Homepage

wordpress vulnerabilities

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the wordpress package. This does not include vulnerabilities belonging to this package’s dependencies.

How to fix?

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free
VulnerabilityVulnerable Version
  • M
Cross-site Scripting (XSS)

<4.1.31+dfsg-0+deb8u1
  • M
Open Redirect

<4.1.31+dfsg-0+deb8u1
  • M
Cross-site Scripting (XSS)

<4.1.31+dfsg-0+deb8u1
  • L
Authentication Bypass

<4.1.31+dfsg-0+deb8u1
  • L
Cross-site Scripting (XSS)

<4.1.31+dfsg-0+deb8u1
  • M
Cross-site Scripting (XSS)

<4.1.30+dfsg-0+deb8u1
  • M
Cross-site Scripting (XSS)

<4.1.30+dfsg-0+deb8u1
  • H
Weak Password Recovery Mechanism for Forgotten Password

<4.1.30+dfsg-0+deb8u1
  • H
Missing Authentication for Critical Function

<4.1.30+dfsg-0+deb8u1
  • C
Improper Input Validation

<4.1.29+dfsg-0+deb8u1
  • M
Cross-site Scripting (XSS)

*
  • C
Server-Side Request Forgery (SSRF)

<4.1.28+dfsg-0+deb8u1
  • M
Cross-site Scripting (XSS)

*
  • M
Information Exposure

<4.1.28+dfsg-0+deb8u1
  • C
Server-Side Request Forgery (SSRF)

<4.1.28+dfsg-0+deb8u1
  • H
Cross-site Request Forgery (CSRF)

<4.1.28+dfsg-0+deb8u1
  • M
Cross-site Scripting (XSS)

<4.1.27+dfsg-0+deb8u1
  • M
Cross-site Scripting (XSS)

<4.1.27+dfsg-0+deb8u1
  • M
Open Redirect

<4.1.27+dfsg-0+deb8u1
  • M
Cross-site Scripting (XSS)

<4.1.27+dfsg-0+deb8u1
  • M
Cross-site Scripting (XSS)

<4.1.27+dfsg-0+deb8u1
  • M
Cross-site Scripting (XSS)

<4.1.27+dfsg-0+deb8u1
  • M
Cross-site Scripting (XSS)

<4.1.27+dfsg-0+deb8u1
  • M
Information Exposure

*
  • H
Cross-site Request Forgery (CSRF)

<4.1.26+dfsg-1+deb8u1
  • H
Arbitrary Code Injection

<4.1.26+dfsg-1+deb8u1
  • M
Directory Traversal

*
  • C
Deserialization of Untrusted Data

<4.1.25+dfsg-1+deb8u1
  • M
Improper Input Validation

<4.1.25+dfsg-1+deb8u1
  • M
Cross-site Scripting (XSS)

<4.1.25+dfsg-1+deb8u1
  • M
Incorrect Authorization

<4.1.25+dfsg-1+deb8u1
  • M
Cross-site Scripting (XSS)

<4.1.25+dfsg-1+deb8u1
  • H
Information Exposure

<4.1.25+dfsg-1+deb8u1
  • M
Cross-site Scripting (XSS)

<4.1.25+dfsg-1+deb8u1
  • H
Improper Input Validation

*
  • H
Improper Input Validation

*
  • H
Unrestricted Upload of File with Dangerous Type

*
  • H
Directory Traversal

<4.1+dfsg-1+deb8u18
  • M
Cross-site Scripting (XSS)

<4.1+dfsg-1+deb8u17
  • M
Open Redirect

<4.1+dfsg-1+deb8u17
  • H
Resource Exhaustion

*
  • H
Use of Insufficiently Random Values

<4.1+dfsg-1+deb8u16
  • M
Cross-site Scripting (XSS)

<4.1+dfsg-1+deb8u16
  • M
Cross-site Scripting (XSS)

<4.1+dfsg-1+deb8u16
  • M
Cross-site Scripting (XSS)

