Homepage

wordpress vulnerabilities

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the wordpress package. This does not include vulnerabilities belonging to this package’s dependencies.

How to fix?

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free
VulnerabilityVulnerable Version
  • L
Cross-site Scripting (XSS)

*
  • L
Information Exposure

*
  • L
Incorrect Resource Transfer Between Spheres

*
  • H
CVE-2024-4439

<6.5.2+dfsg1-1
  • L
CVE-2024-31210

<6.4.3+dfsg1-1
  • M
CVE-2023-5561

<6.3.2+dfsg1-1
  • H
SQL Injection

<5.8.3+dfsg1-1
  • M
Cross-site Scripting (XSS)

<6.3.2+dfsg1-1
  • M
Cross-site Scripting (XSS)

<5.4.2+dfsg1-1
  • M
Cross-site Scripting (XSS)

<6.0.3+dfsg1-1
  • L
Cross-site Scripting (XSS)

<6.5.5+dfsg1-1
  • C
CVE-2020-28039

<5.5.3+dfsg1-1
  • H
SQL Injection

<5.8.3+dfsg1-1
  • M
Cross-site Scripting (XSS)

<5.4.2+dfsg1-1
  • C
Deserialization of Untrusted Data

<5.5.3+dfsg1-1
  • M
Cross-site Scripting (XSS)

<6.0.3+dfsg1-1
  • M
Information Exposure

<5.8.1+dfsg1-1
  • L
XML External Entity (XXE) Injection

<5.7.1+dfsg1-1
  • H
Cross-site Request Forgery (CSRF)

<5.2.4+dfsg1-1
  • L
Cross-site Scripting (XSS)

<5.4.2+dfsg1-1
  • M
Cross-site Request Forgery (CSRF)

<5.5.3+dfsg1-1
  • M
Cross-site Scripting (XSS)

<5.4.1+dfsg1-1
  • M
Information Exposure

<5.2.4+dfsg1-1
  • M
Cross-site Scripting (XSS)

<5.4.1+dfsg1-1
  • M
Directory Traversal

<6.2.1+dfsg1-1
  • H
Arbitrary Code Injection

<5.0.1+dfsg1-1
  • M
Cross-site Scripting (XSS)

<5.2.4+dfsg1-1
  • C
Server-Side Request Forgery (SSRF)

<5.2.4+dfsg1-1
  • H
CVE-2020-28033

<5.5.3+dfsg1-1
  • M
Cross-site Scripting (XSS)

<5.0.1+dfsg1-1
  • H
Missing Authentication for Critical Function

<5.4.1+dfsg1-1
  • H
Improper Input Validation

<5.2.4+dfsg1-1
  • M
Cross-site Scripting (XSS)

<5.2.3+dfsg1-1
  • H
Improper Input Validation

<4.7.5+dfsg-1
  • M
Cross-site Scripting (XSS)

<4.7.5+dfsg-1
  • M
Improper Input Validation

<4.7.3+dfsg-1
  • M
Cross-site Scripting (XSS)

<5.2.3+dfsg1-1
  • M
Cross-site Scripting (XSS)

<5.5.3+dfsg1-1
  • C
Deserialization of Untrusted Data

<5.0.1+dfsg1-1
  • M
Cross-site Scripting (XSS)

<5.3.2+dfsg1-1
  • M
Improper Input Validation

<5.0.1+dfsg1-1
  • H
Server-Side Request Forgery (SSRF)

<4.7.5+dfsg-1
  • M
Cross-site Scripting (XSS)

<4.7.5+dfsg-1
  • H
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)

<4.7.1+dfsg-1
  • H
Directory Traversal

<4.9.7+dfsg1-1
  • M
Cross-site Scripting (XSS)

<5.2.3+dfsg1-1
  • M
Cross-site Scripting (XSS)

<4.9.1+dfsg-1
  • M
Open Redirect

<4.8.2+dfsg-1
  • C
SQL Injection

<4.7.2+dfsg-1
  • M
Cross-site Scripting (XSS)

<4.7.1+dfsg-1
  • H
Cross-site Request Forgery (CSRF)

