Information on source package wordpress

Available versions

ReleaseVersion
jessie4.1.35+dfsg-0+deb8u1
stretch4.7.23+dfsg-0+deb9u1
buster5.0.21+dfsg1-0+deb10u1
bullseye5.7.11+dfsg1-0+deb11u1
bookworm6.1.6+dfsg1-0+deb12u1
trixie6.6.1+dfsg1-1
sid6.6.1+dfsg1-1

Open issues

BugjessiestretchbusterbullseyebookwormtrixiesidDescription
TEMP-1036689-1CA7FBvulnerablevulnerablefixedfixedvulnerable (no DSA, postponed)fixedfixedBlock themes parsing shortcodes in user-generated data
TEMP-1022575-434581vulnerablevulnerablefixedfixedfixedfixedfixedwordpress 6.0.3
CVE-2024-32111vulnerablevulnerablevulnerablefixedfixedfixedfixedImproper Limitation of a Pathname to a Restricted Directory ('Path Tra ...
CVE-2024-31211vulnerablevulnerablefixedfixedfixedfixedfixedWordPress is an open publishing platform for the Web. Unserialization ...
CVE-2024-31210vulnerablevulnerablefixedfixedfixedfixedfixedWordPress is an open publishing platform for the Web. It's possible fo ...
CVE-2024-31111vulnerablevulnerablevulnerablefixedvulnerablefixedfixedImproper Neutralization of Input During Web Page Generation (XSS or 'C ...
CVE-2024-6307vulnerablevulnerablevulnerablefixedvulnerablefixedfixedWordPress Core is vulnerable to Stored Cross-Site Scripting via the HT ...
CVE-2024-4439vulnerablevulnerablevulnerablefixedvulnerablefixedfixedWordPress Core is vulnerable to Stored Cross-Site Scripting via user d ...
CVE-2023-39999vulnerablevulnerablefixedfixedfixedfixedfixedExposure of Sensitive Information to an Unauthorized Actor in WordPres ...
CVE-2023-38000vulnerablevulnerablefixedfixedfixedfixedfixedAuth. Stored (contributor+) Cross-Site Scripting (XSS) vulnerability i ...
CVE-2023-5692vulnerablevulnerablevulnerablevulnerable (no DSA, ignored)vulnerablefixedfixedWordPress Core is vulnerable to Sensitive Information Exposure in vers ...
CVE-2023-5561vulnerablevulnerablefixedfixedfixedfixedfixedWordPress does not properly restrict which user fields are searchable ...
CVE-2023-2745vulnerablevulnerablefixedfixedfixedfixedfixedWordPress Core is vulnerable to Directory Traversal in versions up to, ...
CVE-2022-43504vulnerablevulnerablefixedfixedfixedfixedfixedImproper authentication vulnerability in WordPress versions prior to 6 ...
CVE-2022-43500vulnerablevulnerablefixedfixedfixedfixedfixedCross-site scripting vulnerability in WordPress versions prior to 6.0. ...
CVE-2022-43497vulnerablevulnerablefixedfixedfixedfixedfixedCross-site scripting vulnerability in WordPress versions prior to 6.0. ...
CVE-2022-4973vulnerablevulnerablefixedfixedfixedfixedfixedWordPress Core, in versions up to 6.0.2, is vulnerable to Authenticate ...
CVE-2022-3590vulnerablevulnerablevulnerable (no DSA, postponed)vulnerable (no DSA)vulnerable (no DSA, postponed)vulnerablevulnerableWordPress is affected by an unauthenticated blind SSRF in the pingback ...
CVE-2021-44223vulnerable (no DSA)vulnerable (no DSA)vulnerable (no DSA)vulnerable (no DSA)fixedfixedfixedWordPress before 5.8 lacks support for the Update URI plugin header. T ...
CVE-2019-17674vulnerable (no DSA, postponed)fixedfixedfixedfixedfixedfixedWordPress before 5.2.4 is vulnerable to stored XSS (cross-site scripti ...
CVE-2019-17672vulnerable (no DSA, postponed)fixedfixedfixedfixedfixedfixedWordPress before 5.2.4 is vulnerable to a stored XSS attack to inject ...
CVE-2019-8943undeterminedundeterminedundeterminedundeterminedundeterminedundeterminedundeterminedWordPress through 5.0.3 allows Path Traversal in wp_crop_image(). An a ...
CVE-2018-14028vulnerable (no DSA, postponed)vulnerable (no DSA, postponed)vulnerable (no DSA, postponed)vulnerable (no DSA, postponed)vulnerable (no DSA, postponed)vulnerablevulnerableIn WordPress 4.9.7, plugins uploaded via the admin area are not verifi ...
CVE-2017-1000600vulnerable (no DSA, postponed)vulnerable (no DSA, postponed)fixedfixedfixedfixedfixedWordPress version <4.9 contains a CWE-20 Input Validation vulnerabilit ...
CVE-2012-6707vulnerable (no DSA, postponed)vulnerable (no DSA, postponed)vulnerable (no DSA, postponed)vulnerable (no DSA, postponed)vulnerable (no DSA, postponed)vulnerablevulnerableWordPress through 4.8.2 uses a weak MD5-based password hashing algorit ...

Open unimportant issues

BugjessiestretchbusterbullseyebookwormtrixiesidDescription
CVE-2018-6389vulnerablevulnerablevulnerablevulnerablevulnerablevulnerablevulnerableIn WordPress through 4.9.2, unauthenticated attackers can cause a deni ...
