wordpress vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the wordpress package. This does not include vulnerabilities belonging to this package’s dependencies.

How to fix?

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free
VulnerabilityVulnerable Version
  • M
Incorrect Default Permissions

<3.2.1+dfsg-1
  • M
Cross-site Scripting (XSS)

<4.7.22+dfsg-0+deb9u1
  • H
SQL Injection

<4.7.22+dfsg-0+deb9u1
  • H
Deserialization of Untrusted Data

<4.7.22+dfsg-0+deb9u1
  • H
SQL Injection

<4.7.22+dfsg-0+deb9u1
  • L
CVE-2021-44223

*
  • C
Deserialization of Untrusted Data

<4.7.19+dfsg-1+deb9u1
  • M
XML External Entity (XXE) Injection

<4.7.20+dfsg-1+deb9u1
  • M
Information Exposure

<4.7.20+dfsg-1+deb9u1
  • M
Cross-site Request Forgery (CSRF)

<4.7.19+dfsg-1+deb9u1
  • C
CVE-2020-28039

<4.7.19+dfsg-1+deb9u1
  • M
Cross-site Scripting (XSS)

<4.7.19+dfsg-1+deb9u1
  • C
Improper Privilege Management

<4.7.19+dfsg-1+deb9u1
  • C
Improper Privilege Management

<4.7.19+dfsg-1+deb9u1
  • C
Improper Input Validation

<4.7.19+dfsg-1+deb9u1
  • M
Cross-site Scripting (XSS)

<4.7.19+dfsg-1+deb9u1
  • H
CVE-2020-28033

<4.7.19+dfsg-1+deb9u1
  • C
Deserialization of Untrusted Data

<4.7.19+dfsg-1+deb9u1
  • M
CVE-2020-25286

<4.7.18+dfsg-1+deb9u1
  • M
Cross-site Scripting (XSS)

<4.7.18+dfsg-1+deb9u1
  • M
Open Redirect

<4.7.18+dfsg-1+deb9u1
  • L
Authentication Bypass

<4.7.18+dfsg-1+deb9u1
  • L
Cross-site Scripting (XSS)

<4.7.18+dfsg-1+deb9u1
  • M
Cross-site Scripting (XSS)

<4.7.5+dfsg-2+deb9u6
  • M
Cross-site Scripting (XSS)

<4.7.5+dfsg-2+deb9u6
  • M
Cross-site Scripting (XSS)

<4.7.5+dfsg-2+deb9u6
  • H
Weak Password Recovery Mechanism for Forgotten Password

<4.7.5+dfsg-2+deb9u6
  • H
Missing Authentication for Critical Function

<4.7.5+dfsg-2+deb9u6
  • M
Improper Privilege Management

<4.7.5+dfsg-2+deb9u6
  • C
Improper Input Validation

<4.7.5+dfsg-2+deb9u6
  • M
Cross-site Scripting (XSS)

<4.7.5+dfsg-2+deb9u6
  • C
Server-Side Request Forgery (SSRF)

<4.7.5+dfsg-2+deb9u6
  • M
Cross-site Scripting (XSS)

<4.7.5+dfsg-2+deb9u6
  • M
Information Exposure

<4.7.5+dfsg-2+deb9u6
  • C
Server-Side Request Forgery (SSRF)

<4.7.18+dfsg-1+deb9u1
  • H
Improper Input Validation

<4.7.5+dfsg-2+deb9u6
  • H
Cross-site Request Forgery (CSRF)

<4.7.5+dfsg-2+deb9u6
  • M
Cross-site Scripting (XSS)

<4.7.5+dfsg-2+deb9u6
  • M
Cross-site Scripting (XSS)

<4.7.5+dfsg-2+deb9u6
  • M
Open Redirect

<4.7.5+dfsg-2+deb9u6
  • M
Cross-site Scripting (XSS)

