Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
8 vulnerabilities by WordPress Foundation
CVE-2026-3906 (GCVE-0-2026-3906)
Vulnerability from cvelistv5 – Published: 2026-03-11 09:25 – Updated: 2026-03-11 13:18
VLAI
Title
WordPress 6.9 - 6.9.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Note Creation via REST API
Summary
WordPress core is vulnerable to unauthorized access in versions 6.9 through 6.9.1. The Notes feature (block-level collaboration annotations) was introduced in WordPress 6.9 to allow editorial comments directly on posts in the block editor. However, the REST API `create_item_permissions_check()` method in the comments controller did not verify that the authenticated user has `edit_post` permission on the target post when creating a note. This makes it possible for authenticated attackers with Subscriber-level access to create notes on any post, including posts authored by other users, private posts, and posts in any status.
Severity
4.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-862 - Missing Authorization
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| WordPress Foundation | WordPress |
Affected:
6.9 , ≤ 6.9.1
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-3906",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-11T13:18:15.777023Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-11T13:18:53.880Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "WordPress",
"vendor": "WordPress Foundation",
"versions": [
{
"lessThanOrEqual": "6.9.1",
"status": "affected",
"version": "6.9",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "kaminuma"
}
],
"descriptions": [
{
"lang": "en",
"value": "WordPress core is vulnerable to unauthorized access in versions 6.9 through 6.9.1. The Notes feature (block-level collaboration annotations) was introduced in WordPress 6.9 to allow editorial comments directly on posts in the block editor. However, the REST API `create_item_permissions_check()` method in the comments controller did not verify that the authenticated user has `edit_post` permission on the target post when creating a note. This makes it possible for authenticated attackers with Subscriber-level access to create notes on any post, including posts authored by other users, private posts, and posts in any status."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-11T09:25:44.130Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a69782f0-aa61-4049-8339-7f27f4b6c36b?source=cve"
},
{
"url": "https://core.trac.wordpress.org/changeset/61888"
},
{
"url": "https://core.trac.wordpress.org/browser/trunk/src/wp-includes/rest-api/endpoints/class-wp-rest-comments-controller.php#L562"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-03-10T00:00:00.000Z",
"value": "Disclosed"
}
],
"title": "WordPress 6.9 - 6.9.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Note Creation via REST API"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2026-3906",
"datePublished": "2026-03-11T09:25:44.130Z",
"dateReserved": "2026-03-10T19:52:58.673Z",
"dateUpdated": "2026-03-11T13:18:53.880Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-4973 (GCVE-0-2022-4973)
Vulnerability from cvelistv5 – Published: 2024-10-16 06:43 – Updated: 2026-04-08 17:17
VLAI
Title
WordPress Core < 6.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via use of the_meta(); function
Summary
WordPress Core, in versions up to 6.0.2, is vulnerable to Authenticated Stored Cross-Site Scripting that can be exploited by users with access to the WordPress post and page editor, typically consisting of Authors, Contributors, and Editors making it possible to inject arbitrary web scripts into posts and pages that execute if the the_meta(); function is called on that page.
Severity
4.9 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| WordPress Foundation | WordPress |
Affected:
0 , ≤ 3.6.1
(semver)
Affected: 3.7 , ≤ 3.7.38 (semver) Affected: 3.8 , ≤ 3.8.38 (semver) Affected: 3.9 , ≤ 3.9.36 (semver) Affected: 4.0 , ≤ 4.0.35 (semver) Affected: 4.1 , ≤ 4.1.35 (semver) Affected: 4.2 , ≤ 4.2.32 (semver) Affected: 4.3 , ≤ 4.3.28 (semver) Affected: 4.4 , ≤ 4.4.27 (semver) Affected: 4.5 , ≤ 4.5.26 (semver) Affected: 4.6 , ≤ 4.6.23 (semver) Affected: 4.7 , ≤ 4.7.23 (semver) Affected: 4.8 , ≤ 4.8.19 (semver) Affected: 4.9 , ≤ 4.9.20 (semver) Affected: 5.0 , ≤ 5.0.16 (semver) Affected: 5.1 , ≤ 5.1.13 (semver) Affected: 5.2 , ≤ 5.2.15 (semver) Affected: 5.3 , ≤ 5.3.12 (semver) Affected: 5.4 , ≤ 5.4.10 (semver) Affected: 5.5 , ≤ 5.5.9 (semver) Affected: 5.6 , ≤ 5.6.8 (semver) Affected: 5.7 , ≤ 5.7.6 (semver) Affected: 5.8 , ≤ 5.8.4 (semver) Affected: 5.9 , ≤ 5.9.3 (semver) Affected: 6.0 , ≤ 6.0.1 (semver) |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-4973",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-16T12:59:16.874933Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-16T12:59:35.321Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "WordPress",
"vendor": "WordPress Foundation",
"versions": [
{
"lessThanOrEqual": "3.6.1",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "3.7.38",
"status": "affected",
"version": "3.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "3.8.38",
"status": "affected",
"version": "3.8",
"versionType": "semver"
},
{
"lessThanOrEqual": "3.9.36",
"status": "affected",
"version": "3.9",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.0.35",
"status": "affected",
"version": "4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.1.35",
"status": "affected",
"version": "4.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.2.32",
"status": "affected",
"version": "4.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.3.28",
"status": "affected",
"version": "4.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.4.27",
"status": "affected",
"version": "4.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.5.26",