CVE-2017-6514vulnerablevulnerablevulnerablevulnerablevulnerablevulnerablevulnerableWordPress 4.7.2 mishandles listings of post authors, which allows remo ...
CVE-2013-7233vulnerablevulnerablevulnerablevulnerablevulnerablevulnerablevulnerableCross-site request forgery (CSRF) vulnerability in the retrospam compo ...
CVE-2012-5868vulnerablevulnerablevulnerablevulnerablevulnerablevulnerablevulnerableWordPress 3.4.2 does not invalidate a wordpress_sec session cookie upo ...
CVE-2012-0937vulnerablevulnerablevulnerablevulnerablevulnerablevulnerablevulnerablewp-admin/setup-config.php in the installation component in WordPress 3 ...
CVE-2012-0782vulnerablevulnerablevulnerablevulnerablevulnerablevulnerablevulnerableMultiple cross-site scripting (XSS) vulnerabilities in wp-admin/setup- ...
CVE-2011-4899vulnerablevulnerablevulnerablevulnerablevulnerablevulnerablevulnerablewp-admin/setup-config.php in the installation component in WordPress 3 ...
CVE-2011-4898vulnerablevulnerablevulnerablevulnerablevulnerablevulnerablevulnerablewp-admin/setup-config.php in the installation component in WordPress 3 ...
CVE-2008-0191vulnerablevulnerablevulnerablevulnerablevulnerablevulnerablevulnerableWordPress 2.2.x and 2.3.x allows remote attackers to obtain sensitive ...
CVE-2006-0733vulnerablevulnerablevulnerablevulnerablevulnerablevulnerablevulnerableCross-site scripting (XSS) vulnerability in WordPress 2.0.0 allows rem ...

Resolved issues

BugDescription
TEMP-1007145-ABA7D9wordpress 5.9.2
TEMP-0783347-AEABE2Some plugins were vulnerable to an SQL injection vulnerability
TEMP-0783347-555527files with invalid or unsafe names could be uploaded
TEMP-0500295-A176F7possible script injection via /etc/wordpress/wp-config.php
TEMP-0407116-23D9EFwordpress unregister_globals workaround from 2.0.7
TEMP-0369014-6AE03E'Cache' shell injection vulnerability
TEMP-0000000-0CA7E3XSS in press-this of wordpress
CVE-2023-22622WordPress through 6.1.1 depends on unpredictable client visits to caus ...
CVE-2022-21664WordPress is a free and open-source content management system written ...
CVE-2022-21663WordPress is a free and open-source content management system written ...
CVE-2022-21662WordPress is a free and open-source content management system written ...
CVE-2022-21661WordPress is a free and open-source content management system written ...
CVE-2021-39203WordPress is a free and open-source content management system written ...
CVE-2021-39202WordPress is a free and open-source content management system written ...
CVE-2021-39201WordPress is a free and open-source content management system written ...
CVE-2021-39200WordPress is a free and open-source content management system written ...
CVE-2021-29476Requests is a HTTP library written in PHP. Requests mishandles deseria ...
CVE-2021-29450Wordpress is an open source CMS. One of the blocks in the WordPress ed ...
CVE-2021-29447Wordpress is an open source CMS. A user with the ability to upload fil ...
CVE-2020-28040WordPress before 5.5.2 allows CSRF attacks that change a theme's backg ...
CVE-2020-28039is_protected_meta in wp-includes/meta.php in WordPress before 5.5.2 al ...
CVE-2020-28038WordPress before 5.5.2 allows stored XSS via post slugs.
CVE-2020-28037is_blog_installed in wp-includes/functions.php in WordPress before 5.5 ...
CVE-2020-28036wp-includes/class-wp-xmlrpc-server.php in WordPress before 5.5.2 allow ...
CVE-2020-28035WordPress before 5.5.2 allows attackers to gain privileges via XML-RPC ...
CVE-2020-28034WordPress before 5.5.2 allows XSS associated with global variables.
CVE-2020-28033WordPress before 5.5.2 mishandles embeds from disabled sites on a mult ...
CVE-2020-28032WordPress before 5.5.2 mishandles deserialization requests in wp-inclu ...
CVE-2020-25286In wp-includes/comment-template.php in WordPress before 5.4.2, comment ...
CVE-2020-11030In affected versions of WordPress, a special payload can be crafted th ...
CVE-2020-11029In affected versions of WordPress, a vulnerability in the stats() meth ...
CVE-2020-11028In affected versions of WordPress, some private posts, which were prev ...
CVE-2020-11027In affected versions of WordPress, a password reset link emailed to a ...
CVE-2020-11026In affected versions of WordPress, files with a specially crafted name ...
CVE-2020-11025In affected versions of WordPress, a cross-site scripting (XSS) vulner ...
CVE-2020-4050In affected versions of WordPress, misuse of the `set-screen-option` f ...
CVE-2020-4049In affected versions of WordPress, when uploading themes, the name of ...
CVE-2020-4048In affected versions of WordPress, due to an issue in wp_validate_redi ...
CVE-2020-4047In affected versions of WordPress, authenticated users with upload per ...
CVE-2020-4046In affected versions of WordPress, users with low privileges (like con ...
CVE-2019-20043In in wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.ph ...
CVE-2019-20042In wp-includes/formatting.php in WordPress 3.7 to 5.3.0, the function ...
CVE-2019-20041wp_kses_bad_protocol in wp-includes/kses.php in WordPress before 5.3.1 ...
CVE-2019-17675WordPress before 5.2.4 does not properly consider type confusion durin ...