<4.7.5+dfsg-2+deb9u6
  • M
Cross-site Scripting (XSS)

<4.7.5+dfsg-2+deb9u6
  • M
Cross-site Scripting (XSS)

<4.7.5+dfsg-2+deb9u6
  • M
Cross-site Scripting (XSS)

<4.7.5+dfsg-2+deb9u6
  • L
Information Exposure

*
  • H
Cross-site Request Forgery (CSRF)

<4.7.5+dfsg-2+deb9u6
  • H
Arbitrary Code Injection

<4.7.5+dfsg-2+deb9u5
  • M
Incorrect Authorization

<4.7.5+dfsg-2+deb9u5
  • M
Cross-site Scripting (XSS)

<4.7.5+dfsg-2+deb9u5
  • M
Improper Input Validation

<4.7.5+dfsg-2+deb9u5
  • C
Deserialization of Untrusted Data

<4.7.5+dfsg-2+deb9u5
  • M
Cross-site Scripting (XSS)

<4.7.5+dfsg-2+deb9u5
  • H
Information Exposure

<4.7.5+dfsg-2+deb9u5
  • M
Cross-site Scripting (XSS)

<4.7.5+dfsg-2+deb9u5
  • H
Improper Input Validation

*
  • L
Unrestricted Upload of File with Dangerous Type

*
  • H
Directory Traversal

<4.7.5+dfsg-2+deb9u4
  • M
Open Redirect

<4.7.5+dfsg-2+deb9u3
  • M
Open Redirect

<4.7.5+dfsg-2+deb9u3
  • M
Cross-site Scripting (XSS)

<4.7.5+dfsg-2+deb9u3
  • L
Resource Exhaustion

*
  • H
Use of Insufficiently Random Values

<4.7.5+dfsg-2+deb9u2
  • M
Cross-site Scripting (XSS)

<4.7.5+dfsg-2+deb9u2
  • M
Cross-site Scripting (XSS)

<4.7.5+dfsg-2+deb9u2
  • M
Cross-site Scripting (XSS)

<4.7.5+dfsg-2+deb9u2
  • C
SQL Injection

<4.7.5+dfsg-2+deb9u2
  • L
Inadequate Encryption Strength

*
  • M
Improper Input Validation

<4.1+dfsg-1
  • M
Cleartext Storage of Sensitive Information

<4.7.5+dfsg-2+deb9u1
  • C
SQL Injection

<4.7.5+dfsg-2+deb9u1
  • H
Directory Traversal

<4.7.5+dfsg-2+deb9u1
  • M
Open Redirect

<4.7.5+dfsg-2+deb9u1
  • M
Cross-site Scripting (XSS)

<4.7.5+dfsg-2+deb9u1
  • M
Cross-site Scripting (XSS)

<4.7.5+dfsg-2+deb9u1
  • H
Directory Traversal

<4.7.5+dfsg-2+deb9u1
  • M
Cross-site Scripting (XSS)

<4.7.5+dfsg-2+deb9u1
  • M
Cross-site Scripting (XSS)

<4.7.5+dfsg-2+deb9u1
  • M
Cross-site Scripting (XSS)

<4.7.5+dfsg-2+deb9u1
  • H
Server-Side Request Forgery (SSRF)

<4.7.5+dfsg-1
  • H
Cross-site Request Forgery (CSRF)

<4.7.5+dfsg-1
  • H
Improper Input Validation

<4.7.5+dfsg-1
  • H
Cross-site Request Forgery (CSRF)

<4.7.5+dfsg-1
  • M
Cross-site Scripting (XSS)

<4.7.5+dfsg-1
  • M
Cross-site Scripting (XSS)

<4.7.5+dfsg-1
  • M
Weak Password Recovery Mechanism for Forgotten Password

<4.7.5+dfsg-2
  • H
CVE-2017-1001000

<4.7.2+dfsg-1
  • M
Cross-site Scripting (XSS)

