Vulnerabilities > Wordpress > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-06-04 | CVE-2013-10027 | Unspecified vulnerability in Wordpress Blogger Importer 0.5 A vulnerability was found in Blogger Importer Plugin up to 0.5 on WordPress. | 8.8 |
| 2023-05-25 | CVE-2022-47174 | Unspecified vulnerability in Wordpress Performance LAB 2.2.0 Cross-Site Request Forgery (CSRF) vulnerability in WordPress Performance Team Performance Lab plugin <= 2.2.0 versions. | 8.8 |
| 2023-05-25 | CVE-2022-47161 | Unspecified vulnerability in Wordpress Health Check & Troubleshooting Cross-Site Request Forgery (CSRF) vulnerability in The WordPress.Org community Health Check & Troubleshooting plugin <= 1.5.1 versions. | 8.8 |
| 2022-01-06 | CVE-2022-21661 | SQL Injection vulnerability in multiple products WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. | 7.5 |
| 2022-01-06 | CVE-2022-21663 | Deserialization of Untrusted Data vulnerability in multiple products WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. | 7.2 |
| 2022-01-06 | CVE-2022-21664 | SQL Injection vulnerability in multiple products WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. | 8.8 |
| 2020-11-02 | CVE-2020-28033 | WordPress before 5.5.2 mishandles embeds from disabled sites on a multisite network, as demonstrated by allowing a spam embed. | 7.5 |
| 2020-04-30 | CVE-2020-11028 | Missing Authentication for Critical Function vulnerability in multiple products In affected versions of WordPress, some private posts, which were previously public, can result in unauthenticated disclosure under a specific set of conditions. | 7.5 |
| 2020-04-30 | CVE-2020-11027 | In affected versions of WordPress, a password reset link emailed to a user does not expire upon changing the user password. | 8.1 |
| 2019-10-17 | CVE-2019-17675 | Type Confusion vulnerability in multiple products WordPress before 5.2.4 does not properly consider type confusion during validation of the referer in the admin pages, possibly leading to CSRF. | 8.8 |