Known Vulnerabilities for Wordpress Mu by Wordpress
Listed below are 10 of the newest known vulnerabilities associated with "Wordpress Mu" by "Wordpress".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-58480 json | Blocksy Companion Pro plugin for WordPress before 2.1.47 contains an unauthenticated arbitrary file upload vulnerability that... | Not Provided | 2026-07-08 | 2026-07-08 |
| CVE-2026-57815 json | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WPMU DEV - Your All-in-One Wo... | Not Provided | 2026-07-13 | 2026-07-13 |
| CVE-2026-57814 json | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPMU DEV - Your All-in-... | Not Provided | 2026-07-13 | 2026-07-13 |
| CVE-2026-57685 json | Subscriber Broken Access Control in Martfury - WooCommerce Marketplace WordPress Theme <= 3.2.8 versions. | Not Provided | 2026-07-02 | 2026-07-02 |
| CVE-2026-57407 json | Server-Side Request Forgery (SSRF) vulnerability in WP Swings PDF Generator for WordPress pdf-generator-for-wp allows Server ... | Not Provided | 2026-07-13 | 2026-07-13 |
| CVE-2026-56011 json | Unauthenticated Cross Site Scripting (XSS) in MapPress Maps for WordPress <= 2.97.3 versions. | Not Provided | 2026-06-26 | 2026-06-26 |
| CVE-2026-52715 json | Unauthenticated SQL Injection in GEO my WordPress <= 4.5.5 versions. | Not Provided | 2026-06-16 | 2026-06-16 |
| CVE-2026-49776 json | Unauthenticated SQL Injection in GPTranslate – Multilingual AI Translation for WordPress: Automatically Translate Websites ... | Not Provided | 2026-06-15 | 2026-06-15 |
| CVE-2026-48964 json | Subscriber SQL Injection in ELEX WordPress HelpDesk & Customer Ticketing System <= 3.3.6 versions. | Not Provided | 2026-06-15 | 2026-06-15 |
| CVE-2026-47365 json | Argument injection vulnerability in WordPress Toolkit before 6.11.0 as used in cPanel & WHM, allows remote authenticated user... | Not Provided | 2026-06-12 | 2026-06-12 |
Known Affected Configurations (CPE V2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Wordpress | Wordpress Mu | 2.9.2 | |||
| Application | Wordpress | Wordpress Mu | 2.9.1.1 | |||
| Application | Wordpress | Wordpress Mu | 2.9.1 | |||
| Application | Wordpress | Wordpress Mu | 2.8.6 | |||
| Application | Wordpress | Wordpress Mu | 2.8.5.2 | |||
| Application | Wordpress | Wordpress Mu | 2.8.5.1 | |||
| Application | Wordpress | Wordpress Mu | 2.8.5 | |||
| Application | Wordpress | Wordpress Mu | 2.8.4 | |||
| Application | Wordpress | Wordpress Mu | 2.8.3 | |||
| Application | Wordpress | Wordpress Mu | 2.8.2 | |||
| Application | Wordpress | Wordpress Mu | 2.8.1 | |||
| Application | Wordpress | Wordpress Mu | 2.7.1 | |||
| Application | Wordpress | Wordpress Mu | 2.7 | |||
| Application | Wordpress | Wordpress Mu | 2.6.5 | |||
| Application | Wordpress | Wordpress Mu | 2.6.3 | |||
| Application | Wordpress | Wordpress Mu | 2.6.2 | |||
| Application | Wordpress | Wordpress Mu | 2.6.1 | |||
| Application | Wordpress | Wordpress Mu | 2.6 | |||
| Application | Wordpress | Wordpress Mu | 1.5.1 | |||
| Application | Wordpress | Wordpress Mu | 1.3.3 |