Wordpress

Wordpress

377 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.4

CVE-2022-4973

  • EPSS 1.27%
  • Veröffentlicht 16.10.2024 07:15:12
  • Zuletzt bearbeitet 30.10.2024 15:58:30

WordPress Core, in versions up to 6.0.2, is vulnerable to Authenticated Stored Cross-Site Scripting that can be exploited by users with access to the WordPress post and page editor, typically consisting of Authors, Contributors, and Editors making it...

5.3

CVE-2024-37430

  • EPSS 0.14%
  • Veröffentlicht 09.07.2024 11:15:14
  • Zuletzt bearbeitet 23.04.2026 15:18:37

Authentication Bypass by Spoofing vulnerability in patreon Patreon WordPress patreon-connect.This issue affects Patreon WordPress: from n/a through <= 1.9.0.

5

CVE-2024-32111

  • EPSS 0.41%
  • Veröffentlicht 25.06.2024 14:15:11
  • Zuletzt bearbeitet 15.04.2026 00:35:42

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Automattic WordPress allows Relative Path Traversal.This issue affects WordPress: from 6.5 through 6.5.4, from 6.4 through 6.4.4, from 6.3 through 6.3.4, ...

6.5

CVE-2024-31111

  • EPSS 0.43%
  • Veröffentlicht 25.06.2024 13:15:49
  • Zuletzt bearbeitet 15.04.2026 00:35:42

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Automattic WordPress allows Stored XSS.This issue affects WordPress: from 6.5 through 6.5.4, from 6.4 through 6.4.4, from 6.3 through 6.3.4, ...

6.4

CVE-2024-6307

  • EPSS 0.64%
  • Veröffentlicht 25.06.2024 11:15:50
  • Zuletzt bearbeitet 15.04.2026 00:35:42

WordPress Core is vulnerable to Stored Cross-Site Scripting via the HTML API in various versions prior to 6.5.5 due to insufficient input sanitization and output escaping on URLs. This makes it possible for authenticated attackers, with contributor-l...

6.1

CVE-2024-4439

Exploit
  • EPSS 90.98%
  • Veröffentlicht 03.05.2024 06:15:14
  • Zuletzt bearbeitet 05.01.2026 15:35:42

WordPress Core is vulnerable to Stored Cross-Site Scripting via user display names in the Avatar block in various versions up to 6.5.2 due to insufficient output escaping on the display name. This makes it possible for authenticated attackers, with c...

5.3

CVE-2023-5692

  • EPSS 1.06%
  • Veröffentlicht 05.04.2024 13:15:07
  • Zuletzt bearbeitet 15.04.2026 00:35:42

WordPress Core is vulnerable to Sensitive Information Exposure in versions up to, and including, 6.4.3 via the redirect_guess_404_permalink function. This can allow unauthenticated attackers to expose the slug of a custom post whose 'publicly_querya...

8.8

CVE-2024-31210

  • EPSS 1.2%
  • Veröffentlicht 04.04.2024 23:15:16
  • Zuletzt bearbeitet 07.01.2026 20:13:40

WordPress is an open publishing platform for the Web. It's possible for a file of a type other than a zip file to be submitted as a new plugin by an administrative user on the Plugins -> Add New -> Upload Plugin screen in WordPress. If FTP credential...

9.8

CVE-2024-31211

  • EPSS 39.71%
  • Veröffentlicht 04.04.2024 23:15:16
  • Zuletzt bearbeitet 02.01.2026 20:12:03

WordPress is an open publishing platform for the Web. Unserialization of instances of the `WP_HTML_Token` class allows for code execution via its `__destruct()` magic method. This issue was fixed in WordPress 6.4.2 on December 6th, 2023. Versions pri...

5.3

CVE-2023-5561

Exploit
  • EPSS 53.02%
  • Veröffentlicht 16.10.2023 20:15:18
  • Zuletzt bearbeitet 23.04.2025 17:16:50

WordPress does not properly restrict which user fields are searchable via the REST API, allowing unauthenticated attackers to discern the email addresses of users who have published public posts on an affected website via an Oracle style attack