<4.7.3+dfsg-1
  • M
Improper Input Validation

<4.7.3+dfsg-1
  • M
Cross-site Request Forgery (CSRF)

<4.7.3+dfsg-1
  • M
Incorrect Authorization

<4.7.3+dfsg-1
  • M
Cross-site Scripting (XSS)

<4.7.3+dfsg-1
  • M
Cross-site Scripting (XSS)

<4.7.3+dfsg-1
  • C
SQL Injection

<4.7.2+dfsg-1
  • M
Cross-site Scripting (XSS)

<4.7.2+dfsg-1
  • M
Information Exposure

<4.7.2+dfsg-1
  • M
Cross-site Request Forgery (CSRF)

<4.6.1+dfsg-1
  • M
Security Features

<4.6.1+dfsg-1
  • H
Directory Traversal

<4.6.1+dfsg-1
  • H
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)

<4.7.1+dfsg-1
  • M
Cross-site Scripting (XSS)

<4.7.1+dfsg-1
  • H
Cross-site Request Forgery (CSRF)

<4.7.1+dfsg-1
  • M
Information Exposure

<4.7.1+dfsg-1
  • M
Insecure Default Initialization of Resource

<4.7.1+dfsg-1
  • M
Cross-site Scripting (XSS)

<4.7.1+dfsg-1
  • H
Cross-site Request Forgery (CSRF)

<4.7.1+dfsg-1
  • M
Cross-site Scripting (XSS)

<4.6.1+dfsg-1
  • M
Directory Traversal

<4.6.1+dfsg-1
  • M
Cross-site Scripting (XSS)

<4.5+dfsg-1
  • H
Cross-site Request Forgery (CSRF)

<4.5+dfsg-1
  • H
Improper Authorization

<4.5+dfsg-1
  • H
CVE-2016-5836

<4.5.3+dfsg-1
  • H
Credentials Management

<4.5.3+dfsg-1
  • H
CVE-2016-5839

<4.5.3+dfsg-1
  • H
CVE-2016-5832

<4.5.3+dfsg-1
  • H
Information Exposure

<4.5.3+dfsg-1
  • H
CVE-2016-5837

<4.5.3+dfsg-1
  • M
Cross-site Scripting (XSS)

<4.5.3+dfsg-1
  • M
Cross-site Scripting (XSS)

<4.5.3+dfsg-1
  • M
Cross-site Scripting (XSS)

<4.3.1+dfsg-1
  • M
Access Restriction Bypass

<4.3.1+dfsg-1
  • M
Cross-site Scripting (XSS)

<4.3.1+dfsg-1
  • M
Cross-site Scripting (XSS)

<4.2.2+dfsg-1
  • M
Cross-site Scripting (XSS)

<4.4.1+dfsg-1
  • H
CVE-2016-2221

<4.4.2+dfsg-1
  • H
CVE-2016-2222

<4.4.2+dfsg-1
  • M
Cross-site Scripting (XSS)

<4.5.2+dfsg-1
  • H
SQL Injection

<4.2.4+dfsg-1
  • M
Information Exposure

<4.2.4+dfsg-1
  • M
Cross-site Scripting (XSS)

<4.2.4+dfsg-1
  • M
Cross-site Scripting (XSS)

<4.2.4+dfsg-1
  • M
Cross-site Request Forgery (CSRF)

<4.2.4+dfsg-1
  • M
Cross-site Scripting (XSS)

<4.2.4+dfsg-1
  • M
Cross-site Scripting (XSS)

<4.2+dfsg-1
  • M
Cross-site Scripting (XSS)

<4.2+dfsg-1
  • M
Cross-site Scripting (XSS)

<4.2.1+dfsg-1
  • L
Cross-site Scripting (XSS)

<4.2.3+dfsg-1
  • M
Improper Access Control

<4.2.3+dfsg-1
  • M
Cross-site Scripting (XSS)

