Wordpress

Wordpress

360 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.6

CVE-2024-31210

  • EPSS 0.66%
  • Published 04.04.2024 23:15:16
  • Last modified 21.11.2024 09:13:02

WordPress is an open publishing platform for the Web. It's possible for a file of a type other than a zip file to be submitted as a new plugin by an administrative user on the Plugins -> Add New -> Upload Plugin screen in WordPress. If FTP credential...

5.3

CVE-2023-5561

Exploit
  • EPSS 62.78%
  • Published 16.10.2023 20:15:18
  • Last modified 23.04.2025 17:16:50

WordPress does not properly restrict which user fields are searchable via the REST API, allowing unauthenticated attackers to discern the email addresses of users who have published public posts on an affected website via an Oracle style attack

4.3

CVE-2023-39999

Exploit
  • EPSS 0.9%
  • Published 13.10.2023 12:15:09
  • Last modified 21.11.2024 08:16:12

Exposure of Sensitive Information to an Unauthorized Actor in WordPress from 6.3 through 6.3.1, from 6.2 through 6.2.2, from 6.1 through 6.13, from 6.0 through 6.0.5, from 5.9 through 5.9.7, from 5.8 through 5.8.7, from 5.7 through 5.7.9, from 5.6 th...

5.4

CVE-2023-38000

Exploit
  • EPSS 0.35%
  • Published 13.10.2023 10:15:09
  • Last modified 21.11.2024 08:12:40

Auth. Stored (contributor+) Cross-Site Scripting (XSS) vulnerability in WordPress core 6.3 through 6.3.1, from 6.2 through 6.2.2, from 6.1 through 6.1.3, from 6.0 through 6.0.5, from 5.9 through 5.9.7 and Gutenberg plugin <= 16.8.0 versions.

6.1

CVE-2023-2745

  • EPSS 66.38%
  • Published 17.05.2023 09:15:10
  • Last modified 24.04.2025 19:15:45

WordPress Core is vulnerable to Directory Traversal in versions up to, and including, 6.2, via the ‘wp_lang’ parameter. This allows unauthenticated attackers to access and load arbitrary translation files. In cases where an attacker is able to upload...

5.3

CVE-2023-22622

  • EPSS 3.05%
  • Published 05.01.2023 02:15:07
  • Last modified 07.04.2025 19:15:49

WordPress through 6.1.1 depends on unpredictable client visits to cause wp-cron.php execution and the resulting security updates, and the source code describes "the scenario where a site may not receive enough visits to execute scheduled tasks in a t...

5.9

CVE-2022-3590

Exploit
  • EPSS 73.53%
  • Published 14.12.2022 09:15:09
  • Last modified 21.04.2025 15:15:51

WordPress is affected by an unauthenticated blind SSRF in the pingback feature. Because of a TOCTOU race condition between the validation checks and the HTTP request, attackers can reach internal hosts that are explicitly forbidden.

6.1

CVE-2022-43497

  • EPSS 1.01%
  • Published 05.12.2022 04:15:10
  • Last modified 24.04.2025 14:15:37

Cross-site scripting vulnerability in WordPress versions prior to 6.0.3 allows a remote unauthenticated attacker to inject an arbitrary script. The developer also provides new patched releases for all versions since 3.7.

6.1

CVE-2022-43500

  • EPSS 0.72%
  • Published 05.12.2022 04:15:10
  • Last modified 24.04.2025 14:15:37

Cross-site scripting vulnerability in WordPress versions prior to 6.0.3 allows a remote unauthenticated attacker to inject an arbitrary script. The developer also provides new patched releases for all versions since 3.7.

5.3

CVE-2022-43504

  • EPSS 1.54%
  • Published 05.12.2022 04:15:10
  • Last modified 24.04.2025 14:15:37

Improper authentication vulnerability in WordPress versions prior to 6.0.3 allows a remote unauthenticated attacker to obtain the email address of the user who posted a blog using the WordPress Post by Email Feature. The developer also provides new p...