Homepage

wordpress vulnerabilities

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the wordpress package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free
VulnerabilityVulnerable Version
  • L
Information Exposure

<6.1.9+dfsg1-0+deb12u1
  • L
Cross-site Scripting (XSS)

<6.1.9+dfsg1-0+deb12u1
  • L
Incorrect Resource Transfer Between Spheres

*
  • M
Cross-site Scripting (XSS)

<6.0.2+dfsg1-1
  • L
Cross-site Scripting (XSS)

<6.1.9+dfsg1-0+deb12u1
  • M
CVE-2024-6307

<6.1.9+dfsg1-0+deb12u1
  • M
CVE-2024-4439

<6.1.9+dfsg1-0+deb12u1
  • L
CVE-2023-5692

*
  • H
CVE-2024-31210

<6.1.6+dfsg1-0+deb12u1
  • M
CVE-2023-5561

<6.1.6+dfsg1-0+deb12u1
  • M
Information Exposure

<6.1.6+dfsg1-0+deb12u1
  • M
Cross-site Scripting (XSS)

<6.1.6+dfsg1-0+deb12u1
  • M
Directory Traversal

<6.1.6+dfsg1-0+deb12u1
  • L
Time-of-check Time-of-use (TOCTOU)

*
  • M
Cross-site Scripting (XSS)

<6.0.3+dfsg1-1
  • M
Cross-site Scripting (XSS)

<6.0.3+dfsg1-1
  • M
Improper Authentication

<6.0.3+dfsg1-1
  • M
Incorrect Default Permissions

<3.2.1+dfsg-1
  • M
Cross-site Scripting (XSS)

<5.8.3+dfsg1-1
  • H
SQL Injection

<5.8.3+dfsg1-1
  • H
Deserialization of Untrusted Data

<5.8.3+dfsg1-1
  • H
SQL Injection

<5.8.3+dfsg1-1
  • C
CVE-2021-44223

<5.8.1+dfsg1-1
  • M
Cross-site Scripting (XSS)

<5.8.1+dfsg1-1
  • M
Information Exposure

<5.8.1+dfsg1-1
  • C
Deserialization of Untrusted Data

<5.5.3+dfsg1-1
  • L
XML External Entity (XXE) Injection

<5.7.1+dfsg1-1
  • M
Information Exposure

<5.7.1+dfsg1-1
  • M
Cross-site Request Forgery (CSRF)

<5.5.3+dfsg1-1
  • C
CVE-2020-28039

<5.5.3+dfsg1-1
  • M
Cross-site Scripting (XSS)

<5.5.3+dfsg1-1
  • C
Improper Privilege Management

<5.5.3+dfsg1-1
  • C
Improper Privilege Management

<5.5.3+dfsg1-1
  • C
Improper Input Validation

<5.5.3+dfsg1-1
  • M
Cross-site Scripting (XSS)

<5.5.3+dfsg1-1
  • H
CVE-2020-28033

<5.5.3+dfsg1-1
  • C
Deserialization of Untrusted Data

<5.5.3+dfsg1-1
  • M
CVE-2020-25286

<5.4.2+dfsg1-1
  • M
Cross-site Scripting (XSS)

<5.4.2+dfsg1-1
  • M
Open Redirect

<5.4.2+dfsg1-1
  • M
Cross-site Scripting (XSS)

<5.4.2+dfsg1-1
  • L
Authentication Bypass

<5.4.2+dfsg1-1
  • L
Cross-site Scripting (XSS)

<5.4.2+dfsg1-1
  • M
Cross-site Scripting (XSS)

<5.4.1+dfsg1-1
  • M
Cross-site Scripting (XSS)

<5.4.1+dfsg1-1
  • M
Cross-site Scripting (XSS)

<5.4.1+dfsg1-1
  • M
Cross-site Scripting (XSS)

<5.4.1+dfsg1-1
  • H
Weak Password Recovery Mechanism for Forgotten Password

<5.4.1+dfsg1-1
  • H
Missing Authentication for Critical Function

<5.4.1+dfsg1-1
  • M
Improper Privilege Management

<5.3.2+dfsg1-1
  • C
Improper Input Validation

<5.3.2+dfsg1-1
  • M
Cross-site Scripting (XSS)

