Known Vulnerabilities for products from Wordpress
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Wordpress".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-40308 json | Not Provided | 2026-04-16 | 2026-04-17 | |
| CVE-2026-39614 json | Not Provided | 2026-04-08 | 2026-04-13 | |
| CVE-2026-39466 json | Not Provided | 2026-04-08 | 2026-04-13 | |
| CVE-2026-34424 json | Not Provided | 2026-04-09 | 2026-04-09 | |
| CVE-2026-33559 json | Not Provided | 2026-03-27 | 2026-03-27 | |
| CVE-2026-33290 json | Not Provided | 2026-03-24 | 2026-03-24 | |
| CVE-2026-32448 json | Not Provided | 2026-03-13 | 2026-04-01 | |
| CVE-2026-32412 json | Not Provided | 2026-03-13 | 2026-04-01 | |
| CVE-2026-32409 json | Not Provided | 2026-03-13 | 2026-04-01 | |
| CVE-2026-28043 json | Not Provided | 2026-03-05 | 2026-04-01 | |
| CVE-2024-8914 json | The Thanh Toán Quét Mã QR Code Tự Động – MoMo, ViettelPay, VNPay và 40 ngân hàng Việt Nam plugin for WordPress... | Not Provided | 2024-09-25 | 2026-04-08 |
| CVE-2023-39999 json | Exposure of Sensitive Information to an Unauthorized Actor in WordPress from 6.3 through 6.3.1, from 6.2 through 6.2.2, from... | 4.3 - MEDIUM | 2023-10-13 | 2023-11-20 |
| CVE-2023-38000 json | Auth. Stored (contributor+) Cross-Site Scripting (XSS) vulnerability in WordPress core 6.3 through 6.3.1, from 6.2 through 6... | 5.4 - MEDIUM | 2023-10-13 | 2023-10-16 |
| CVE-2023-22622 json | WordPress through 6.1.1 depends on unpredictable client visits to cause wp-cron.php execution and the resulting security upda... | 5.3 - MEDIUM | 2023-01-05 | 2023-11-07 |
| CVE-2023-5561 json | WordPress does not properly restrict which user fields are searchable via the REST API, allowing unauthenticated attackers to... | 5.3 - MEDIUM | 2023-10-16 | 2023-11-20 |
| CVE-2023-2745 json | WordPress Core is vulnerable to Directory Traversal in versions up to, and including, 6.2, via the ‘wp_lang’ parameter. T... | Not Provided | 2023-05-17 | 2026-04-08 |
| CVE-2022-47174 json | Cross-Site Request Forgery (CSRF) vulnerability in WordPress Performance Team Performance Lab plugin <= 2.2.0 versions. | 8.8 - HIGH | 2023-05-25 | 2023-06-01 |
| CVE-2022-47161 json | Cross-Site Request Forgery (CSRF) vulnerability in The WordPress.Org community Health Check & Troubleshooting plugin <= 1.5.... | 8.8 - HIGH | 2023-05-25 | 2023-05-30 |
| CVE-2022-43504 json | Improper authentication vulnerability in WordPress versions prior to 6.0.3 allows a remote unauthenticated attacker to obtain... | 5.3 - MEDIUM | 2022-12-05 | 2023-02-03 |
| CVE-2022-43500 json | Cross-site scripting vulnerability in WordPress versions prior to 6.0.3 allows a remote unauthenticated attacker to inject an... | 6.1 - MEDIUM | 2022-12-05 | 2023-02-03 |
Known software with vulnerabilities from Wordpress
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Wordpress | Plugin Newsletter Plugin | 1.5 |
| Application | Wordpress | Slideshow Gallery2 | - |
| Application | Wordpress | Wordpress | - |
| Application | Wordpress | Wordpress Mu | 1.1 |