<4.7.1+dfsg-1
  • M
Cross-site Scripting (XSS)

<4.8.2+dfsg-1
  • M
Cross-site Scripting (XSS)

<5.0.1+dfsg1-1
  • H
Cross-site Request Forgery (CSRF)

<4.5+dfsg-1
  • M
Cross-site Scripting (XSS)

<4.7.3+dfsg-1
  • H
Directory Traversal

<4.6.1+dfsg-1
  • H
Directory Traversal

<4.8.2+dfsg-1
  • M
Information Exposure

<4.7.1+dfsg-1
  • H
Credentials Management

<4.5.3+dfsg-1
  • C
SQL Injection

<4.8.3+dfsg-1
  • M
Cross-site Scripting (XSS)

<4.8.2+dfsg-1
  • M
Cross-site Scripting (XSS)

<4.5.3+dfsg-1
  • M
Security Features

<4.6.1+dfsg-1
  • H
CVE-2016-5839

<4.5.3+dfsg-1
  • M
Cross-site Scripting (XSS)

<4.3.1+dfsg-1
  • L
CVE-2023-5692

<6.5+dfsg1-1
  • H
CVE-2016-2221

<4.4.2+dfsg-1
  • M
Cross-site Scripting (XSS)

<6.0.2+dfsg1-1
  • M
Information Exposure

<4.2.4+dfsg-1
  • H
Directory Traversal

<4.8.2+dfsg-1
  • L
CVE-2024-31211

<6.4.2+dfsg1-1
  • H
Deserialization of Untrusted Data

<5.8.3+dfsg1-1
  • M
Cross-site Request Forgery (CSRF)

<4.2.4+dfsg-1
  • M
Cross-site Scripting (XSS)

<4.2.4+dfsg-1
  • M
Access Restriction Bypass

<4.3.1+dfsg-1
  • M
Cross-site Scripting (XSS)

<4.2+dfsg-1
  • H
Improper Authorization

<4.5+dfsg-1
  • H
CVE-2016-2222

<4.4.2+dfsg-1
  • L
Cross-site Scripting (XSS)

<4.2.3+dfsg-1
  • M
Improper Data Handling

<4.0.1+dfsg-1
  • M
Improper Access Control

<4.2.3+dfsg-1
  • M
Cross-site Scripting (XSS)

<4.2+dfsg-1
  • M
Cross-site Scripting (XSS)

<4.0.1+dfsg-1
  • M
Improper Authentication

<3.8.2+dfsg-1
  • M
Improper Input Validation

<4.0.1+dfsg-1
  • M
Resource Management Errors

<3.9.2+dfsg-1
  • M
Cross-site Scripting (XSS)

<3.5.2+dfsg-1
  • M
Cross-site Scripting (XSS)

<5.8.1+dfsg1-1
  • M
Resource Management Errors

<3.9.2+dfsg-1
  • M
Cross-site Scripting (XSS)

<3.5.2+dfsg-1
  • H
CVE-2016-5836

<4.5.3+dfsg-1
  • L
Cross-site Request Forgery (CSRF)

*
  • H
Improper Input Validation

<3.6.1+dfsg-1
  • C
Deserialization of Untrusted Data

<5.5.3+dfsg1-1
  • C
Improper Privilege Management

<5.5.3+dfsg1-1
  • M
Access Restriction Bypass

<3.5.2+dfsg-1
  • L
Cross-site Scripting (XSS)

<3.9.2+dfsg-1
  • M
Cross-site Request Forgery (CSRF)

<3.9.2+dfsg-1
  • M
Cross-site Scripting (XSS)

<3.3.2+dfsg-1
  • M
Cross-site Scripting (XSS)

<4.5.2+dfsg-1
  • H
CVE-2014-5203

<3.9.2+dfsg-1
  • M
Cryptographic Issues

<3.5.2+dfsg-1
  • M
Access Restriction Bypass

<3.5.2+dfsg-1
  • H
CVE-2014-2053

<3.9.2+dfsg-1
  • H
Cross-site Request Forgery (CSRF)

