Vulnerabilities > Wordpress > High

DATE CVE VULNERABILITY TITLE RISK
2023-06-04 CVE-2013-10027 Cross-Site Request Forgery (CSRF) vulnerability in Wordpress Blogger Importer 0.5
A vulnerability was found in Blogger Importer Plugin up to 0.5 on WordPress.
network
low complexity
wordpress CWE-352
8.8
8.8
2023-05-25 CVE-2022-47174 Cross-Site Request Forgery (CSRF) vulnerability in Wordpress Performance LAB
Cross-Site Request Forgery (CSRF) vulnerability in WordPress Performance Team Performance Lab plugin <= 2.2.0 versions.
network
low complexity
wordpress CWE-352
8.8
8.8
2023-05-25 CVE-2022-47161 Cross-Site Request Forgery (CSRF) vulnerability in Wordpress Health Check & Troubleshooting
Cross-Site Request Forgery (CSRF) vulnerability in The WordPress.Org community Health Check & Troubleshooting plugin <= 1.5.1 versions.
network
low complexity
wordpress CWE-352
8.8
8.8
2022-01-06 CVE-2022-21661 SQL Injection vulnerability in multiple products
WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database.
network
low complexity
wordpress fedoraproject debian CWE-89
7.5
7.5
2022-01-06 CVE-2022-21663 Deserialization of Untrusted Data vulnerability in multiple products
WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database.
network
low complexity
wordpress debian fedoraproject CWE-502
7.2
7.2
2022-01-06 CVE-2022-21664 SQL Injection vulnerability in multiple products
WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database.
network
low complexity
wordpress debian fedoraproject CWE-89
8.8
8.8
2021-11-25 CVE-2021-44223 Unspecified vulnerability in Wordpress
WordPress before 5.8 lacks support for the Update URI plugin header.
network
low complexity
wordpress
7.5
7.5
2021-04-27 CVE-2021-29476 Deserialization of Untrusted Data vulnerability in Wordpress Requests 1.6.0/1.6.1/1.7.0
Requests is a HTTP library written in PHP.
network
low complexity
wordpress CWE-502
7.5
7.5
2020-11-02 CVE-2020-28033 WordPress before 5.5.2 mishandles embeds from disabled sites on a multisite network, as demonstrated by allowing a spam embed.
network
low complexity
wordpress fedoraproject debian
7.5
7.5
2020-04-30 CVE-2020-11027 Operation on a Resource after Expiration or Release vulnerability in multiple products
In affected versions of WordPress, a password reset link emailed to a user does not expire upon changing the user password.
network
low complexity
debian wordpress CWE-672
8.1
8.1