CVE-2019-17673WordPress before 5.2.4 is vulnerable to poisoning of the cache of JSON ...
CVE-2019-17671In WordPress before 5.2.4, unauthenticated viewing of certain content ...
CVE-2019-17670WordPress before 5.2.4 has a Server Side Request Forgery (SSRF) vulner ...
CVE-2019-17669WordPress before 5.2.4 has a Server Side Request Forgery (SSRF) vulner ...
CVE-2019-16781In WordPress before 5.3.1, authenticated users with lower privileges ( ...
CVE-2019-16780WordPress users with lower privileges (like contributors) can inject J ...
CVE-2019-16223WordPress before 5.2.3 allows XSS in post previews by authenticated us ...
CVE-2019-16222WordPress before 5.2.3 has an issue with URL sanitization in wp_kses_b ...
CVE-2019-16221WordPress before 5.2.3 allows reflected XSS in the dashboard.
CVE-2019-16220In WordPress before 5.2.3, validation and sanitization of a URL in wp_ ...
CVE-2019-16219WordPress before 5.2.3 allows XSS in shortcode previews.
CVE-2019-16218WordPress before 5.2.3 allows XSS in stored comments.
CVE-2019-16217WordPress before 5.2.3 allows XSS in media uploads because wp_ajax_upl ...
CVE-2019-9787WordPress before 5.1.1 does not properly filter comment content, leadi ...
CVE-2019-8942WordPress before 4.9.9 and 5.x before 5.0.1 allows remote code executi ...
CVE-2018-20153In WordPress before 4.9.9 and 5.x before 5.0.1, contributors could mod ...
CVE-2018-20152In WordPress before 4.9.9 and 5.x before 5.0.1, authors could bypass i ...
CVE-2018-20151In WordPress before 4.9.9 and 5.x before 5.0.1, the user-activation pa ...
CVE-2018-20150In WordPress before 4.9.9 and 5.x before 5.0.1, crafted URLs could tri ...
CVE-2018-20149In WordPress before 4.9.9 and 5.x before 5.0.1, when the Apache HTTP S ...
CVE-2018-20148In WordPress before 4.9.9 and 5.x before 5.0.1, contributors could con ...
CVE-2018-20147In WordPress before 4.9.9 and 5.x before 5.0.1, authors could modify m ...
CVE-2018-12895WordPress through 4.9.6 allows Author users to execute arbitrary code ...
CVE-2018-10102Before WordPress 4.9.5, the version string was not escaped in the get_ ...
CVE-2018-10101Before WordPress 4.9.5, the URL validator assumed URLs with the hostna ...
CVE-2018-10100Before WordPress 4.9.5, the redirection URL for the login page was not ...
CVE-2018-5776WordPress before 4.9.2 has XSS in the Flash fallback files in MediaEle ...
CVE-2017-1001000The register_routes function in wp-includes/rest-api/endpoints/class-w ...
CVE-2017-17094wp-includes/feed.php in WordPress before 4.9.1 does not properly restr ...
CVE-2017-17093wp-includes/general-template.php in WordPress before 4.9.1 does not pr ...
CVE-2017-17092wp-includes/functions.php in WordPress before 4.9.1 does not require t ...
CVE-2017-17091wp-admin/user-new.php in WordPress before 4.9.1 sets the newbloguser k ...
CVE-2017-16510WordPress before 4.8.3 is affected by an issue where $wpdb->prepare() ...
CVE-2017-14990WordPress 4.8.2 stores cleartext wp_signups.activation_key values (but ...
CVE-2017-14726Before version 4.8.2, WordPress was vulnerable to a cross-site scripti ...
CVE-2017-14725Before version 4.8.2, WordPress was susceptible to an open redirect at ...
CVE-2017-14724Before version 4.8.2, WordPress was vulnerable to cross-site scripting ...
CVE-2017-14723Before version 4.8.2, WordPress mishandled % characters and additional ...
CVE-2017-14722Before version 4.8.2, WordPress allowed a Directory Traversal attack i ...
CVE-2017-14721Before version 4.8.2, WordPress allowed Cross-Site scripting in the pl ...
CVE-2017-14720Before version 4.8.2, WordPress allowed a Cross-Site scripting attack ...
CVE-2017-14719Before version 4.8.2, WordPress was vulnerable to a directory traversa ...
CVE-2017-14718Before version 4.8.2, WordPress was susceptible to a Cross-Site Script ...
CVE-2017-9066In WordPress before 4.7.5, there is insufficient redirect validation i ...
CVE-2017-9065In WordPress before 4.7.5, there is a lack of capability checks for po ...
CVE-2017-9064In WordPress before 4.7.5, a Cross Site Request Forgery (CSRF) vulnera ...
CVE-2017-9063In WordPress before 4.7.5, a cross-site scripting (XSS) vulnerability ...
CVE-2017-9062In WordPress before 4.7.5, there is improper handling of post meta dat ...
CVE-2017-9061In WordPress before 4.7.5, a cross-site scripting (XSS) vulnerability ...
CVE-2017-8295WordPress through 4.7.4 relies on the Host HTTP header for a password- ...
CVE-2017-6819In WordPress before 4.7.3, there is cross-site request forgery (CSRF) ...
CVE-2017-6818In WordPress before 4.7.3 (wp-admin/js/tags-box.js), there is cross-si ...
CVE-2017-6817In WordPress before 4.7.3 (wp-includes/embed.php), there is authentica ...
CVE-2017-6816In WordPress before 4.7.3 (wp-admin/plugins.php), unintended files can ...
