WordPress Foundation — Vulnerabilities & Security Advisories 6

Browse all 6 CVE security advisories affecting WordPress Foundation. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by WordPress Foundation:WordPress

CVE ID	Title	CVSS	Severity	Published
CVE-2026-3906	WordPress 6.9 - 6.9.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Note Creation via REST API — WordPressCWE-862	4.3	Medium	2026-03-11
CVE-2022-4973	WordPress Core < 6.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via use of the_meta(); function — WordPressCWE-79	4.9	Medium	2024-10-16
CVE-2024-6307	WordPress Core < 6.5.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via HTML API — WordPress	6.4	Medium	2024-06-25
CVE-2024-4439	WordPress 跨站脚本漏洞 — WordPress	7.2	High	2024-05-03
CVE-2023-5692	WordPress Core <= 6.4.3 - Sensitive Information Exposure via redirect_guess_404_permalink — WordPressCWE-200	5.3	Medium	2024-04-05
CVE-2023-2745	WordPress Core < 6.2.1 - Directory Traversal — WordPressCWE-22	5.4	Medium	2023-05-17

This page lists every published CVE security advisory associated with WordPress Foundation. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.

Goal Reached Thanks to every supporter — we hit 100%!

WordPress Foundation — Vulnerabilities & Security Advisories 6