<5.3.2+dfsg1-1
  • M
Cross-site Scripting (XSS)

<5.3.2+dfsg1-1
  • M
Cross-site Scripting (XSS)

<5.3.2+dfsg1-1
  • M
Cross-site Scripting (XSS)

<5.2.4+dfsg1-1
  • C
Server-Side Request Forgery (SSRF)

<5.2.4+dfsg1-1
  • M
Cross-site Scripting (XSS)

<5.2.4+dfsg1-1
  • M
Information Exposure

<5.2.4+dfsg1-1
  • C
Server-Side Request Forgery (SSRF)

<5.2.4+dfsg1-1
  • H
Improper Input Validation

<5.2.4+dfsg1-1
  • H
Cross-site Request Forgery (CSRF)

<5.2.4+dfsg1-1
  • M
Cross-site Scripting (XSS)

<5.2.3+dfsg1-1
  • M
Cross-site Scripting (XSS)

<5.2.3+dfsg1-1
  • M
Open Redirect

<5.2.3+dfsg1-1
  • M
Cross-site Scripting (XSS)

<5.2.3+dfsg1-1
  • M
Cross-site Scripting (XSS)

<5.2.3+dfsg1-1
  • M
Cross-site Scripting (XSS)

<5.2.3+dfsg1-1
  • M
Cross-site Scripting (XSS)

<5.2.3+dfsg1-1
  • L
Information Exposure

*
  • H
Cross-site Request Forgery (CSRF)

<5.1.1+dfsg1-1
  • H
Arbitrary Code Injection

<5.0.1+dfsg1-1
  • M
Cross-site Scripting (XSS)

<5.0.1+dfsg1-1
  • C
Deserialization of Untrusted Data

<5.0.1+dfsg1-1
  • M
Cross-site Scripting (XSS)

<5.0.1+dfsg1-1
  • M
Cross-site Scripting (XSS)

<5.0.1+dfsg1-1
  • M
Incorrect Authorization

<5.0.1+dfsg1-1
  • H
Information Exposure

<5.0.1+dfsg1-1
  • M
Improper Input Validation

<5.0.1+dfsg1-1
  • H
Improper Input Validation

<4.9.1+dfsg-1
  • L
Unrestricted Upload of File with Dangerous Type

*
  • H
Directory Traversal

<4.9.7+dfsg1-1
  • M
Open Redirect

<4.9.5+dfsg1-1
  • M
Open Redirect

<4.9.5+dfsg1-1
  • M
Cross-site Scripting (XSS)

<4.9.5+dfsg1-1
  • L
Resource Exhaustion

*
  • M
Cross-site Scripting (XSS)

<4.9.2+dfsg-1
  • H
Use of Insufficiently Random Values

<4.9.1+dfsg-1
  • M
Cross-site Scripting (XSS)

<4.9.1+dfsg-1
  • M
Cross-site Scripting (XSS)

<4.9.1+dfsg-1
  • M
Cross-site Scripting (XSS)

<4.9.1+dfsg-1
  • C
SQL Injection

<4.8.3+dfsg-1
  • L
Inadequate Encryption Strength

*
  • M
Improper Input Validation

<4.1+dfsg-1
  • M
Cleartext Storage of Sensitive Information

<4.8.2+dfsg-2
  • H
Directory Traversal

<4.8.2+dfsg-1
  • H
Directory Traversal

<4.8.2+dfsg-1
  • M
Open Redirect

<4.8.2+dfsg-1
  • M
Cross-site Scripting (XSS)

<4.8.2+dfsg-1
  • M
Cross-site Scripting (XSS)

<4.8.2+dfsg-1
  • M
Cross-site Scripting (XSS)

<4.8.2+dfsg-1
  • M
Cross-site Scripting (XSS)

<4.8.2+dfsg-1
  • M
Cross-site Scripting (XSS)