CVE-2017-6815In WordPress before 4.7.3 (wp-includes/pluggable.php), control charact ...
CVE-2017-6814In WordPress before 4.7.3, there is authenticated Cross-Site Scripting ...
CVE-2017-5612Cross-site scripting (XSS) vulnerability in wp-admin/includes/class-wp ...
CVE-2017-5611SQL injection vulnerability in wp-includes/class-wp-query.php in WP_Qu ...
CVE-2017-5610wp-admin/includes/class-wp-press-this.php in Press This in WordPress b ...
CVE-2017-5493wp-includes/ms-functions.php in the Multisite WordPress API in WordPre ...
CVE-2017-5492Cross-site request forgery (CSRF) vulnerability in the widget-editing ...
CVE-2017-5491wp-mail.php in WordPress before 4.7.1 might allow remote attackers to ...
CVE-2017-5490Cross-site scripting (XSS) vulnerability in the theme-name fallback fu ...
CVE-2017-5489Cross-site request forgery (CSRF) vulnerability in WordPress before 4. ...
CVE-2017-5488Multiple cross-site scripting (XSS) vulnerabilities in wp-admin/update ...
CVE-2017-5487wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php in t ...
CVE-2016-10148The wp_ajax_update_plugin function in wp-admin/includes/ajax-actions.p ...
CVE-2016-9263WordPress through 4.8.2, when domain-based flashmediaelement.swf sandb ...
CVE-2016-7169Directory traversal vulnerability in the File_Upload_Upgrader class in ...
CVE-2016-7168Cross-site scripting (XSS) vulnerability in the media_handle_upload fu ...
CVE-2016-6897Cross-site request forgery (CSRF) vulnerability in the wp_ajax_update_ ...
CVE-2016-6896Directory traversal vulnerability in the wp_ajax_update_plugin functio ...
CVE-2016-6635Cross-site request forgery (CSRF) vulnerability in the wp_ajax_wp_comp ...
CVE-2016-6634Cross-site scripting (XSS) vulnerability in the network settings page ...
CVE-2016-5839WordPress before 4.5.3 allows remote attackers to bypass the sanitize_ ...
CVE-2016-5838WordPress before 4.5.3 allows remote attackers to bypass intended pass ...
CVE-2016-5837WordPress before 4.5.3 allows remote attackers to bypass intended acce ...
CVE-2016-5836The oEmbed protocol implementation in WordPress before 4.5.3 allows re ...
CVE-2016-5835WordPress before 4.5.3 allows remote attackers to obtain sensitive rev ...
CVE-2016-5834Cross-site scripting (XSS) vulnerability in the wp_get_attachment_link ...
CVE-2016-5833Cross-site scripting (XSS) vulnerability in the column_title function ...
CVE-2016-5832The customizer in WordPress before 4.5.3 allows remote attackers to by ...
CVE-2016-4566Cross-site scripting (XSS) vulnerability in plupload.flash.swf in Plup ...
CVE-2016-4029WordPress before 4.5 does not consider octal and hexadecimal IP addres ...
CVE-2016-2222The wp_http_validate_url function in wp-includes/http.php in WordPress ...
CVE-2016-2221Open redirect vulnerability in the wp_validate_redirect function in wp ...
CVE-2016-1564Multiple cross-site scripting (XSS) vulnerabilities in wp-includes/cla ...
CVE-2015-8834Cross-site scripting (XSS) vulnerability in wp-includes/wp-db.php in W ...
CVE-2015-7989Cross-site scripting (XSS) vulnerability in the user list table in Wor ...
CVE-2015-5734Cross-site scripting (XSS) vulnerability in the legacy theme preview i ...
CVE-2015-5733Cross-site scripting (XSS) vulnerability in the refreshAdvancedAccessi ...
CVE-2015-5732Cross-site scripting (XSS) vulnerability in the form function in the W ...
CVE-2015-5731Cross-site request forgery (CSRF) vulnerability in wp-admin/post.php i ...
CVE-2015-5730The sanitize_widget_instance function in wp-includes/class-wp-customiz ...
CVE-2015-5715The mw_editPost function in wp-includes/class-wp-xmlrpc-server.php in ...
CVE-2015-5714Cross-site scripting (XSS) vulnerability in WordPress before 4.3.1 all ...
CVE-2015-5623WordPress before 4.2.3 does not properly verify the edit_posts capabil ...
CVE-2015-5622Cross-site scripting (XSS) vulnerability in WordPress before 4.2.3 all ...
CVE-2015-3440Cross-site scripting (XSS) vulnerability in wp-includes/wp-db.php in W ...
CVE-2015-3439Cross-site scripting (XSS) vulnerability in the Ephox (formerly Moxiec ...
CVE-2015-3438Multiple cross-site scripting (XSS) vulnerabilities in WordPress befor ...
CVE-2015-3429Cross-site scripting (XSS) vulnerability in example.html in Genericons ...
CVE-2015-2213SQL injection vulnerability in the wp_untrash_post_comments function i ...
CVE-2014-9039wp-login.php in WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x befo ...
CVE-2014-9038wp-includes/http.php in WordPress before 3.7.5, 3.8.x before 3.8.5, 3. ...
CVE-2014-9037WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4. ...
CVE-2014-9036Cross-site scripting (XSS) vulnerability in WordPress before 3.7.5, 3. ...
CVE-2014-9035Cross-site scripting (XSS) vulnerability in Press This in WordPress be ...
CVE-2014-9034wp-includes/class-phpass.php in WordPress before 3.7.5, 3.8.x before 3 ...
