WordPress Security Vulnerabilities
4.3CVSS
6.4AI Score
0.004EPSS
is_protected_meta in wp-includes/meta.php in WordPress before 5.5.2 allows arbitrary file deletion because it does not properly determine whether a meta key is considered...
9.1CVSS
9.2AI Score
0.003EPSS
9.8CVSS
9.3AI Score
0.007EPSS
9.8CVSS
9.3AI Score
0.003EPSS
6.1CVSS
7.2AI Score
0.026EPSS
WordPress before 5.5.2 mishandles embeds from disabled sites on a multisite network, as demonstrated by allowing a spam...
7.5CVSS
8.3AI Score
0.003EPSS
is_blog_installed in wp-includes/functions.php in WordPress before 5.5.2 improperly determines whether WordPress is already installed, which might allow an attacker to perform a new installation, leading to remote code execution (as well as a denial of service for the old...
9.8CVSS
9.4AI Score
0.024EPSS
wp-includes/class-wp-xmlrpc-server.php in WordPress before 5.5.2 allows attackers to gain privileges by using XML-RPC to comment on a...
9.8CVSS
9.3AI Score
0.007EPSS
The Dynamic OOO widget for the Elementor Pro plugin through 3.0.5 for WordPress allows remote authenticated users to execute arbitrary code because only the Editor role is needed to upload executable PHP code via the PHP Raw snippet. NOTE: this issue can be mitigated by removing the Dynamic OOO...
8.8CVSS
8.9AI Score
0.003EPSS
The wpo365-login plugin before v11.7 for WordPress allows use of a symmetric algorithm to decrypt a JWT token. This leads to authentication...
7.5CVSS
7.6AI Score
0.001EPSS
In wp-includes/comment-template.php in WordPress before 5.4.2, comments from a post or page could sometimes be seen in the latest comments even if the post or page was not...
5.3CVSS
5.5AI Score
0.001EPSS
Missing Authentication for Critical Function in Icegram Email Subscribers & Newsletters Plugin for WordPress prior to version 4.5.6 allows a remote, unauthenticated attacker to conduct unauthenticated email...
5.3CVSS
5.2AI Score
0.003EPSS
Vinoj Cardoza WordPress Poll Plugin v36 and lower executes SQL statement passed in via the pollid POST parameter due to a lack of user input escaping. This allows users who craft specific SQL statements to dump the entire targets...
7.5CVSS
7.6AI Score
0.002EPSS
Cross-site request forgery in Icegram Email Subscribers & Newsletters Plugin for WordPress v4.4.8 allows a remote attacker to send forged emails by tricking legitimate users into clicking a crafted...
6.5CVSS
6.4AI Score
0.001EPSS
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in Icegram Email Subscribers & Newsletters Plugin for WordPress v4.4.8 allows a remote, authenticated attacker to determine the value of database...
4.9CVSS
5.5AI Score
0.001EPSS
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in SRS Simple Hits Counter Plugin for WordPress 1.0.3 and 1.0.4 allows a remote, unauthenticated attacker to determine the value of database...
7.5CVSS
7.9AI Score
0.003EPSS
In affected versions of WordPress, users with low privileges (like contributors and authors) can use the embed block in a certain way to inject unfiltered HTML in the block editor. When affected posts are viewed by a higher privileged user, this could lead to script execution in the...
5.4CVSS
5.2AI Score
0.004EPSS
In affected versions of WordPress, due to an issue in wp_validate_redirect() and URL sanitization, an arbitrary external link can be crafted leading to unintended/open redirect when clicked. This has been patched in version 5.4.2, along with all the previously affected versions via a minor release....
5.7CVSS
5.9AI Score
0.001EPSS
In affected versions of WordPress, misuse of the set-screen-option filter's return value allows arbitrary user meta fields to be saved. It does require an admin to install a plugin that would misuse the filter. Once installed, it can be leveraged by low privileged users. This has been patched in...
3.5CVSS
5AI Score
0.001EPSS
In affected versions of WordPress, when uploading themes, the name of the theme folder can be crafted in a way that could lead to JavaScript execution in /wp-admin on the themes page. This does require an admin to upload the theme, and is low severity self-XSS. This has been patched in version...
2.4CVSS
4.9AI Score
0.001EPSS
In affected versions of WordPress, authenticated users with upload permissions (like authors) are able to inject JavaScript into some media file attachment pages in a certain way. This can lead to script execution in the context of a higher privileged user when the file is viewed by them. This has....
6.8CVSS
6.4AI Score
0.001EPSS
In affected versions of WordPress, files with a specially crafted name when uploaded to the Media section can lead to script execution upon accessing the file. This requires an authenticated user with privileges to upload files. This has been patched in version 5.4.1, along with all the previously....
8.7CVSS
5.8AI Score
0.003EPSS
In affected versions of WordPress, some private posts, which were previously public, can result in unauthenticated disclosure under a specific set of conditions. This has been patched in version 5.4.1, along with all the previously affected versions via a minor release (5.3.3, 5.2.6, 5.1.5, 5.0.9,....
7.5CVSS
7.5AI Score
0.003EPSS
In affected versions of WordPress, a password reset link emailed to a user does not expire upon changing the user password. Access would be needed to the email account of the user by a malicious party for successful execution. This has been patched in version 5.4.1, along with all the previously...
8.1CVSS
7.8AI Score
0.008EPSS
In affected versions of WordPress, a vulnerability in the stats() method of class-wp-object-cache.php can be exploited to execute cross-site scripting (XSS) attacks. This has been patched in version 5.4.1, along with all the previously affected versions via a minor release (5.3.3, 5.2.6, 5.1.5,...