<5.1.1+dfsg1-1
  • C
Server-Side Request Forgery (SSRF)

<5.2.4+dfsg1-1
  • M
Cross-site Scripting (XSS)

<3.5.1+dfsg-1
  • M
Improper Input Validation

<3.5.2+dfsg-1
  • M
Cross-site Request Forgery (CSRF)

<3.9.2+dfsg-1
  • M
Information Exposure

<3.2.1+dfsg-1
  • H
SQL Injection

<4.2.4+dfsg-1
  • M
Open Redirect

<5.2.3+dfsg1-1
  • M
Cross-site Scripting (XSS)

<4.9.2+dfsg-1
  • M
Cross-site Scripting (XSS)

<3.3.2+dfsg-1
  • L
Cross-site Request Forgery (CSRF)

<3.5.1+dfsg-2
  • L
Access Restriction Bypass

<3.4.1+dfsg-1
  • M
Access Restriction Bypass

<3.2.1+dfsg-1
  • M
Incorrect Default Permissions

<3.2.1+dfsg-1
  • M
Access Restriction Bypass

<3.4+dfsg-1
  • M
Access Restriction Bypass

<3.5.1+dfsg-2
  • M
Cross-site Scripting (XSS)

<3.5.1+dfsg-1
  • L
CVE-2011-4899

*
  • L
Cross-site Scripting (XSS)

<3.0.5+dfsg-1
  • M
Cross-site Scripting (XSS)

<4.0.1+dfsg-1
  • L
Unrestricted Upload of File with Dangerous Type

*
  • H
SQL Injection

<3.2.1+dfsg-1
  • M
Improper Input Validation

<3.2.1+dfsg-1
  • M
Access Restriction Bypass

<3.3.2+dfsg-1
  • M
Cross-site Scripting (XSS)

<3.5.1+dfsg-1
  • L
Improper Input Validation

<2.8.3-1
  • M
Access Restriction Bypass

<3.0.2-1
  • L
Improper Authentication

<2.8.3-1
  • L
Information Exposure

*
  • H
Arbitrary Code Injection

<3.6.1+dfsg-1
  • M
SQL Injection

<3.0.2-1
  • M
Access Restriction Bypass

<3.0.3-1
  • H
Directory Traversal

<2.5.1-1
  • M
Cross-site Scripting (XSS)

<5.0.1+dfsg1-1
  • L
Cross-site Scripting (XSS)

<2.5.1-11
  • C
Access Restriction Bypass

<2.8.3-1
  • L
Information Exposure

*
  • L
Improper Input Validation

<2.5.1-4
  • C
CVE-2011-3122

<3.2.1+dfsg-1
  • L
Arbitrary Code Injection

<2.8.6-1
  • H
Use of Insufficiently Random Values

<4.9.1+dfsg-1
  • L
Configuration

<2.8.3-1
  • L
Cross-site Scripting (XSS)

<2.8.3-1
  • H
Directory Traversal

<2.1.0-1
  • C
SQL Injection

<4.8.2+dfsg-1
  • C
CVE-2012-2399

<3.3.2+dfsg-1
  • H
Improper Input Validation

<4.9.1+dfsg-1
  • H
Access Restriction Bypass

<2.2.3-1
  • M
Cross-site Scripting (XSS)

<4.6.1+dfsg-1
  • L
Access Restriction Bypass

<2.5.1-6
  • L
Information Exposure

<2.1.0-1
  • M
Improper Authentication

<2.5.1-1
  • L
CVE-2007-3238

<2.2.2-1
  • M
Cross-site Scripting (XSS)

<4.5+dfsg-1
  • L
Cross-site Scripting (XSS)

<2.0.2-1
  • M
Cross-site Request Forgery (CSRF)

<2.5.1-10
  • M
SQL Injection

<2.2.3-1
  • M
Cross-site Scripting (XSS)

<2.0.10-1
  • M
Directory Traversal

<4.6.1+dfsg-1
  • L
CVE-2007-4153

<2.2.2-1
  • L
CVE-2007-2627

<2.2.2-1
  • M
Cross-site Scripting (XSS)