CVE-2014-9033Cross-site request forgery (CSRF) vulnerability in wp-login.php in Wor ...
CVE-2014-9032Cross-site scripting (XSS) vulnerability in the media-playlists featur ...
CVE-2014-9031Cross-site scripting (XSS) vulnerability in the wptexturize function i ...
CVE-2014-6412WordPress before 4.4 makes it easier for remote attackers to predict p ...
CVE-2014-5266The Incutio XML-RPC (IXR) Library, as used in WordPress before 3.9.2 a ...
CVE-2014-5265The Incutio XML-RPC (IXR) Library, as used in WordPress before 3.9.2 a ...
CVE-2014-5240Cross-site scripting (XSS) vulnerability in wp-includes/pluggable.php ...
CVE-2014-5205wp-includes/pluggable.php in WordPress before 3.9.2 does not use delim ...
CVE-2014-5204wp-includes/pluggable.php in WordPress before 3.9.2 rejects invalid CS ...
CVE-2014-5203wp-includes/class-wp-customize-widgets.php in the widget implementatio ...
CVE-2014-2053getID3() before 1.9.8, as used in ownCloud Server before 5.0.15 and 6. ...
CVE-2014-0166The wp_validate_auth_cookie function in wp-includes/pluggable.php in W ...
CVE-2014-0165WordPress before 3.7.2 and 3.8.x before 3.8.2 allows remote authentica ...
CVE-2013-5739The default configuration of WordPress before 3.6.1 does not prevent u ...
CVE-2013-5738The get_allowed_mime_types function in wp-includes/functions.php in Wo ...
CVE-2013-4340wp-admin/includes/post.php in WordPress before 3.6.1 allows remote aut ...
CVE-2013-4339WordPress before 3.6.1 does not properly validate URLs before use in a ...
CVE-2013-4338wp-includes/functions.php in WordPress before 3.6.1 does not properly ...
CVE-2013-2205The default configuration of SWFUpload in WordPress before 3.5.2 has a ...
CVE-2013-2204moxieplayer.as in Moxiecode moxieplayer, as used in the TinyMCE Media ...
CVE-2013-2203WordPress before 3.5.2, when the uploads directory forbids write acces ...
CVE-2013-2202WordPress before 3.5.2 allows remote attackers to read arbitrary files ...
CVE-2013-2201Multiple cross-site scripting (XSS) vulnerabilities in WordPress befor ...
CVE-2013-2200WordPress before 3.5.2 does not properly check the capabilities of rol ...
CVE-2013-2199The HTTP API in WordPress before 3.5.2 allows remote attackers to send ...
CVE-2013-2173wp-includes/class-phpass.php in WordPress 3.5.1, when a password-prote ...
CVE-2013-0237Cross-site scripting (XSS) vulnerability in Plupload.as in Moxiecode p ...
CVE-2013-0236Multiple cross-site scripting (XSS) vulnerabilities in WordPress befor ...
CVE-2013-0235The XMLRPC API in WordPress before 3.5.1 allows remote attackers to se ...
CVE-2012-6635wp-admin/includes/class-wp-posts-list-table.php in WordPress before 3. ...
CVE-2012-6634wp-admin/media-upload.php in WordPress before 3.3.3 allows remote atta ...
CVE-2012-6633Cross-site scripting (XSS) vulnerability in wp-includes/default-filter ...
CVE-2012-6112classes/GoogleSpell.php in the PHP Spellchecker (aka Google Spellcheck ...
CVE-2012-4448Cross-site request forgery (CSRF) vulnerability in wp-admin/index.php ...
CVE-2012-4422wp-admin/plugins.php in WordPress before 3.4.2, when the multisite fea ...
CVE-2012-4421The create_post function in wp-includes/class-wp-atom-server.php in Wo ...
CVE-2012-3414Cross-site scripting (XSS) vulnerability in swfupload.swf in SWFUpload ...
CVE-2012-3385WordPress before 3.4.1 does not properly restrict access to post conte ...
CVE-2012-3384Cross-site request forgery (CSRF) vulnerability in the customizer in W ...
CVE-2012-3383The map_meta_cap function in wp-includes/capabilities.php in WordPress ...
CVE-2012-2404wp-comments-post.php in WordPress before 3.3.2 supports offsite redire ...
CVE-2012-2403wp-includes/formatting.php in WordPress before 3.3.2 attempts to enabl ...
CVE-2012-2402wp-admin/plugins.php in WordPress before 3.3.2 allows remote authentic ...
CVE-2012-2401Plupload before 1.5.4, as used in wp-includes/js/plupload/ in WordPres ...
CVE-2012-2400Unspecified vulnerability in wp-includes/js/swfobject.js in WordPress ...
CVE-2012-2399Cross-site scripting (XSS) vulnerability in swfupload.swf in SWFupload ...
CVE-2012-0287Cross-site scripting (XSS) vulnerability in wp-comments-post.php in Wo ...
CVE-2011-5270wp-admin/press-this.php in WordPress before 3.0.6 does not enforce the ...
CVE-2011-4957The make_clickable function in wp-includes/formatting.php in WordPress ...
CVE-2011-4956Cross-site scripting (XSS) vulnerability in WordPress before 3.1.1 all ...
CVE-2011-3130wp-includes/taxonomy.php in WordPress 3.1 before 3.1.3 and 3.2 before ...
CVE-2011-3129The file upload functionality in WordPress 3.1 before 3.1.3 and 3.2 be ...