<4.2.2+dfsg-1
  • M
Improper Input Validation

<4.0.1+dfsg-1
  • M
Cross-site Scripting (XSS)

<4.0.1+dfsg-1
  • M
Improper Data Handling

<4.0.1+dfsg-1
  • M
Security Features

<4.0.1+dfsg-1
  • M
Cryptographic Issues

<4.0.1+dfsg-1
  • M
Cross-site Scripting (XSS)

<4.0.1+dfsg-1
  • M
Cross-site Scripting (XSS)

<4.0.1+dfsg-1
  • M
Cross-site Scripting (XSS)

<4.0.1+dfsg-1
  • M
Cross-site Request Forgery (CSRF)

<4.0.1+dfsg-1
  • H
SQL Injection

<1.0.1-1
  • M
Cross-site Request Forgery (CSRF)

<3.9.2+dfsg-1
  • M
Cross-site Request Forgery (CSRF)

<3.9.2+dfsg-1
  • M
Resource Management Errors

<3.9.2+dfsg-1
  • H
CVE-2014-5203

<3.9.2+dfsg-1
  • L
Cross-site Scripting (XSS)

<3.9.2+dfsg-1
  • M
Resource Management Errors

<3.9.2+dfsg-1
  • H
CVE-2014-2053

<3.9.2+dfsg-1
  • M
Access Restriction Bypass

<3.8.2+dfsg-1
  • M
Improper Authentication

<3.8.2+dfsg-1
  • M
Cross-site Scripting (XSS)

<3.0.2-1
  • M
Access Restriction Bypass

<3.4+dfsg-1
  • L
Access Restriction Bypass

<3.0.1-1
  • M
Access Restriction Bypass

<3.0.2-1
  • M
Access Restriction Bypass

<3.2.1+dfsg-1
  • M
Access Restriction Bypass

<3.0.2-1
  • M
Access Restriction Bypass

<3.4+dfsg-1
  • M
Cross-site Scripting (XSS)

<3.4+dfsg-1
  • M
Cross-site Scripting (XSS)

<3.0.2-1
  • L
Cross-site Request Forgery (CSRF)

*
  • L
Cross-site Scripting (XSS)

<3.6.1+dfsg-1
  • M
Improper Input Validation

<3.6.1+dfsg-1
  • L
Access Restriction Bypass

<3.6.1+dfsg-1
  • H
Improper Input Validation

<3.6.1+dfsg-1
  • H
Arbitrary Code Injection

<3.6.1+dfsg-1
  • M
Cross-site Scripting (XSS)

<3.5.1+dfsg-1
  • M
CVE-2013-0235

<3.5.1+dfsg-1
  • M
Access Restriction Bypass

<3.5.2+dfsg-1
  • M
Access Restriction Bypass

<3.5.2+dfsg-1
  • M
Cross-site Scripting (XSS)

<3.5.2+dfsg-1
  • M
Improper Input Validation

<3.5.2+dfsg-1
  • M
Cross-site Scripting (XSS)

<3.5.2+dfsg-1
  • M
Cross-site Scripting (XSS)

<3.5.1+dfsg-1
  • M
Information Exposure

<3.5.2+dfsg-1
  • M
Cross-site Scripting (XSS)

<3.5.1+dfsg-1
  • M
Access Restriction Bypass

<3.5.2+dfsg-1
  • M
Cryptographic Issues

<3.5.2+dfsg-1
  • M
Access Restriction Bypass

<3.5.1+dfsg-2
  • L
Information Exposure

*
  • L
Cross-site Request Forgery (CSRF)

<3.5.1+dfsg-2
  • M
Access Restriction Bypass

<3.0.3-1
  • L
Access Restriction Bypass

<3.4.2+dfsg-1
  • M
Access Restriction Bypass

<3.4.2+dfsg-1
  • M
Access Restriction Bypass

<3.4.1+dfsg-1
  • L
Access Restriction Bypass

<3.4.1+dfsg-1
  • M
Cross-site Request Forgery (CSRF)