<4.8.2+dfsg-1
  • C
SQL Injection

<4.8.2+dfsg-1
  • H
Improper Input Validation

<4.7.5+dfsg-1
  • H
Cross-site Request Forgery (CSRF)

<4.7.5+dfsg-1
  • H
Cross-site Request Forgery (CSRF)

<4.7.5+dfsg-1
  • H
Server-Side Request Forgery (SSRF)

<4.7.5+dfsg-1
  • M
Cross-site Scripting (XSS)

<4.7.5+dfsg-1
  • M
Cross-site Scripting (XSS)

<4.7.5+dfsg-1
  • M
Weak Password Recovery Mechanism for Forgotten Password

<4.7.5+dfsg-2
  • H
CVE-2017-1001000

<4.7.2+dfsg-1
  • M
Incorrect Authorization

<4.7.3+dfsg-1
  • M
Cross-site Request Forgery (CSRF)

<4.7.3+dfsg-1
  • M
Cross-site Scripting (XSS)

<4.7.3+dfsg-1
  • M
Improper Input Validation

<4.7.3+dfsg-1
  • M
Cross-site Scripting (XSS)

<4.7.3+dfsg-1
  • M
Cross-site Scripting (XSS)

<4.7.3+dfsg-1
  • M
Cross-site Scripting (XSS)

<4.7.2+dfsg-1
  • C
SQL Injection

<4.7.2+dfsg-1
  • M
Information Exposure

<4.7.2+dfsg-1
  • M
Security Features

<4.6.1+dfsg-1
  • M
Cross-site Request Forgery (CSRF)

<4.6.1+dfsg-1
  • H
Directory Traversal

<4.6.1+dfsg-1
  • H
Cross-site Request Forgery (CSRF)

<4.7.1+dfsg-1
  • M
Information Exposure

<4.7.1+dfsg-1
  • M
Cross-site Scripting (XSS)

<4.7.1+dfsg-1
  • H
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)

<4.7.1+dfsg-1
  • M
Cross-site Scripting (XSS)

<4.7.1+dfsg-1
  • H
Cross-site Request Forgery (CSRF)

<4.7.1+dfsg-1
  • M
Insecure Default Initialization of Resource

<4.7.1+dfsg-1
  • M
Cross-site Scripting (XSS)

<4.6.1+dfsg-1
  • M
Directory Traversal

<4.6.1+dfsg-1
  • H
Improper Authorization

<4.5+dfsg-1
  • M
Cross-site Scripting (XSS)

<4.5+dfsg-1
  • H
Cross-site Request Forgery (CSRF)

<4.5+dfsg-1
  • H
CVE-2016-5832

<4.5.3+dfsg-1
  • H
CVE-2016-5837

<4.5.3+dfsg-1
  • M
Cross-site Scripting (XSS)

<4.5.3+dfsg-1
  • H
CVE-2016-5836

<4.5.3+dfsg-1
  • H
CVE-2016-5839

<4.5.3+dfsg-1
  • M
Cross-site Scripting (XSS)

<4.5.3+dfsg-1
  • H
Information Exposure

<4.5.3+dfsg-1
  • H
Credentials Management

<4.5.3+dfsg-1
  • M
Cross-site Scripting (XSS)

<4.3.1+dfsg-1
  • M
Cross-site Scripting (XSS)

<4.3.1+dfsg-1
  • H
CVE-2016-2221

<4.4.2+dfsg-1
  • M
Cross-site Scripting (XSS)

<4.5.2+dfsg-1
  • M
Cross-site Scripting (XSS)

<4.4.1+dfsg-1
  • H
CVE-2016-2222

<4.4.2+dfsg-1
  • M
Cross-site Scripting (XSS)

<4.2.2+dfsg-1
  • M
Access Restriction Bypass

<4.3.1+dfsg-1
  • M
Cross-site Scripting (XSS)

<4.2.4+dfsg-1
  • H
SQL Injection

<4.2.4+dfsg-1
  • M
Cross-site Scripting (XSS)

<4.2.4+dfsg-1
  • M
Information Exposure

<4.2.4+dfsg-1
  • M
Cross-site Scripting (XSS)