<4.9.1+dfsg-1
  • H
CVE-2016-5837

<4.5.3+dfsg-1
  • C
CVE-2007-2714

<2.2-1
  • M
Cross-site Scripting (XSS)

<4.4.1+dfsg-1
  • L
Access Restriction Bypass

<2.1.0-1
  • M
CVE-2007-4154

<2.2.2-1
  • L
SQL Injection

<2.3.2-1
  • L
Improper Authentication

<2.5.0-1
  • L
CVE-2008-6767

<2.8.3-1
  • M
CVE-2007-3543

<2.2.1-1
  • M
Access Restriction Bypass

<2.3.3-1
  • M
CVE-2007-4483

<2.1.3-1
  • M
CVE-2006-6017

<2.0.5-0.1
  • L
CVE-2006-4208

<2.0.5-0.1
  • M
CVE-2007-3140

<2.2.1-1
  • M
CVE-2007-3215

<2.2.1-1
  • C
CVE-2021-44223

<5.8.1+dfsg1-1
  • L
CVE-2007-1599

<2.2.2-1
  • L
Information Exposure

*
  • H
Inadequate Encryption Strength

<6.8.1+dfsg1-1
  • M
Open Redirect

<5.4.2+dfsg1-1
  • L
Authentication Bypass

<5.4.2+dfsg1-1
  • M
Cross-site Scripting (XSS)

<5.8.3+dfsg1-1
  • L
Access Restriction Bypass

<3.6.1+dfsg-1
  • L
CVE-2007-0540

<2.1.0-1
  • L
CVE-2007-0539

<2.1.0-1
  • M
Access Restriction Bypass

<3.4.2+dfsg-1
  • C
Improper Input Validation

<5.5.3+dfsg1-1
  • L
CVE-2007-1049

<2.1.1-1
  • M
CVE-2007-0106

<2.0.6-1
  • M
CVE-2007-1244

<2.1.2-1
  • M
Cross-site Scripting (XSS)

<5.5.3+dfsg1-1
  • M
CVE-2005-1688

<1.5.1-1
  • M
Information Exposure

<3.5.2+dfsg-1
  • M
CVE-2006-2702

<2.0.3-1
  • M
CVE-2004-1559

<1.2.2-1.1
  • L
CVE-2006-0986

<2.0.2-1
  • L
Cross-site Scripting (XSS)

<3.3.1+dfsg-1
  • L
Access Restriction Bypass

<3.0.1-1
  • L
CVE-2005-4463

<1.5.2-1
  • M
Access Restriction Bypass

<3.0.2-1
  • L
Access Restriction Bypass

<2.9.2-1
  • H
SQL Injection

<1.0.1-1
  • M
Cross-site Scripting (XSS)

<5.4.1+dfsg1-1
  • M
CVE-2005-2107

<1.5.1.3-1
  • H
CVE-2005-2612

<1.5.2-1
  • H
CVE-2006-1012

<2.0.1-1
  • M
Cross-site Scripting (XSS)

<5.4.1+dfsg1-1
  • M
Cross-site Scripting (XSS)

<3.0.2-1
  • M
Cross-site Scripting (XSS)

<5.2.4+dfsg1-1
  • M
Cryptographic Issues

<2.8.5-1
  • L
Resource Exhaustion

*
  • M
Cross-site Scripting (XSS)

<5.3.2+dfsg1-1
  • M
Improper Privilege Management

<5.3.2+dfsg1-1
  • M
Open Redirect

<4.9.5+dfsg1-1
  • M
Cross-site Scripting (XSS)

<5.2.3+dfsg1-1
  • M
Improper Input Validation

<2.5.1-8
  • M
Cross-site Scripting (XSS)

<2.5.1-1
  • M
Incorrect Authorization

<5.0.1+dfsg1-1
  • M
Cross-site Scripting (XSS)

<4.7.3+dfsg-1
  • L
Credentials Management

<2.8.3-2
  • M
Cross-site Scripting (XSS)