<4.1+dfsg-1+deb8u16
  • C
SQL Injection

<4.1+dfsg-1+deb8u16
  • H
Inadequate Encryption Strength

*
  • M
Improper Input Validation

<4.1+dfsg-1
  • M
Cleartext Storage of Sensitive Information

<4.1+dfsg-1+deb8u15
  • H
Directory Traversal

<4.1+dfsg-1+deb8u15
  • M
Open Redirect

<4.1+dfsg-1+deb8u15
  • M
Cross-site Scripting (XSS)

<4.1+dfsg-1+deb8u15
  • H
Directory Traversal

<4.1+dfsg-1+deb8u15
  • M
Cross-site Scripting (XSS)

<4.1+dfsg-1+deb8u15
  • C
SQL Injection

<4.1+dfsg-1+deb8u15
  • M
Cross-site Scripting (XSS)

<4.1+dfsg-1+deb8u15
  • M
Cross-site Scripting (XSS)

<4.1+dfsg-1+deb8u15
  • H
Cross-site Request Forgery (CSRF)

<4.1+dfsg-1+deb8u14
  • M
Cross-site Scripting (XSS)

<4.1+dfsg-1+deb8u14
  • H
Improper Input Validation

<4.1+dfsg-1+deb8u14
  • H
Server-Side Request Forgery (SSRF)

<4.1+dfsg-1+deb8u16
  • H
Cross-site Request Forgery (CSRF)

<4.1+dfsg-1+deb8u14
  • M
Cross-site Scripting (XSS)

<4.1+dfsg-1+deb8u14
  • M
Weak Password Recovery Mechanism for Forgotten Password

<4.1+dfsg-1+deb8u14
  • M
Incorrect Authorization

<4.1+dfsg-1+deb8u13
  • M
Cross-site Scripting (XSS)

<4.1+dfsg-1+deb8u13
  • M
Improper Input Validation

<4.1+dfsg-1+deb8u13
  • M
Cross-site Scripting (XSS)

<4.1+dfsg-1+deb8u13
  • M
Cross-site Scripting (XSS)

<4.1+dfsg-1+deb8u12
  • M
Information Exposure

<4.1+dfsg-1+deb8u12
  • C
SQL Injection

<4.1+dfsg-1+deb8u12
  • H
Cross-site Request Forgery (CSRF)

<4.1+dfsg-1+deb8u12
  • H
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)

<4.1+dfsg-1+deb8u12
  • M
Cross-site Scripting (XSS)

<4.1+dfsg-1+deb8u12
  • M
Cross-site Scripting (XSS)

<4.1+dfsg-1+deb8u12
  • H
Cross-site Request Forgery (CSRF)

<4.1+dfsg-1+deb8u12
  • M
Insecure Default Initialization of Resource

<4.1+dfsg-1+deb8u12
  • M
Directory Traversal

<4.1+dfsg-1+deb8u10
  • M
Cross-site Scripting (XSS)

<4.1+dfsg-1+deb8u10
  • H
Improper Authorization

<4.1+dfsg-1+deb8u10
  • H
Cross-site Request Forgery (CSRF)

<4.1+dfsg-1+deb8u10
  • M
Cross-site Scripting (XSS)

<4.1+dfsg-1+deb8u10
  • M
Cross-site Scripting (XSS)

<4.1+dfsg-1+deb8u9
  • H
CVE-2016-5839

<4.1+dfsg-1+deb8u9
  • H
Credentials Management

<4.1+dfsg-1+deb8u9
  • H
CVE-2016-5836

<4.1+dfsg-1+deb8u18
  • H
Information Exposure

<4.1+dfsg-1+deb8u9
  • H
CVE-2016-5832

<4.1+dfsg-1+deb8u9
  • H
CVE-2016-5837

<4.1+dfsg-1+deb8u9
  • M
Access Restriction Bypass

<4.1+dfsg-1+deb8u5
  • M
Cross-site Scripting (XSS)

<4.1+dfsg-1+deb8u9
  • H
CVE-2016-2222

<4.1+dfsg-1+deb8u8
  • M
Cross-site Scripting (XSS)

<4.1+dfsg-1+deb8u7
  • H
CVE-2016-2221

<4.1+dfsg-1+deb8u8
  • M
Cross-site Scripting (XSS)

<4.1+dfsg-1+deb8u5
  • M
Cross-site Scripting (XSS)

<4.1+dfsg-1+deb8u5
  • M
Cross-site Request Forgery (CSRF)

