Vulnerabilities > Wordpress
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-01-05 | CVE-2023-22622 | Resource Exhaustion vulnerability in Wordpress WordPress through 6.1.1 depends on unpredictable client visits to cause wp-cron.php execution and the resulting security updates, and the source code describes "the scenario where a site may not receive enough visits to execute scheduled tasks in a timely manner," but neither the installation guide nor the security guide mentions this default behavior, or alerts the user about security risks on installations with very few visits. | 7.5 |
| 2022-12-14 | CVE-2022-3590 | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Wordpress 4.1 WordPress is affected by an unauthenticated blind SSRF in the pingback feature. | 5.9 |
| 2022-12-05 | CVE-2022-43497 | Cross-site Scripting vulnerability in Wordpress Cross-site scripting vulnerability in WordPress versions prior to 6.0.3 allows a remote unauthenticated attacker to inject an arbitrary script . | 6.1 |
| 2022-12-05 | CVE-2022-43500 | Cross-site Scripting vulnerability in Wordpress Cross-site scripting vulnerability in WordPress versions prior to 6.0.3 allows a remote unauthenticated attacker to inject an arbitrary script . | 6.1 |
| 2022-12-05 | CVE-2022-43504 | Improper Authentication vulnerability in Wordpress Improper authentication vulnerability in WordPress versions prior to 6.0.3 allows a remote unauthenticated attacker to obtain the email address of the user who posted a blog using the WordPress Post by Email Feature. | 5.3 |
| 2022-10-17 | CVE-2020-35539 | Improper Input Validation vulnerability in Wordpress 5.1 A flaw was found in Wordpress 5.1. | 9.8 |
| 2022-04-18 | CVE-2011-1762 | Incorrect Default Permissions vulnerability in Wordpress A flaw exists in Wordpress related to the 'wp-admin/press-this.php 'script improperly checking user permissions when publishing posts. | 4.0 |
| 2022-01-06 | CVE-2022-21661 | SQL Injection vulnerability in multiple products WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. | 5.0 |
| 2022-01-06 | CVE-2022-21662 | Cross-site Scripting vulnerability in multiple products WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. | 3.5 |
| 2022-01-06 | CVE-2022-21663 | Injection vulnerability in multiple products WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. | 6.5 |