6.1CVSS
6.2AI Score
0.009EPSS
In affected versions of WordPress, a special payload can be crafted that can lead to scripts getting executed within the search block of the block editor. This requires an authenticated user with the ability to add content. This has been patched in version 5.4.1, along with all the previously...
6.4CVSS
5.3AI Score
0.001EPSS
In affected versions of WordPress, a cross-site scripting (XSS) vulnerability in the navigation section of Customizer allows JavaScript code to be executed. Exploitation requires an authenticated user. This has been patched in version 5.4.1, along with all the previously affected versions via a...
5.8CVSS
5.1AI Score
0.002EPSS
LearnPress Wordpress plugin version prior and including 3.2.6.7 is vulnerable to SQL...
8.8CVSS
8.9AI Score
0.118EPSS
The users-customers-import-export-for-wp-woocommerce plugin before 1.3.9 for WordPress allows subscribers to import administrative accounts via...
8.8CVSS
8.7AI Score
0.001EPSS
The GTranslate plugin before 2.8.52 for WordPress has Reflected XSS via a crafted link. This requires use of the hreflang tags feature within a sub-domain or sub-directory paid...
6.1CVSS
5.8AI Score
0.003EPSS
LearnDash Wordpress plugin version below 3.1.6 is vulnerable to Unauthenticated SQL...
9.8CVSS
9.5AI Score
0.001EPSS
LifterLMS Wordpress plugin version below 3.37.15 is vulnerable to arbitrary file write leading to remote code...
9.8CVSS
9.8AI Score
0.012EPSS
An issue was discovered in the File Upload plugin before 4.13.0 for WordPress. A directory traversal can lead to remote code execution by uploading a crafted txt file into the lib directory, because of a wfu_include_lib...
9.8CVSS
9.6AI Score
0.053EPSS
The ThemeREX Addons plugin before 2020-03-09 for WordPress lacks access control on the /trx_addons/v2/get/sc_layout REST API endpoint, allowing for PHP functions to be executed by any users, because includes/plugin.rest-api.php calls trx_addons_rest_get_sc_layout with an unsafe sc...
9.8CVSS
9.4AI Score
0.101EPSS
Multiple security bypass vulnerabilities in the editAnswer, deleteAnswer, addAnswer, and deletePoll functions in WordPress Poll Plugin 34.5 for WordPress allow a remote attacker to add, edit, and delete an answer and delete a...
9.8CVSS
9.5AI Score
0.071EPSS
Multiple SQL injection vulnerabilities in CWPPoll.js in WordPress Poll Plugin 34.5 for WordPress allow attackers to execute arbitrary SQL commands via the pollid or poll_id parameter in a viewPollResults or userlogs...
9.8CVSS
10AI Score
0.053EPSS
wp_kses_bad_protocol in wp-includes/kses.php in WordPress before 5.3.1 mishandles the HTML5 colon named entity, allowing attackers to bypass input sanitization, as demonstrated by the javascript:...
9.8CVSS
9.2AI Score
0.009EPSS
In wp-includes/formatting.php in WordPress 3.7 to 5.3.0, the function wp_targeted_link_rel() can be used in a particular way to result in a stored cross-site scripting (XSS) vulnerability. This has been patched in WordPress 5.3.1, along with all the previous WordPress versions from 3.7 to 5.3 via.....
6.1CVSS
6.7AI Score
0.002EPSS
In in wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php in WordPress 3.7 to 5.3.0, authenticated users who do not have the rights to publish a post are able to mark posts as sticky or unsticky via the REST API. For example, the contributor role does not have such rights, but this...
4.3CVSS
6.2AI Score
0.003EPSS
WordPress users with lower privileges (like contributors) can inject JavaScript code in the block editor using a specific payload, which is executed within the dashboard. This can lead to XSS if an admin opens the post in the editor. Execution of this attack does require an authenticated user....
5.8CVSS
6.8AI Score
0.002EPSS
In WordPress before 5.3.1, authenticated users with lower privileges (like contributors) can inject JavaScript code in the block editor, which is executed within the dashboard. It can lead to an admin opening the affected post in the editor leading to...
5.8CVSS
7AI Score
0.002EPSS
WordPress before 5.2.4 is vulnerable to poisoning of the cache of JSON GET requests because certain requests lack a Vary: Origin...
7.5CVSS
8.3AI Score
0.004EPSS
WordPress before 5.2.4 is vulnerable to a stored XSS attack to inject JavaScript into STYLE...
6.1CVSS
7.1AI Score
0.012EPSS
WordPress before 5.2.4 does not properly consider type confusion during validation of the referer in the admin pages, possibly leading to...
8.8CVSS
9AI Score
0.002EPSS
WordPress before 5.2.4 is vulnerable to stored XSS (cross-site scripting) via the...
5.4CVSS
6.8AI Score
0.002EPSS
WordPress before 5.2.4 has a Server Side Request Forgery (SSRF) vulnerability because Windows paths are mishandled during certain validation of relative...
9.8CVSS
9.3AI Score
0.007EPSS
WordPress before 5.2.4 has a Server Side Request Forgery (SSRF) vulnerability because URL validation does not consider the interpretation of a name as a series of hex...
9.8CVSS
9.3AI Score
0.015EPSS
In WordPress before 5.2.4, unauthenticated viewing of certain content is possible because the static query property is...
5.3CVSS
7AI Score
0.016EPSS
The wordpress-meta-robots plugin through 2.1 for WordPress has wp-admin/post-new.php text SQL...
8.8CVSS
9.1AI Score
0.002EPSS
Cross-site request forgery (CSRF) vulnerability in WordPress Ultra Simple Paypal Shopping Cart v4.4 and earlier allows remote attackers to hijack the authentication of administrators via unspecified...
8.8CVSS
8.8AI Score
0.002EPSS