Software
Wordpress Performance LabWordPress Performance Lab Plugin <= 2.2.0 is vulnerable to Cross Site Request Forgery (CSRF)
Wordpress Health Check \& TroubleshootingWordPress Health Check & Troubleshooting Plugin <= 1.5.1 is vulnerable to Cross Site Request Forgery (CSRF)
Debian Debian LinuxAuthenticated Object Injection in Multisites in WordPress
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Debian Debian LinuxWordPress Core WP_Query SQL Injection Information Disclosure Vulnerability
WordPress WordPressWordPress 5.8 beta: Stored Cross-Site Scripting (XSS) vulnerability in widget
debian/wordpressAuthenticated cross-site scripting (XSS) in WordPress editor
Debian Debian LinuxWordPress Authenticated XXE attack when installation is running PHP 8
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Fedoraproject FedoraWordPress before 5.5.2 mishandles embeds from disabled sites on a multisite network, as demonstrated…
WordPress WordPressSpecially crafted filenames in WordPress leading to XSS
Debian Debian LinuxUnauthenticated disclosure of certain private posts in WordPress
WordPress WordPressPassword reset links invalidation issue in WordPress
Snapcreek DuplicatorWordPress Snap Creek Duplicator Plugin File Download Vulnerability
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Debian Debian LinuxWordPress before 5.2.4 is vulnerable to poisoning of the cache of JSON GET requests because certain …
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
WordPress WordPressIn WordPress through 4.9.2, unauthenticated attackers can cause a denial of service (resource consum…
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
debian/wordpresswp-admin/user-new.php in WordPress before 4.9.1 sets the newbloguser key to a string that can be dir…
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
WordPress WordPressThe register_routes function in wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php in…
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
WordPress WordPressWordPress before 4.5.3 allows remote attackers to bypass intended access restrictions and remove a c…
WordPress WordPressThe oEmbed protocol implementation in WordPress before 4.5.3 allows remote attackers to cause a deni…
WordPress WordPressWordPress before 4.5.3 allows remote attackers to bypass intended password-change restrictions by le…
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
WordPress WordPressWordPress before 4.5.3 allows remote attackers to bypass the sanitize_file_name protection mechanism…
WordPress WordPressThe customizer in WordPress before 4.5.3 allows remote attackers to bypass intended redirection rest…
WordPress WordPressOpen redirect vulnerability in the wp_validate_redirect function in wp-includes/pluggable.php in Wor…
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.