<4.2.4+dfsg-1
  • M
Cross-site Request Forgery (CSRF)

<4.2.4+dfsg-1
  • M
Cross-site Scripting (XSS)

<4.2+dfsg-1
  • M
Cross-site Scripting (XSS)

<4.2+dfsg-1
  • M
Cross-site Scripting (XSS)

<4.2.1+dfsg-1
  • L
Cross-site Scripting (XSS)

<4.2.3+dfsg-1
  • M
Improper Access Control

<4.2.3+dfsg-1
  • M
Cross-site Scripting (XSS)

<4.2.2+dfsg-1
  • M
Cross-site Scripting (XSS)

<4.0.1+dfsg-1
  • M
Cross-site Scripting (XSS)

<4.0.1+dfsg-1
  • M
Security Features

<4.0.1+dfsg-1
  • M
Cross-site Request Forgery (CSRF)

<4.0.1+dfsg-1
  • M
Improper Input Validation

<4.0.1+dfsg-1
  • M
Cryptographic Issues

<4.0.1+dfsg-1
  • M
Improper Data Handling

<4.0.1+dfsg-1
  • M
Cross-site Scripting (XSS)

<4.0.1+dfsg-1
  • M
Cross-site Scripting (XSS)

<4.0.1+dfsg-1
  • H
SQL Injection

<1.0.1-1
  • M
Resource Management Errors

<3.9.2+dfsg-1
  • L
Cross-site Scripting (XSS)

<3.9.2+dfsg-1
  • M
Resource Management Errors

<3.9.2+dfsg-1
  • M
Cross-site Request Forgery (CSRF)

<3.9.2+dfsg-1
  • M
Cross-site Request Forgery (CSRF)

<3.9.2+dfsg-1
  • H
CVE-2014-5203

<3.9.2+dfsg-1
  • H
CVE-2014-2053

<3.9.2+dfsg-1
  • M
Access Restriction Bypass

<3.8.2+dfsg-1
  • M
Improper Authentication

<3.8.2+dfsg-1
  • M
Cross-site Scripting (XSS)

<3.4+dfsg-1
  • M
Access Restriction Bypass

<3.0.2-1
  • M
Access Restriction Bypass

<3.4+dfsg-1
  • M
Access Restriction Bypass

<3.4+dfsg-1
  • M
Access Restriction Bypass

<3.0.2-1
  • M
Cross-site Scripting (XSS)

<3.0.2-1
  • L
Access Restriction Bypass

<3.0.1-1
  • M
Cross-site Scripting (XSS)

<3.0.2-1
  • M
Access Restriction Bypass

<3.2.1+dfsg-1
  • L
Cross-site Request Forgery (CSRF)

*
  • H
Improper Input Validation

<3.6.1+dfsg-1
  • L
Access Restriction Bypass

<3.6.1+dfsg-1
  • M
Improper Input Validation

<3.6.1+dfsg-1
  • L
Cross-site Scripting (XSS)

<3.6.1+dfsg-1
  • H
Arbitrary Code Injection

<3.6.1+dfsg-1
  • M
Cross-site Scripting (XSS)

<3.5.1+dfsg-1
  • M
Information Exposure

<3.5.2+dfsg-1
  • M
CVE-2013-0235

<3.5.1+dfsg-1
  • M
Cross-site Scripting (XSS)

<3.5.2+dfsg-1
  • M
Access Restriction Bypass

<3.5.2+dfsg-1
  • M
Improper Input Validation

<3.5.2+dfsg-1
  • M
Cross-site Scripting (XSS)

<3.5.2+dfsg-1
  • M
Cross-site Scripting (XSS)

<3.5.1+dfsg-1
  • M
Cross-site Scripting (XSS)

<3.5.1+dfsg-1
  • M
Access Restriction Bypass

<3.5.2+dfsg-1
  • M
Access Restriction Bypass

<3.5.2+dfsg-1
  • M
Cryptographic Issues

<3.5.2+dfsg-1
  • M
Access Restriction Bypass

<3.5.1+dfsg-2
  • L
Information Exposure

*
  • L
Cross-site Request Forgery (CSRF)