CVE-2011-3128WordPress 3.1 before 3.1.3 and 3.2 before Beta 2 treats unattached att ...
CVE-2011-3127WordPress 3.1 before 3.1.3 and 3.2 before Beta 2 does not prevent rend ...
CVE-2011-3126WordPress 3.1 before 3.1.3 and 3.2 before Beta 2 allows remote attacke ...
CVE-2011-3125Unspecified vulnerability in WordPress 3.1 before 3.1.3 and 3.2 before ...
CVE-2011-3122Unspecified vulnerability in WordPress 3.1 before 3.1.3 and 3.2 before ...
CVE-2011-1762A flaw exists in Wordpress related to the 'wp-admin/press-this.php 'sc ...
CVE-2011-0701wp-admin/async-upload.php in the media uploader in WordPress before 3. ...
CVE-2011-0700Multiple cross-site scripting (XSS) vulnerabilities in WordPress befor ...
CVE-2010-5297WordPress before 3.0.1, when a Multisite installation is used, permane ...
CVE-2010-5296wp-includes/capabilities.php in WordPress before 3.0.2, when a Multisi ...
CVE-2010-5295Cross-site scripting (XSS) vulnerability in wp-admin/plugins.php in Wo ...
CVE-2010-5294Multiple cross-site scripting (XSS) vulnerabilities in the request_fil ...
CVE-2010-5293wp-includes/comment.php in WordPress before 3.0.2 does not properly wh ...
CVE-2010-5106The XML-RPC remote publishing interface in xmlrpc.php in WordPress bef ...
CVE-2010-4536Multiple cross-site scripting (XSS) vulnerabilities in KSES, as used i ...
CVE-2010-4257SQL injection vulnerability in the do_trackbacks function in wp-includ ...
CVE-2010-2230The KSES text cleaning filter in lib/weblib.php in Moodle before 1.8.1 ...
CVE-2010-1619Cross-site scripting (XSS) vulnerability in the fix_non_standard_entit ...
CVE-2010-0682WordPress 2.9 before 2.9.2 allows remote authenticated users to read t ...
CVE-2009-3891Cross-site scripting (XSS) vulnerability in wp-admin/press-this.php in ...
CVE-2009-3890Unrestricted file upload vulnerability in the wp_check_filetype functi ...
CVE-2009-3622Algorithmic complexity vulnerability in wp-trackback.php in WordPress ...
CVE-2009-2854Wordpress before 2.8.3 does not check capabilities for certain actions ...
CVE-2009-2853Wordpress before 2.8.3 allows remote attackers to gain privileges via ...
CVE-2009-2851Cross-site scripting (XSS) vulnerability in the administrator interfac ...
CVE-2009-2762wp-login.php in WordPress 2.8.3 and earlier allows remote attackers to ...
CVE-2009-2432WordPress and WordPress MU before 2.8.1 allow remote attackers to obta ...
CVE-2009-2431WordPress 2.7.1 places the username of a post's author in an HTML comm ...
CVE-2009-2336The forgotten mail interface in WordPress and WordPress MU before 2.8. ...
CVE-2009-2335WordPress and WordPress MU before 2.8.1 exhibit different behavior for ...
CVE-2009-2334wp-admin/admin.php in WordPress and WordPress MU before 2.8.1 does not ...
CVE-2008-7220Unspecified vulnerability in Prototype JavaScript framework (prototype ...
CVE-2008-6767wp-admin/upgrade.php in WordPress, probably 2.6.x, allows remote attac ...
CVE-2008-6762Open redirect vulnerability in wp-admin/upgrade.php in WordPress, prob ...
CVE-2008-5695wp-admin/options.php in WordPress MU before 1.3.2, and WordPress 2.3.2 ...
CVE-2008-5278Cross-site scripting (XSS) vulnerability in the self_link function in ...
CVE-2008-5113WordPress 2.6.3 relies on the REQUEST superglobal array in certain dan ...
CVE-2008-4796The _httpsrequest function (Snoopy/Snoopy.class.php) in Snoopy 1.2.3 a ...
CVE-2008-4769Directory traversal vulnerability in the get_category_template functio ...
CVE-2008-4671Cross-site scripting (XSS) vulnerability in wp-admin/wp-blogs.php in W ...
CVE-2008-4106WordPress before 2.6.2 does not properly handle MySQL warnings about i ...
CVE-2008-3747The (1) get_edit_post_link and (2) get_edit_comment_link functions in ...
CVE-2008-3233Cross-site scripting (XSS) vulnerability in WordPress before 2.6, SVN ...
CVE-2008-2392Unrestricted file upload vulnerability in WordPress 2.5.1 and earlier ...
CVE-2008-2146wp-includes/vars.php in Wordpress before 2.2.3 does not properly extra ...
CVE-2008-2068Cross-site scripting (XSS) vulnerability in WordPress 2.5 allows remot ...
CVE-2008-1930The cookie authentication method in WordPress 2.5 relies on a hash of ...
CVE-2008-1502The _bad_protocol_once function in phpgwapi/inc/class.kses.inc.php in ...
CVE-2008-1304Multiple cross-site scripting (XSS) vulnerabilities in WordPress 2.3.2 ...
CVE-2008-0664The XML-RPC implementation (xmlrpc.php) in WordPress before 2.3.3, whe ...
CVE-2008-0196Multiple directory traversal vulnerabilities in WordPress 2.0.11 and e ...
CVE-2008-0195WordPress 2.0.11 and earlier allows remote attackers to obtain sensiti ...
CVE-2008-0194Directory traversal vulnerability in wp-db-backup.php in WordPress 2.0 ...