<4.7.2+dfsg-1
  • C
OS Command Injection

<2.5.1-9
  • M
Open Redirect

<4.9.5+dfsg1-1
  • M
Cross-site Request Forgery (CSRF)

<4.7.3+dfsg-1
  • C
Improper Input Validation

<5.3.2+dfsg1-1
  • H
Cross-site Request Forgery (CSRF)

<4.7.1+dfsg-1
  • M
Cleartext Storage of Sensitive Information

<4.8.2+dfsg-2
  • M
Weak Password Recovery Mechanism for Forgotten Password

<4.7.5+dfsg-2
  • L
Cross-site Scripting (XSS)

<2.3.1-1
  • L
Cross-site Scripting (XSS)

<2.0.4-1
  • M
Incorrect Authorization

<4.7.3+dfsg-1
  • M
Cross-site Scripting (XSS)

<2.5.0-1
  • H
CVE-2017-1001000

<4.7.2+dfsg-1
  • M
Insecure Default Initialization of Resource

<4.7.1+dfsg-1
  • M
Cross-site Scripting (XSS)

<4.8.2+dfsg-1
  • M
CVE-2007-3639

<2.2.2-1
  • M
CVE-2007-1230

<2.1.2-1
  • H
CVE-2016-5832

<4.5.3+dfsg-1
  • H
CVE-2007-0262

<2.0.8-1
  • M
Cross-site Scripting (XSS)

<4.2.4+dfsg-1
  • L
CVE-2006-3390

<2.0.4-1
  • L
CVE-2007-0109

<2.0.6-1
  • M
Cross-site Scripting (XSS)

<4.2.2+dfsg-1
  • M
Access Restriction Bypass

<2.1.3-1
  • M
Security Features

<4.0.1+dfsg-1
  • M
Cross-site Scripting (XSS)

<4.0.1+dfsg-1
  • L
CVE-2006-3389

<2.0.4-1
  • M
Cross-site Scripting (XSS)

<4.2.2+dfsg-1
  • M
CVE-2005-2109

<1.5.1.3-1
  • M
Cross-site Scripting (XSS)

<4.0.1+dfsg-1
  • M
CVE-2006-0985

<2.0.2-1
  • M
CVE-2006-5705

<2.0.5-0.1
  • M
Improper Input Validation

<3.6.1+dfsg-1
  • H
CVE-2005-1687

<1.5.1-1
  • M
Cryptographic Issues

<4.0.1+dfsg-1
  • M
Cross-site Scripting (XSS)

<3.4+dfsg-1
  • M
CVE-2013-0235

<3.5.1+dfsg-1
  • L
Access Restriction Bypass

<3.4.2+dfsg-1
  • M
Cross-site Request Forgery (CSRF)

<3.4.1+dfsg-1
  • L
CVE-2006-0733

*
  • M
Access Restriction Bypass

<3.4.1+dfsg-1
  • L
Cross-site Scripting (XSS)

*
  • M
Cross-site Scripting (XSS)

<3.2.1+dfsg-1
  • M
Cross-site Scripting (XSS)

<3.0.2-1
  • M
Information Exposure

<3.0.5+dfsg-1
  • M
Information Exposure

<3.2.1+dfsg-1
  • M
Access Restriction Bypass

<2.8.3-1
  • L
Cross-site Scripting (XSS)

<2.8.6-1
  • L
Configuration

<2.8.3-1
  • M
CVE-2007-1894

<2.1.3-1
  • M
CVE-2007-1622

<2.1.3-1
  • H
CVE-2007-2821

<2.2-1
  • M
CVE-2007-3544

<2.2.2-1
  • M
CVE-2024-6307

<6.5.5+dfsg1-1
  • M
Cross-site Scripting (XSS)

<2.1.0-1
  • M
CVE-2006-2667

<2.0.3-1
  • M
Information Exposure

<6.3.2+dfsg1-1
  • M
Improper Authentication

<6.0.3+dfsg1-1
  • L
CVE-2007-0233

<2.1.0-1
  • M
Time-of-check Time-of-use (TOCTOU)