<3.5.1+dfsg-2
  • M
Access Restriction Bypass

<3.4.2+dfsg-1
  • M
Access Restriction Bypass

<3.0.3-1
  • L
Access Restriction Bypass

<3.4.2+dfsg-1
  • L
Access Restriction Bypass

<3.4.1+dfsg-1
  • M
Cross-site Request Forgery (CSRF)

<3.4.1+dfsg-1
  • M
Access Restriction Bypass

<3.4.1+dfsg-1
  • M
Cross-site Scripting (XSS)

<3.2.1+dfsg-1
  • M
Improper Input Validation

<3.2.1+dfsg-1
  • M
Access Restriction Bypass

<3.3.2+dfsg-1
  • M
Access Restriction Bypass

<3.3.2+dfsg-1
  • M
Cross-site Scripting (XSS)

<3.3.2+dfsg-1
  • M
Cross-site Scripting (XSS)

<3.3.2+dfsg-1
  • C
CVE-2012-2400

<3.3.2+dfsg-1
  • C
CVE-2012-2399

<3.3.2+dfsg-1
  • L
CVE-2011-4899

*
  • L
Information Exposure

*
  • L
CVE-2012-0937

*
  • L
Cross-site Scripting (XSS)

*
  • L
Cross-site Scripting (XSS)

<3.3.1+dfsg-1
  • H
SQL Injection

<3.2.1+dfsg-1
  • M
Information Exposure

<3.2.1+dfsg-1
  • M
Improper Input Validation

<3.2.1+dfsg-1
  • C
CVE-2011-3125

<3.2.1+dfsg-1
  • M
Information Exposure

<3.2.1+dfsg-1
  • H
Access Restriction Bypass

<3.2.1+dfsg-1
  • C
CVE-2011-3122

<3.2.1+dfsg-1
  • L
Cross-site Scripting (XSS)

<3.0.5+dfsg-1
  • M
Information Exposure

<3.0.5+dfsg-1
  • M
Cross-site Scripting (XSS)

<3.0.4+dfsg-1
  • M
SQL Injection

<3.0.2-1
  • M
Cross-site Scripting (XSS)

<3.0.4+dfsg-1
  • L
Access Restriction Bypass

<2.9.2-1
  • L
Cross-site Scripting (XSS)

<2.8.6-1
  • L
Arbitrary Code Injection

<2.8.6-1
  • M
Cryptographic Issues

<2.8.5-1
  • L
CVE-2008-7220

<2.5.0-2
  • L
Cross-site Scripting (XSS)

<2.8.3-1
  • M
Access Restriction Bypass

<2.8.3-1
  • C
Access Restriction Bypass

<2.8.3-1
  • L
Credentials Management

<2.8.3-2
  • L
Improper Authentication

<2.8.3-1
  • L
Improper Input Validation

<2.8.3-1
  • L
Access Restriction Bypass

<2.8.3-1
  • L
Configuration

<2.8.3-1
  • L
Configuration

<2.8.3-1
  • L
CVE-2008-6767

<2.8.3-1
  • L
Link Following

<2.8.3-1
  • L
Improper Input Validation

<2.3.2
  • L
Cross-site Scripting (XSS)

<2.5.1-11
  • M
Cross-site Request Forgery (CSRF)

<2.5.1-10
  • C
OS Command Injection

<2.5.1-9
  • H
Directory Traversal

<2.5.1-1
  • M
Improper Input Validation

<2.5.1-8
  • L
Access Restriction Bypass

<2.5.1-6
  • L
Improper Input Validation

<2.5.1-4
  • H
Access Restriction Bypass

<2.2.3-1
  • M
Cross-site Scripting (XSS)

<2.5.1-1
  • M
Improper Authentication

<2.5.1-1
  • M
Cross-site Scripting (XSS)

<2.5.0-1
  • M
Access Restriction Bypass

<2.3.3-1
  • M
Directory Traversal

<2.3.3-1
  • M
Cross-site Scripting (XSS)

