
CVE-2020-11025 Authenticated cross-site scripting (XSS) in WordPress Customizer CWE-79 5.8 Medium2020-04-30
CVE-2020-11027 Password reset links invalidation issue in WordPress CWE-672 6.1 Medium2020-04-30
CVE-2019-16781 Stored cross-site scripting (XSS) in WordPress block editor CWE-79 5.8 Medium2019-12-26
CVE-2019-16780 Stored cross-site scripting (XSS) in WordPress block editor CWE-79 5.8 Medium2019-12-26

All 27 known CVE vulnerabilities affecting wordpress with full Chinese analysis, references, and POCs where available.