Vulnerabilities > Wordpress > Wordpress > 5.1
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-01-06 | CVE-2022-21663 | Deserialization of Untrusted Data vulnerability in multiple products WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. | 7.2 |
| 2022-01-06 | CVE-2022-21664 | SQL Injection vulnerability in multiple products WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. | 8.8 |
| 2021-11-25 | CVE-2021-44223 | Unspecified vulnerability in Wordpress WordPress before 5.8 lacks support for the Update URI plugin header. | 7.5 |
| 2021-09-09 | CVE-2021-39201 | Cross-site Scripting vulnerability in multiple products WordPress is a free and open-source content management system written in PHP and paired with a MySQL or MariaDB database. | 3.5 |
| 2021-04-28 | CVE-2020-36326 | Deserialization of Untrusted Data vulnerability in multiple products PHPMailer 6.1.8 through 6.4.0 allows object injection through Phar Deserialization via addAttachment with a UNC pathname. | 9.8 |
| 2021-04-15 | CVE-2021-29450 | Information Exposure vulnerability in multiple products Wordpress is an open source CMS. | 4.0 |
| 2020-11-02 | CVE-2020-28040 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products WordPress before 5.5.2 allows CSRF attacks that change a theme's background image. | 4.3 |
| 2020-11-02 | CVE-2020-28039 | is_protected_meta in wp-includes/meta.php in WordPress before 5.5.2 allows arbitrary file deletion because it does not properly determine whether a meta key is considered protected. | 9.1 |
| 2020-11-02 | CVE-2020-28038 | Cross-site Scripting vulnerability in multiple products WordPress before 5.5.2 allows stored XSS via post slugs. | 6.1 |
| 2020-11-02 | CVE-2020-28037 | Improper Check for Unusual or Exceptional Conditions vulnerability in multiple products is_blog_installed in wp-includes/functions.php in WordPress before 5.5.2 improperly determines whether WordPress is already installed, which might allow an attacker to perform a new installation, leading to remote code execution (as well as a denial of service for the old installation). | 9.8 |