<2.0.10-1
  • H
Directory Traversal

<2.1.0-1
  • L
Information Exposure

*
  • M
Cross-site Scripting (XSS)

<2.1.0-1
  • L
Information Exposure

<2.1.0-1
  • L
SQL Injection

<2.3.2-1
  • L
Improper Authentication

<2.5.0-1
  • L
Cross-site Scripting (XSS)

<2.3.1-1
  • L
Cross-site Scripting (XSS)

<2.0.2-1
  • L
Cross-site Scripting (XSS)

<2.0.4-1
  • M
SQL Injection

<2.2.3-1
  • L
Cross-site Request Forgery (CSRF)

<2.2.3-1
  • M
CVE-2007-4483

<2.1.3-1
  • M
CVE-2007-4154

<2.2.2-1
  • L
CVE-2007-4153

<2.2.2-1
  • M
CVE-2007-3639

<2.2.2-1
  • M
CVE-2007-3543

<2.2.1-1
  • M
CVE-2007-3544

<2.2.2-1
  • L
CVE-2007-3238

<2.2.2-1
  • M
CVE-2007-3215

<2.2.1-1
  • M
CVE-2007-3140

<2.2.1-1
  • H
CVE-2007-2821

<2.2-1
  • C
CVE-2007-2714

<2.2-1
  • L
CVE-2007-2627

<2.2.2-1
  • M
SQL Injection

<2.1.3-1
  • M
Access Restriction Bypass

<2.1.3-1
  • M
CVE-2007-1894

<2.1.3-1
  • L
Cross-site Scripting (XSS)

<2.1.3-1
  • M
CVE-2007-1622

<2.1.3-1
  • L
CVE-2007-1599

<2.2.2-1
  • M
CVE-2007-1244

<2.1.2-1
  • M
CVE-2007-1230

<2.1.2-1
  • L
CVE-2007-1049

<2.1.1-1
  • L
Access Restriction Bypass

<2.1.0-1
  • L
CVE-2007-0540

<2.1.0-1
  • L
CVE-2007-0539

<2.1.0-1
  • H
CVE-2007-0262

<2.0.8-1
  • L
CVE-2007-0233

<2.1.0-1
  • L
CVE-2007-0109

<2.0.6-1
  • M
CVE-2007-0107

<2.0.6-1
  • M
CVE-2007-0106

<2.0.6-1
  • M
CVE-2006-6808

<2.0.6-1
  • M
CVE-2006-6016

<2.0.5-0.1
  • M
CVE-2006-6017

<2.0.5-0.1
  • M
CVE-2006-5705

<2.0.5-0.1
  • L
CVE-2006-4743

<2.0.5-0.1
  • L
CVE-2006-4208

<2.0.5-0.1
  • C
CVE-2006-4028

<2.0.4-1
  • L
CVE-2006-3389

<2.0.4-1
  • L
CVE-2006-3390

<2.0.4-1
  • M
CVE-2006-2702

<2.0.3-1
  • M
CVE-2006-2667

<2.0.3-1
  • M
CVE-2006-1796

<2.0.1
  • M
CVE-2006-1263

<2.0.2-1
  • H
CVE-2006-1012

<2.0.1-1
  • M
CVE-2006-0985

<2.0.2-1
  • L
CVE-2006-0986

<2.0.2-1
  • L
CVE-2006-0733

*
  • M
Directory Traversal

<2.5.1-3
  • L
CVE-2005-4463

<1.5.2-1
  • H
CVE-2005-2612

<1.5.2-1
  • H
CVE-2005-2108

<1.5.1.3-1
  • M
CVE-2005-2109

<1.5.1.3-1
  • M
CVE-2005-2110

<1.5.1.3-1
  • M
CVE-2005-2107

<1.5.1.3-1
  • H
CVE-2005-1810

<1.5.1.2-1
  • H
CVE-2005-1687

<1.5.1-1
  • M
CVE-2005-1688

<1.5.1-1
  • M
CVE-2004-1584

<1.2.1-1.1
  • M
CVE-2004-1559

<1.2.2-1.1