<3.4.1+dfsg-1
  • M
Cross-site Scripting (XSS)

<3.2.1+dfsg-1
  • M
Improper Input Validation

<3.2.1+dfsg-1
  • M
Access Restriction Bypass

<3.3.2+dfsg-1
  • M
Access Restriction Bypass

<3.3.2+dfsg-1
  • C
CVE-2012-2400

<3.3.2+dfsg-1
  • M
Cross-site Scripting (XSS)

<3.3.2+dfsg-1
  • M
Cross-site Scripting (XSS)

<3.3.2+dfsg-1
  • C
CVE-2012-2399

<3.3.2+dfsg-1
  • L
Cross-site Scripting (XSS)

*
  • L
Information Exposure

*
  • L
CVE-2011-4899

*
  • L
CVE-2012-0937

*
  • L
Cross-site Scripting (XSS)

<3.3.1+dfsg-1
  • M
Improper Input Validation

<3.2.1+dfsg-1
  • M
Information Exposure

<3.2.1+dfsg-1
  • M
Information Exposure

<3.2.1+dfsg-1
  • C
CVE-2011-3125

<3.2.1+dfsg-1
  • H
SQL Injection

<3.2.1+dfsg-1
  • H
Access Restriction Bypass

<3.2.1+dfsg-1
  • C
CVE-2011-3122

<3.2.1+dfsg-1
  • M
Information Exposure

<3.0.5+dfsg-1
  • L
Cross-site Scripting (XSS)

<3.0.5+dfsg-1
  • M
Cross-site Scripting (XSS)

<3.0.4+dfsg-1
  • M
SQL Injection

<3.0.2-1
  • M
Cross-site Scripting (XSS)

<3.0.4+dfsg-1
  • L
Access Restriction Bypass

<2.9.2-1
  • L
Arbitrary Code Injection

<2.8.6-1
  • L
Cross-site Scripting (XSS)

<2.8.6-1
  • M
Cryptographic Issues

<2.8.5-1
  • L
CVE-2008-7220

<2.5.0-2
  • C
Access Restriction Bypass

<2.8.3-1
  • L
Cross-site Scripting (XSS)

<2.8.3-1
  • M
Access Restriction Bypass

<2.8.3-1
  • L
Credentials Management

<2.8.3-2
  • L
Configuration

<2.8.3-1
  • L
Access Restriction Bypass

<2.8.3-1
  • L
Improper Authentication

<2.8.3-1
  • L
Improper Input Validation

<2.8.3-1
  • L
Configuration

<2.8.3-1
  • L
CVE-2008-6767

<2.8.3-1
  • L
Link Following

<2.8.3-1
  • L
Improper Input Validation

<2.3.2
  • L
Cross-site Scripting (XSS)

<2.5.1-11
  • M
Cross-site Request Forgery (CSRF)

<2.5.1-10
  • C
OS Command Injection

<2.5.1-9
  • H
Directory Traversal

<2.5.1-1
  • M
Improper Input Validation

<2.5.1-8
  • L
Access Restriction Bypass

<2.5.1-6
  • L
Improper Input Validation

<2.5.1-4
  • H
Access Restriction Bypass

<2.2.3-1
  • M
Cross-site Scripting (XSS)

<2.5.1-1
  • M
Improper Authentication

<2.5.1-1
  • M
Cross-site Scripting (XSS)

<2.5.0-1
  • M
Access Restriction Bypass

<2.3.3-1
  • L
Information Exposure

*
  • M
Directory Traversal

<2.3.3-1
  • L
Information Exposure

<2.1.0-1
  • M
Cross-site Scripting (XSS)

<2.1.0-1
  • H
Directory Traversal

<2.1.0-1
  • M
Cross-site Scripting (XSS)