CVE-2008-0193Cross-site scripting (XSS) vulnerability in wp-db-backup.php in WordPr ...
CVE-2008-0192Multiple cross-site scripting (XSS) vulnerabilities in WordPress 2.0.9 ...
CVE-2007-6318SQL injection vulnerability in wp-includes/query.php in WordPress 2.3. ...
CVE-2007-6013Wordpress 1.5 through 2.3.1 uses cookie values based on the MD5 hash o ...
CVE-2007-5710Cross-site scripting (XSS) vulnerability in wp-admin/edit-post-rows.ph ...
CVE-2007-5106Cross-site scripting (XSS) vulnerability in wp-register.php in WordPre ...
CVE-2007-5105Cross-site scripting (XSS) vulnerability in wp-register.php in WordPre ...
CVE-2007-4894Multiple SQL injection vulnerabilities in Wordpress before 2.2.3 and W ...
CVE-2007-4893wp-admin/admin-functions.php in Wordpress before 2.2.3 and Wordpress m ...
CVE-2007-4483Cross-site scripting (XSS) vulnerability in index.php in the WordPress ...
CVE-2007-4165Cross-site scripting (XSS) vulnerability in index.php in the Blue Memo ...
CVE-2007-4154SQL injection vulnerability in options.php in WordPress 2.2.1 allows r ...
CVE-2007-4153Multiple cross-site scripting (XSS) vulnerabilities in WordPress 2.2.1 ...
CVE-2007-3639WordPress before 2.2.2 allows remote attackers to redirect visitors to ...
CVE-2007-3544Unrestricted file upload vulnerability in (1) wp-app.php and (2) app.p ...
CVE-2007-3543Unrestricted file upload vulnerability in WordPress before 2.2.1 and W ...
CVE-2007-3238Cross-site scripting (XSS) vulnerability in functions.php in the defau ...
CVE-2007-3215PHPMailer 1.7, when configured to use sendmail, allows remote attacker ...
CVE-2007-3140SQL injection vulnerability in xmlrpc.php in WordPress 2.2 allows remo ...
CVE-2007-2821SQL injection vulnerability in wp-admin/admin-ajax.php in WordPress be ...
CVE-2007-2714Unspecified vulnerability in akismet.php in Matt Mullenweg Akismet bef ...
CVE-2007-2627Cross-site scripting (XSS) vulnerability in sidebar.php in WordPress, ...
CVE-2007-2383The Prototype (prototypejs) framework before 1.5.1 RC3 exchanges data ...
CVE-2007-1897SQL injection vulnerability in xmlrpc (xmlrpc.php) in WordPress 2.1.2, ...
CVE-2007-1894Cross-site scripting (XSS) vulnerability in wp-includes/general-templa ...
CVE-2007-1893xmlrpc (xmlrpc.php) in WordPress 2.1.2, and probably earlier, allows r ...
CVE-2007-1732Cross-site scripting (XSS) vulnerability in an mt import in wp-admin/a ...
CVE-2007-1622Cross-site scripting (XSS) vulnerability in wp-admin/vars.php in WordP ...
CVE-2007-1599wp-login.php in WordPress allows remote attackers to redirect authenti ...
CVE-2007-1409WordPress allows remote attackers to obtain sensitive information via ...
CVE-2007-1277WordPress 2.1.1, as downloaded from some official distribution sites d ...
CVE-2007-1244Cross-site request forgery (CSRF) vulnerability in the AdminPanel in W ...
CVE-2007-1230Multiple cross-site scripting (XSS) vulnerabilities in wp-includes/fun ...
CVE-2007-1049Cross-site scripting (XSS) vulnerability in the wp_explain_nonce funct ...
CVE-2007-0541WordPress allows remote attackers to determine the existence of arbitr ...
CVE-2007-0540WordPress allows remote attackers to cause a denial of service (bandwi ...
CVE-2007-0539The wp_remote_fopen function in WordPress before 2.1 allows remote att ...
CVE-2007-0262WordPress 2.0.6, and 2.1Alpha 3 (SVN:4662), does not properly verify t ...
CVE-2007-0233wp-trackback.php in WordPress 2.0.6 and earlier does not properly unse ...
CVE-2007-0109wp-login.php in WordPress 2.0.5 and earlier displays different error m ...
CVE-2007-0107WordPress before 2.0.6, when mbstring is enabled for PHP, decodes alte ...
CVE-2007-0106Cross-site scripting (XSS) vulnerability in the CSRF protection scheme ...
CVE-2006-6808Cross-site scripting (XSS) vulnerability in wp-admin/templates.php in ...
CVE-2006-6017WordPress before 2.0.5 does not properly store a profile containing a ...
CVE-2006-6016wp-admin/user-edit.php in WordPress before 2.0.5 allows remote authent ...
CVE-2006-5705Multiple directory traversal vulnerabilities in plugins/wp-db-backup.p ...
CVE-2006-4743WordPress 2.0.2 through 2.0.5 allows remote attackers to obtain sensit ...
CVE-2006-4208Directory traversal vulnerability in wp-db-backup.php in Skippy WP-DB- ...
CVE-2006-4028Multiple unspecified vulnerabilities in WordPress before 2.0.4 have un ...
CVE-2006-3390WordPress 2.0.3 allows remote attackers to obtain the installation pat ...
CVE-2006-3389index.php in WordPress 2.0.3 allows remote attackers to obtain sensiti ...
CVE-2006-2702vars.php in WordPress 2.0.2, possibly when running on Mac OS X, allows ...