*
  • M
Information Exposure

<5.7.1+dfsg1-1
  • M
CVE-2006-1263

<2.0.2-1
  • H
CVE-2005-1810

<1.5.1.2-1
  • C
Improper Privilege Management

<5.5.3+dfsg1-1
  • M
CVE-2007-0107

<2.0.6-1
  • M
CVE-2020-25286

<5.4.2+dfsg1-1
  • H
Weak Password Recovery Mechanism for Forgotten Password

<5.4.1+dfsg1-1
  • M
Cross-site Scripting (XSS)

<5.3.2+dfsg1-1
  • M
Cross-site Scripting (XSS)

<5.2.3+dfsg1-1
  • M
Cross-site Scripting (XSS)

<4.9.5+dfsg1-1
  • H
Information Exposure

<5.0.1+dfsg1-1
  • H
Cross-site Request Forgery (CSRF)

<4.7.5+dfsg-1
  • M
Cross-site Scripting (XSS)

<4.7.3+dfsg-1
  • M
Information Exposure

<4.7.2+dfsg-1
  • M
Cross-site Scripting (XSS)

<5.2.3+dfsg1-1
  • H
Cross-site Request Forgery (CSRF)

<4.7.5+dfsg-1
  • M
Cross-site Scripting (XSS)

<4.7.1+dfsg-1
  • M
Cross-site Scripting (XSS)

<4.8.2+dfsg-1
  • M
Cross-site Scripting (XSS)

<4.9.1+dfsg-1
  • M
Cross-site Scripting (XSS)

<4.8.2+dfsg-1
  • M
Improper Input Validation

<4.1+dfsg-1
  • M
Cross-site Scripting (XSS)

<4.5.3+dfsg-1
  • H
Information Exposure

<4.5.3+dfsg-1
  • M
Cross-site Request Forgery (CSRF)

<4.6.1+dfsg-1
  • M
Cross-site Scripting (XSS)

<4.3.1+dfsg-1
  • M
Cross-site Scripting (XSS)

<4.2.4+dfsg-1
  • M
Cross-site Scripting (XSS)

<4.2.1+dfsg-1
  • M
Access Restriction Bypass

<3.8.2+dfsg-1
  • M
Cross-site Request Forgery (CSRF)

<4.0.1+dfsg-1
  • L
Cross-site Scripting (XSS)

<3.6.1+dfsg-1
  • M
Access Restriction Bypass

<3.5.2+dfsg-1
  • M
Access Restriction Bypass

<3.4+dfsg-1
  • M
Access Restriction Bypass

<3.3.2+dfsg-1
  • C
CVE-2012-2400

<3.3.2+dfsg-1
  • L
CVE-2012-0937

*
  • H
Access Restriction Bypass

<3.2.1+dfsg-1
  • M
Cross-site Scripting (XSS)

<3.0.4+dfsg-1
  • M
Cross-site Scripting (XSS)

<3.0.4+dfsg-1
  • C
CVE-2011-3125

<3.2.1+dfsg-1
  • L
Access Restriction Bypass

<2.8.3-1
  • M
Improper Input Validation

<3.2.1+dfsg-1
  • L
Improper Input Validation

<2.3.2
  • L
CVE-2008-7220

<2.5.0-2
  • M
Directory Traversal

<2.3.3-1
  • L
Link Following

<2.8.3-1
  • L
Information Exposure

*
  • L
Cross-site Scripting (XSS)

<2.1.3-1
  • L
CVE-2006-4743

<2.0.5-0.1
  • M
CVE-2006-6808

<2.0.6-1
  • C
CVE-2006-4028

<2.0.4-1
  • M
SQL Injection

<2.1.3-1
  • L
Cross-site Request Forgery (CSRF)

<2.2.3-1
  • M
CVE-2005-2110

<1.5.1.3-1
  • M
CVE-2004-1584

<1.2.1-1.1
  • M
CVE-2006-1796

<2.0.1
  • H
CVE-2005-2108

<1.5.1.3-1
  • M
Directory Traversal

<2.5.1-3
  • M
CVE-2006-6016

<2.0.5-0.1