Homepage

wordpress vulnerabilities

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the wordpress package. This does not include vulnerabilities belonging to this package’s dependencies.

How to fix?

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free
VulnerabilityVulnerable Version
  • M
Cross-site Scripting (XSS)

*
  • M
Cross-site Scripting (XSS)

*
  • M
Cross-site Scripting (XSS)

*
  • M
Weak Password Recovery Mechanism for Forgotten Password

*
  • M
Missing Authentication for Critical Function

*
  • M
Cross-site Scripting (XSS)

*
  • M
Cross-site Scripting (XSS)

*
  • M
Open Redirect

*
  • M
Cross-site Scripting (XSS)

*
  • L
Information Exposure

*
  • M
Arbitrary Code Injection

*
  • M
Cross-site Scripting (XSS)

*
  • M
Incorrect Authorization

*
  • M
Improper Input Validation

*
  • M
Cross-site Scripting (XSS)

*
  • M
Deserialization of Untrusted Data

*
  • M
Information Exposure

*
  • M
Cross-site Scripting (XSS)

*
  • L
Improper Input Validation

*
  • M
Directory Traversal

*
  • M
Open Redirect

*
  • M
Cross-site Scripting (XSS)

*
  • L
Resource Exhaustion

*
  • M
Use of Insufficiently Random Values

*
  • M
Cross-site Scripting (XSS)

*
  • M
Cross-site Scripting (XSS)

*
  • M
Cross-site Scripting (XSS)

*
  • M
SQL Injection

*
  • L
Inadequate Encryption Strength

*
  • L
Cleartext Storage of Sensitive Information

*
  • M
Cross-site Scripting (XSS)

*
  • M
Cross-site Scripting (XSS)

*
  • M
Cross-site Scripting (XSS)

*
  • M
Cross-site Scripting (XSS)

*
  • M
Cross-site Scripting (XSS)

*
  • M
Directory Traversal

*
  • M
Open Redirect

*
  • M
SQL Injection

*
  • M
Directory Traversal

*
  • M
Cross-site Request Forgery (CSRF)

*
  • M
Cross-site Request Forgery (CSRF)

*
  • M
Server-Side Request Forgery (SSRF)

*
  • M
Improper Input Validation

*
  • M
Cross-site Scripting (XSS)

*
  • M
Cross-site Scripting (XSS)

*
  • M
Weak Password Recovery Mechanism for Forgotten Password

*
  • M
Cross-site Scripting (XSS)

*
  • M
Cross-site Request Forgery (CSRF)

*
  • M
Improper Input Validation

*
  • M
Incorrect Authorization

*
  • M
Cross-site Scripting (XSS)

*
  • M
Information Exposure

*
  • M
Cross-site Scripting (XSS)

*
  • M
SQL Injection

*
  • M
Cross-site Request Forgery (CSRF)

*
  • M
Security Features

*
  • M
Directory Traversal

*
  • M
Cross-site Request Forgery (CSRF)

*
  • M
Cross-site Scripting (XSS)

*
  • M
Cross-site Request Forgery (CSRF)

*
  • M
Cross-site Scripting (XSS)

*
  • M
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)

*
  • L
Insecure Default Initialization of Resource

*
  • M
Directory Traversal

*
  • M
Cross-site Scripting (XSS)

*
  • M
Cross-site Request Forgery (CSRF)

*
  • M
Cross-site Scripting (XSS)

*
  • M
Improper Authorization

*
  • M
Cross-site Scripting (XSS)

*
  • M
Information Exposure

*
  • M
CVE-2016-5836

*
  • M
CVE-2016-5832

*
  • M
CVE-2016-5837

*
  • M
CVE-2016-5839

*
  • M
Credentials Management

*
  • M
Cross-site Scripting (XSS)

*
  • M
Cross-site Scripting (XSS)

*
  • L
Cross-site Request Forgery (CSRF)

*
  • L
Information Exposure

*
  • L
Cross-site Scripting (XSS)

*
  • L
CVE-2012-0937

*
  • L
CVE-2011-4899

*
  • L
Information Exposure

*