CVE-2006-2667Direct static code injection vulnerability in WordPress 2.0.2 and earl ...
CVE-2006-1796Cross-site scripting (XSS) vulnerability in the paging links functiona ...
CVE-2006-1263Multiple "unannounced" cross-site scripting (XSS) vulnerabilities in W ...
CVE-2006-1012SQL injection vulnerability in WordPress 1.5.2, and possibly other ver ...
CVE-2006-0986WordPress 2.0.1 and earlier allows remote attackers to obtain sensitiv ...
CVE-2006-0985Multiple cross-site scripting (XSS) vulnerabilities in the "post comme ...
CVE-2005-4600Directory traversal vulnerability in tiny_mce_gzip.php in TinyMCE Comp ...
CVE-2005-4463WordPress before 1.5.2 allows remote attackers to obtain sensitive inf ...
CVE-2005-3330The _httpsrequest function in Snoopy 1.2, as used in products such as ...
CVE-2005-2612Direct code injection vulnerability in WordPress 1.5.1.3 and earlier a ...
CVE-2005-2110WordPress 1.5.1.2 and earlier allows remote attackers to obtain sensit ...
CVE-2005-2109wp-login.php in WordPress 1.5.1.2 and earlier allows remote attackers ...
CVE-2005-2108SQL injection vulnerability in XMLRPC server in WordPress 1.5.1.2 and ...
CVE-2005-2107Multiple cross-site scripting (XSS) vulnerabilities in post.php in Wor ...
CVE-2005-1810SQL injection vulnerability in template-functions-category.php in Word ...
CVE-2005-1688Wordpress 1.5 and earlier allows remote attackers to obtain sensitive ...
CVE-2005-1687SQL injection vulnerability in wp-trackback.php in Wordpress 1.5 and e ...
CVE-2004-1584CRLF injection vulnerability in wp-login.php in WordPress 1.2 allows r ...
CVE-2004-1559Multiple cross-site scripting (XSS) vulnerabilities in Wordpress 1.2 a ...
CVE-2003-1598SQL injection vulnerability in log.header.php in WordPress 0.7 and ear ...

Security announcements

DSA / DLADescription
DSA-5685-1wordpress - security update
DLA-3756-1wordpress - security update
DLA-3658-1wordpress - security update
DLA-3462-1wordpress - security update
DSA-5279-2wordpress - security update
DSA-5279-1wordpress - security update
DLA-3163-1wordpress - security update
DLA-3141-1wordpress - security update
ELA-582-1wordpress - security update
DLA-2956-1wordpress - security update
DLA-2884-1wordpress - security update
ELA-539-1wordpress - security update
DSA-5039-1wordpress - security update
DSA-4985-1wordpress - security update
DLA-2731-1wordpress - security update
ELA-467-1wordpress - security update
DSA-4896-1wordpress - security update
DLA-2630-1wordpress - security update
ELA-400-1wordpress - security update
DSA-4784-1wordpress - security update
DLA-2429-1wordpress - security update
DLA-2371-1wordpress - security update
DLA-2269-1wordpress - security update
DSA-4709-1wordpress - security update
DLA-2208-1wordpress - security update
DSA-4677-1wordpress - security update
DLA-2067-1wordpress - security update
DSA-4599-1wordpress - security update
DLA-1980-1wordpress - security update
DLA-1960-1wordpress - security update
DLA-1742-1wordpress - security update
DSA-4401-1wordpress - security update
DLA-1673-1wordpress - security update
DLA-1452-1wordpress - security update
DSA-4250-1wordpress - security update
DSA-4193-1wordpress - security update
DLA-1366-1wordpress - security update
DSA-4090-1wordpress - security update
DLA-1216-1wordpress - security update
DLA-1151-2wordpress - regression update
DLA-1160-1wordpress - security update
DLA-1151-1wordpress - security update
DSA-3997-1wordpress - security update
DLA-1075-1wordpress - security update
DLA-975-1wordpress - security update
DSA-3870-1wordpress - security update
DSA-3815-1wordpress - security update
DLA-860-1wordpress - security update
DSA-3779-1wordpress - security update
DLA-813-1wordpress - security update
DSA-3681-2wordpress - regression update
DSA-3681-1wordpress - security update
DLA-633-1wordpress - security update
DSA-3639-1wordpress - security update
DLA-568-1wordpress - security update
DLA-418-1wordpress - security update
DSA-3472-1wordpress - security update
DSA-3444-1wordpress - security update
DSA-3383-1wordpress - security update
DSA-3332-2wordpress - regression update
DSA-3375-1wordpress - security update
DLA-321-1wordpress - security update
DLA-294-1wordpress - security update
DSA-3332-1wordpress - security update
DSA-3328-1wordpress - security update
DLA-236-1wordpress - security update
DSA-3250-1wordpress - security update
DSA-3085-1wordpress - security update
DLA-56-1wordpress - security update
DSA-3001-1wordpress - security update
DSA-2901-1wordpress - security update
DSA-2757-1wordpress - several
DSA-2718-1wordpress - several
DSA-2470-1wordpress - several
DSA-2190-1wordpress - several
DSA-2138-1wordpress - SQL injection
DSA-1871-2wordpress - regression fix
DSA-1871-1wordpress - several vulnerabilities
DSA-1601-1wordpress - several vulnerabilities
DSA-1564-1wordpress - several vulnerabilities
DSA-1502-1wordpress - multiple vulnerabilities
DSA-1285-1wordpress

Search for package or bug name: Reporting problems