<4.1+dfsg-1+deb8u4
  • M
Cross-site Scripting (XSS)

<4.1+dfsg-1+deb8u1
  • M
Cross-site Scripting (XSS)

<4.1+dfsg-1+deb8u4
  • M
Information Exposure

<4.1+dfsg-1+deb8u4
  • H
SQL Injection

<4.1+dfsg-1+deb8u4
  • M
Cross-site Scripting (XSS)

<4.1+dfsg-1+deb8u4
  • M
Cross-site Scripting (XSS)

<4.1+dfsg-1+deb8u1
  • M
Cross-site Scripting (XSS)

<4.1+dfsg-1+deb8u1
  • M
Improper Access Control

<4.1+dfsg-1+deb8u2
  • L
Cross-site Scripting (XSS)

<4.1+dfsg-1+deb8u4
  • M
Cross-site Scripting (XSS)

<4.1+dfsg-1+deb8u1
  • M
Cross-site Scripting (XSS)

<4.1+dfsg-1+deb8u2
  • M
Improper Input Validation

<4.0.1+dfsg-1
  • M
Cryptographic Issues

<4.0.1+dfsg-1
  • M
Cross-site Scripting (XSS)

<4.0.1+dfsg-1
  • M
Improper Data Handling

<4.0.1+dfsg-1
  • M
Cross-site Scripting (XSS)

<4.0.1+dfsg-1
  • M
Cross-site Request Forgery (CSRF)

<4.0.1+dfsg-1
  • M
Security Features

<4.0.1+dfsg-1
  • M
Cross-site Scripting (XSS)

<4.0.1+dfsg-1
  • M
Cross-site Scripting (XSS)

<4.0.1+dfsg-1
  • H
SQL Injection

<1.0.1-1
  • L
Cross-site Scripting (XSS)

<3.9.2+dfsg-1
  • M
Resource Management Errors

<3.9.2+dfsg-1
  • M
Cross-site Request Forgery (CSRF)

<3.9.2+dfsg-1
  • M
Resource Management Errors

<3.9.2+dfsg-1
  • H
CVE-2014-5203

<3.9.2+dfsg-1
  • M
Cross-site Request Forgery (CSRF)

<3.9.2+dfsg-1
  • H
CVE-2014-2053

<3.9.2+dfsg-1
  • M
Access Restriction Bypass

<3.8.2+dfsg-1
  • M
Improper Authentication

<3.8.2+dfsg-1
  • M
Access Restriction Bypass

<3.0.2-1
  • M
Access Restriction Bypass

<3.2.1+dfsg-1
  • M
Access Restriction Bypass

<3.4+dfsg-1
  • M
Cross-site Scripting (XSS)

<3.4+dfsg-1
  • L
Access Restriction Bypass

<3.0.1-1
  • M
Cross-site Scripting (XSS)

<3.0.2-1
  • M
Access Restriction Bypass

<3.0.2-1
  • M
Access Restriction Bypass

<3.4+dfsg-1
  • M
Cross-site Scripting (XSS)

<3.0.2-1
  • M
Cross-site Request Forgery (CSRF)

*
  • L
Cross-site Scripting (XSS)

<3.6.1+dfsg-1
  • H
Improper Input Validation

<3.6.1+dfsg-1
  • L
Access Restriction Bypass

<3.6.1+dfsg-1
  • M
Improper Input Validation

<3.6.1+dfsg-1
  • H
Arbitrary Code Injection

<3.6.1+dfsg-1
  • M
Cross-site Scripting (XSS)

<3.5.1+dfsg-1
  • M
CVE-2013-0235

<3.5.1+dfsg-1
  • M
Access Restriction Bypass

<3.5.2+dfsg-1
  • M
Access Restriction Bypass

<3.5.2+dfsg-1
  • M
Improper Input Validation

<3.5.2+dfsg-1
  • M
Cross-site Scripting (XSS)

<3.5.2+dfsg-1
  • M
Cross-site Scripting (XSS)

<3.5.1+dfsg-1
  • M
Access Restriction Bypass

<3.5.2+dfsg-1
  • M
Cross-site Scripting (XSS)