<2.0.10-1
  • L
SQL Injection

<2.3.2-1
  • L
Improper Authentication

<2.5.0-1
  • L
Cross-site Scripting (XSS)

<2.3.1-1
  • L
Cross-site Scripting (XSS)

<2.0.4-1
  • L
Cross-site Scripting (XSS)

<2.0.2-1
  • M
SQL Injection

<2.2.3-1
  • L
Cross-site Request Forgery (CSRF)

<2.2.3-1
  • M
CVE-2007-4483

<2.1.3-1
  • M
CVE-2007-4154

<2.2.2-1
  • L
CVE-2007-4153

<2.2.2-1
  • M
CVE-2007-3639

<2.2.2-1
  • M
CVE-2007-3544

<2.2.2-1
  • M
CVE-2007-3543

<2.2.1-1
  • L
CVE-2007-3238

<2.2.2-1
  • M
CVE-2007-3215

<2.2.1-1
  • M
CVE-2007-3140

<2.2.1-1
  • H
CVE-2007-2821

<2.2-1
  • C
CVE-2007-2714

<2.2-1
  • L
CVE-2007-2627

<2.2.2-1
  • M
Access Restriction Bypass

<2.1.3-1
  • M
SQL Injection

<2.1.3-1
  • M
CVE-2007-1894

<2.1.3-1
  • L
Cross-site Scripting (XSS)

<2.1.3-1
  • M
CVE-2007-1622

<2.1.3-1
  • L
CVE-2007-1599

<2.2.2-1
  • M
CVE-2007-1244

<2.1.2-1
  • M
CVE-2007-1230

<2.1.2-1
  • L
CVE-2007-1049

<2.1.1-1
  • L
CVE-2007-0540

<2.1.0-1
  • L
CVE-2007-0539

<2.1.0-1
  • L
Access Restriction Bypass

<2.1.0-1
  • H
CVE-2007-0262

<2.0.8-1
  • L
CVE-2007-0233

<2.1.0-1
  • M
CVE-2007-0107

<2.0.6-1
  • M
CVE-2007-0106

<2.0.6-1
  • L
CVE-2007-0109

<2.0.6-1
  • M
CVE-2006-6808

<2.0.6-1
  • M
CVE-2006-6017

<2.0.5-0.1
  • M
CVE-2006-6016

<2.0.5-0.1
  • M
CVE-2006-5705

<2.0.5-0.1
  • L
CVE-2006-4743

<2.0.5-0.1
  • L
CVE-2006-4208

<2.0.5-0.1
  • C
CVE-2006-4028

<2.0.4-1
  • L
CVE-2006-3389

<2.0.4-1
  • L
CVE-2006-3390

<2.0.4-1
  • M
CVE-2006-2702

<2.0.3-1
  • M
CVE-2006-2667

<2.0.3-1
  • M
CVE-2006-1796

<2.0.1
  • M
CVE-2006-1263

<2.0.2-1
  • H
CVE-2006-1012

<2.0.1-1
  • L
CVE-2006-0986

<2.0.2-1
  • M
CVE-2006-0985

<2.0.2-1
  • L
CVE-2006-0733

*
  • M
Directory Traversal

<2.5.1-3
  • L
CVE-2005-4463

<1.5.2-1
  • H
CVE-2005-2612

<1.5.2-1
  • M
CVE-2005-2109

<1.5.1.3-1
  • M
CVE-2005-2110

<1.5.1.3-1
  • H
CVE-2005-2108

<1.5.1.3-1
  • M
CVE-2005-2107

<1.5.1.3-1
  • H
CVE-2005-1810

<1.5.1.2-1
  • M
CVE-2005-1688

<1.5.1-1
  • H
CVE-2005-1687

<1.5.1-1
  • M
CVE-2004-1559

<1.2.2-1.1
  • M
CVE-2004-1584

<1.2.1-1.1