📦 Wordpress
by Wordpress
🔍 What is Wordpress?
Description coming soon...
🛡️ Security Overview
Click on a severity to filter vulnerabilities
⚠️ Known Vulnerabilities
This vulnerability in PHPMailer allows remote attackers to execute arbitrary code through object injection via Phar deserialization when using UNC pathnames in addAttachment. It affects PHPMailer vers...
This vulnerability in WordPress allows authenticated users with author-level permissions to delete arbitrary files on the server due to improper validation of protected meta keys. It affects all WordP...
CVE-2020-28032 is a critical deserialization vulnerability in WordPress that allows remote code execution. It affects WordPress sites before version 5.5.2 by exploiting improper handling of serialized...
CVE-2020-28035 is a privilege escalation vulnerability in WordPress that allows attackers to gain administrative access via XML-RPC. This affects WordPress installations before version 5.5.2. Any Word...
This vulnerability in WordPress allows attackers to trigger a fresh installation on an already installed WordPress site, potentially leading to remote code execution and denial of service. It affects ...
WordPress Core has a stored XSS vulnerability in the Avatar block that allows attackers to inject malicious scripts via user display names. Authenticated attackers with contributor access or higher ca...
CVE-2022-21664 is an SQL injection vulnerability in WordPress caused by insufficient input sanitization in a core class. This allows attackers to execute arbitrary SQL queries against the database. Al...
CVE-2022-21661 is an SQL injection vulnerability in WordPress's WP_Query class due to improper input sanitization. This allows attackers to execute arbitrary SQL commands through plugins or themes tha...
This vulnerability allows remote attackers to execute arbitrary code via supply-chain attacks against WordPress installations. Attackers can trick WordPress into updating plugins from malicious reposi...
This vulnerability allows authenticated low-privileged WordPress users (like contributors or authors) to execute cross-site scripting (XSS) attacks in the editor, bypassing the 'unfiltered_html' permi...
WordPress users with file upload permissions (like Authors) can exploit an XML parsing vulnerability in the Media Library to perform XXE attacks when PHP 8 is used. This allows attackers to read inter...