<3.5.1+dfsg-1
  • M
Information Exposure

<3.5.2+dfsg-1
  • M
Cross-site Scripting (XSS)

<3.5.2+dfsg-1
  • M
Cryptographic Issues

<3.5.2+dfsg-1
  • M
Access Restriction Bypass

<3.5.1+dfsg-2
  • L
Information Exposure

*
  • M
Cross-site Request Forgery (CSRF)

<3.5.1+dfsg-2
  • L
Access Restriction Bypass

<3.4.2+dfsg-1
  • M
Access Restriction Bypass

<3.0.3-1
  • M
Access Restriction Bypass

<3.4.2+dfsg-1
  • M
Cross-site Request Forgery (CSRF)

<3.4.1+dfsg-1
  • L
Access Restriction Bypass

<3.4.1+dfsg-1
  • M
Access Restriction Bypass

<3.4.1+dfsg-1
  • M
Improper Input Validation

<3.2.1+dfsg-1
  • M
Cross-site Scripting (XSS)

<3.2.1+dfsg-1
  • M
Cross-site Scripting (XSS)

<3.3.2+dfsg-1
  • M
Access Restriction Bypass

<3.3.2+dfsg-1
  • M
Access Restriction Bypass

<3.3.2+dfsg-1
  • C
CVE-2012-2399

<3.3.2+dfsg-1
  • C
CVE-2012-2400

<3.3.2+dfsg-1
  • M
Cross-site Scripting (XSS)

<3.3.2+dfsg-1
  • M
Cross-site Scripting (XSS)

*
  • H
CVE-2011-4899

*
  • M
CVE-2012-0937

*
  • M
Information Exposure

*
  • L
Cross-site Scripting (XSS)

<3.3.1+dfsg-1
  • H
Access Restriction Bypass

<3.2.1+dfsg-1
  • H
SQL Injection

<3.2.1+dfsg-1
  • M
Information Exposure

<3.2.1+dfsg-1
  • M
Information Exposure

<3.2.1+dfsg-1
  • C
CVE-2011-3125

<3.2.1+dfsg-1
  • M
Improper Input Validation

<3.2.1+dfsg-1
  • C
CVE-2011-3122

<3.2.1+dfsg-1
  • M
Information Exposure

<3.0.5+dfsg-1
  • L
Cross-site Scripting (XSS)

<3.0.5+dfsg-1
  • M
Cross-site Scripting (XSS)

<3.0.4+dfsg-1
  • M
SQL Injection

<3.0.2-1
  • M
Cross-site Scripting (XSS)

<3.0.4+dfsg-1
  • M
Access Restriction Bypass

<2.9.2-1
  • L
Cross-site Scripting (XSS)

<2.8.6-1
  • M
Arbitrary Code Injection

<2.8.6-1
  • M
Cryptographic Issues

<2.8.5-1
  • H
CVE-2008-7220

<2.5.0-2
  • M
Access Restriction Bypass

<2.8.3-1
  • C
Access Restriction Bypass

<2.8.3-1
  • M
Cross-site Scripting (XSS)

<2.8.3-1
  • H
Credentials Management

<2.8.3-2
  • M
Improper Input Validation

<2.8.3-1
  • M
Configuration

<2.8.3-1
  • M
Access Restriction Bypass

<2.8.3-1
  • M
Configuration

<2.8.3-1
  • M
Improper Authentication

<2.8.3-1
  • C
CVE-2008-6767

<2.8.3-1
  • M
Link Following

<2.8.3-1
  • H
Improper Input Validation

<2.3.2
  • M
Cross-site Scripting (XSS)

<2.5.1-11
  • M
Cross-site Request Forgery (CSRF)

<2.5.1-10
  • C
OS Command Injection

<2.5.1-9
  • H
Directory Traversal

<2.5.1-1
  • M
Improper Input Validation

<2.5.1-8
  • H
Access Restriction Bypass

<2.5.1-6
  • H
Improper Input Validation

<2.5.1-4
  • H
Access Restriction Bypass

<2.2.3-1
  • M
Cross-site Scripting (XSS)

<2.5.1-1
  • H
Improper Authentication

<2.5.1-1
  • M
Cross-site Scripting (XSS)

