Homepage

wordpress vulnerabilities

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the wordpress package. This does not include vulnerabilities belonging to this package’s dependencies.

How to fix?

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free
VulnerabilityVulnerable Version
  • M
Cross-site Scripting (XSS)

*
  • M
Cross-site Scripting (XSS)

*
  • M
Cross-site Scripting (XSS)

*
  • M
Weak Password Recovery Mechanism for Forgotten Password

*
  • M
Missing Authentication for Critical Function

*
  • M
Cross-site Scripting (XSS)

*
  • M
Cross-site Scripting (XSS)

*
  • M
Open Redirect

*
  • M
Cross-site Scripting (XSS)

*
  • L
Information Exposure

*
  • M
Arbitrary Code Injection

*
  • M
Cross-site Scripting (XSS)

*
  • M
Incorrect Authorization

*
  • M
Information Exposure

*
  • M
Improper Input Validation

*
  • M
Cross-site Scripting (XSS)

*
  • M
Deserialization of Untrusted Data

*
  • M
Cross-site Scripting (XSS)

*
  • L
Improper Input Validation

*
  • M
Directory Traversal

*
  • M
Cross-site Scripting (XSS)

*
  • M
Open Redirect

*
  • L
Resource Exhaustion

*
  • M
Cross-site Scripting (XSS)

*
  • M
Cross-site Scripting (XSS)

*
  • M
Use of Insufficiently Random Values

*
  • M
Cross-site Scripting (XSS)

*
  • M
SQL Injection

*
  • L
Inadequate Encryption Strength

*
  • L
Cleartext Storage of Sensitive Information

*
  • M
Cross-site Scripting (XSS)

*
  • M
Cross-site Scripting (XSS)

*
  • M
SQL Injection

*
  • M
Cross-site Scripting (XSS)

*
  • M
Cross-site Scripting (XSS)

*
  • M
Cross-site Scripting (XSS)

*
  • M
Open Redirect

*
  • M
Directory Traversal

*
  • M
Directory Traversal

*
  • M
Server-Side Request Forgery (SSRF)

*
  • M
Cross-site Request Forgery (CSRF)

*
  • M
Cross-site Request Forgery (CSRF)

*
  • M
Cross-site Scripting (XSS)

*
  • M
Cross-site Scripting (XSS)

*
  • M
Improper Input Validation

*
  • M
Weak Password Recovery Mechanism for Forgotten Password

*
  • M
Cross-site Request Forgery (CSRF)

*
  • M
Cross-site Scripting (XSS)

*
  • M
Improper Input Validation

*
  • M
Cross-site Scripting (XSS)

*
  • M
Incorrect Authorization

*
  • M
Information Exposure

*
  • M
Cross-site Scripting (XSS)

*
  • M
SQL Injection

*
  • M
Directory Traversal

*
  • M
Security Features

*
  • M
Cross-site Request Forgery (CSRF)

*
  • M
Cross-site Request Forgery (CSRF)

*
  • M
Cross-site Request Forgery (CSRF)

*
  • M
Cross-site Scripting (XSS)

*
  • L
Insecure Default Initialization of Resource

*
  • M
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)

*
  • M
Cross-site Scripting (XSS)

*
  • M
Cross-site Scripting (XSS)

*
  • M
Directory Traversal

*
  • M
Cross-site Request Forgery (CSRF)

*
  • M
Improper Authorization

*
  • M
Cross-site Scripting (XSS)

*
  • M
CVE-2016-5832

*
  • M
CVE-2016-5837

*
  • M
CVE-2016-5839

*
  • M
Credentials Management

*
  • M
CVE-2016-5836

*
  • M
Information Exposure

*
  • M
Cross-site Scripting (XSS)

*
  • M
Cross-site Scripting (XSS)

*
  • M
Cross-site Scripting (XSS)

*
  • L
Cross-site Request Forgery (CSRF)

*
  • L
CVE-2011-4899

*
  • L
Cross-site Scripting (XSS)

*
  • L
CVE-2012-0937

*
  • L
Information Exposure

*
  • L
Information Exposure

*