<2.5.0-1
  • M
Access Restriction Bypass

<2.3.3-1
  • M
Information Exposure

*
  • M
Cross-site Scripting (XSS)

<2.0.10-1
  • M
Information Exposure

<2.1.0-1
  • M
Directory Traversal

<2.3.3-1
  • M
Cross-site Scripting (XSS)

<2.1.0-1
  • H
Directory Traversal

<2.1.0-1
  • M
SQL Injection

<2.3.2-1
  • C
Improper Authentication

<2.5.0-1
  • L
Cross-site Scripting (XSS)

<2.3.1-1
  • M
Cross-site Scripting (XSS)

<2.0.4-1
  • M
Cross-site Scripting (XSS)

<2.0.2-1
  • H
SQL Injection

<2.2.3-1
  • M
Cross-site Request Forgery (CSRF)

<2.2.3-1
  • M
CVE-2007-4483

<2.1.3-1
  • L
CVE-2007-4153

<2.2.2-1
  • M
CVE-2007-4154

<2.2.2-1
  • M
CVE-2007-3639

<2.2.2-1
  • M
CVE-2007-3543

<2.2.1-1
  • M
CVE-2007-3544

<2.2.2-1
  • M
CVE-2007-3238

<2.2.2-1
  • M
CVE-2007-3215

<2.2.1-1
  • M
CVE-2007-3140

<2.2.1-1
  • H
CVE-2007-2821

<2.2-1
  • C
CVE-2007-2714

<2.2-1
  • M
CVE-2007-2627

<2.2.2-1
  • M
CVE-2007-1894

<2.1.3-1
  • M
SQL Injection

<2.1.3-1
  • M
Access Restriction Bypass

<2.1.3-1
  • L
Cross-site Scripting (XSS)

<2.1.3-1
  • M
CVE-2007-1622

<2.1.3-1
  • M
CVE-2007-1599

<2.2.2-1
  • M
CVE-2007-1244

<2.1.2-1
  • M
CVE-2007-1230

<2.1.2-1
  • M
CVE-2007-1049

<2.1.1-1
  • M
CVE-2007-0540

<2.1.0-1
  • M
Access Restriction Bypass

<2.1.0-1
  • H
CVE-2007-0539

<2.1.0-1
  • H
CVE-2007-0262

<2.0.8-1
  • H
CVE-2007-0233

<2.1.0-1
  • M
CVE-2007-0106

<2.0.6-1
  • M
CVE-2007-0109

<2.0.6-1
  • M
CVE-2007-0107

<2.0.6-1
  • M
CVE-2006-6808

<2.0.6-1
  • M
CVE-2006-6017

<2.0.5-0.1
  • M
CVE-2006-6016

<2.0.5-0.1
  • M
CVE-2006-5705

<2.0.5-0.1
  • M
CVE-2006-4743

<2.0.5-0.1
  • M
CVE-2006-4208

<2.0.5-0.1
  • C
CVE-2006-4028

<2.0.4-1
  • M
CVE-2006-3390

<2.0.4-1
  • M
CVE-2006-3389

<2.0.4-1
  • M
CVE-2006-2702

<2.0.3-1
  • H
CVE-2006-2667

<2.0.3-1
  • M
CVE-2006-1796

<2.0.1
  • M
CVE-2006-1263

<2.0.2-1
  • H
CVE-2006-1012

<2.0.1-1
  • M
CVE-2006-0986

<2.0.2-1
  • M
CVE-2006-0985

<2.0.2-1
  • L
CVE-2006-0733

*
  • M
Directory Traversal

<2.5.1-3
  • M
CVE-2005-4463

<1.5.2-1
  • H
CVE-2005-2612

<1.5.2-1
  • H
CVE-2005-2108

<1.5.1.3-1
  • M
CVE-2005-2107

<1.5.1.3-1
  • M
CVE-2005-2109

<1.5.1.3-1
  • M
CVE-2005-2110

<1.5.1.3-1
  • H
CVE-2005-1810

<1.5.1.2-1
  • H
CVE-2005-1687

<1.5.1-1
  • M
CVE-2005-1688

<1.5.1-1
  • M
CVE-2004-1559

<1.2.2-1.1
  • M
CVE-2004-1584

<1.2.1-1.1