"status": "affected",
"version": "4.5",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.6.23",
"status": "affected",
"version": "4.6",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.7.23",
"status": "affected",
"version": "4.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.8.19",
"status": "affected",
"version": "4.8",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.9.20",
"status": "affected",
"version": "4.9",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.0.16",
"status": "affected",
"version": "5.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.1.13",
"status": "affected",
"version": "5.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.2.15",
"status": "affected",
"version": "5.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.3.12",
"status": "affected",
"version": "5.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.10",
"status": "affected",
"version": "5.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.5.9",
"status": "affected",
"version": "5.5",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.6.8",
"status": "affected",
"version": "5.6",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.7.6",
"status": "affected",
"version": "5.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.8.4",
"status": "affected",
"version": "5.8",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.9.3",
"status": "affected",
"version": "5.9",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.0.1",
"status": "affected",
"version": "6.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "John Blackbourn"
}
],
"descriptions": [
{
"lang": "en",
"value": "WordPress Core, in versions up to 6.0.2, is vulnerable to Authenticated Stored Cross-Site Scripting that can be exploited by users with access to the WordPress post and page editor, typically consisting of Authors, Contributors, and Editors making it possible to inject arbitrary web scripts into posts and pages that execute if the the_meta(); function is called on that page."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T17:17:09.962Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b5582e89-83e6-4898-b9fe-09eddeb5f7ae?source=cve"
},
{
"url": "https://core.trac.wordpress.org/changeset/53961"
},
{
"url": "https://wordpress.org/news/2022/08/wordpress-6-0-2-security-and-maintenance-release/"
},
{
"url": "https://www.wordfence.com/blog/2022/08/wordpress-core-6-0-2-security-maintenance-release-what-you-need-to-know/"
}
],
"timeline": [
{
"lang": "en",
"time": "2022-08-30T00:00:00.000Z",
"value": "Disclosed"
}
],
"title": "WordPress Core \u003c 6.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via use of the_meta(); function"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2022-4973",
"datePublished": "2024-10-16T06:43:41.734Z",
"dateReserved": "2024-10-15T18:03:44.130Z",
"dateUpdated": "2026-04-08T17:17:09.962Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-6307 (GCVE-0-2024-6307)
Vulnerability from cvelistv5 – Published: 2024-06-25 11:09 – Updated: 2024-08-01 21:33
VLAI
Title
WordPress Core < 6.5.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via HTML API
Summary
WordPress Core is vulnerable to Stored Cross-Site Scripting via the HTML API in various versions prior to 6.5.5 due to insufficient input sanitization and output escaping on URLs. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity
6.4 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| WordPress Foundation | WordPress |
Affected:
5.9 , ≤ 5.9.9
(semver)
Affected: 6.0 , ≤ 6.0.8 (semver) Affected: 6.1 , ≤ 6.1.6 (semver) Affected: 6.2 , ≤ 6.2.5 (semver) Affected: 6.3 , ≤ 6.3.4 (semver) Affected: 6.4 , ≤ 6.4.4 (semver) Affected: 6.5 , ≤ 6.5.4 (semver) |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-6307",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-06T03:09:30.446123Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-06T03:10:01.568Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:33:05.534Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/bc0d36f8-6569-49a1-b722-5cf57c4bb32a?source=cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://wordpress.org/news/2024/06/wordpress-6-5-5/"
},
{
"tags": [
"x_transferred"
],
"url": "https://core.trac.wordpress.org/changeset/58473"
},
{
"tags": [
"x_transferred"
],
"url": "https://core.trac.wordpress.org/changeset/58472"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "WordPress",
"vendor": "WordPress Foundation",
"versions": [
{
"lessThanOrEqual": "5.9.9",
"status": "affected",
"version": "5.9",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.0.8",
"status": "affected",
"version": "6.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.6",
"status": "affected",
"version": "6.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.2.5",
"status": "affected",
"version": "6.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.3.4",
"status": "affected",
"version": "6.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.4.4",
"status": "affected",
"version": "6.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.5.4",
"status": "affected",
"version": "6.5",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Alex Concha"
},
{
"lang": "en",
"type": "finder",
"value": "Dennis Snell"
},
{
"lang": "en",
"type": "finder",
"value": "Grzegorz Zi\u00f3\u0142kowski"
},
{
"lang": "en",
"type": "finder",
"value": "Aaron Jorbin"
}
],
"descriptions": [
{
"lang": "en",
"value": "WordPress Core is vulnerable to Stored Cross-Site Scripting via the HTML API in various versions prior to 6.5.5 due to insufficient input sanitization and output escaping on URLs. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-28T12:28:10.199Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/bc0d36f8-6569-49a1-b722-5cf57c4bb32a?source=cve"
},
{
"url": "https://wordpress.org/news/2024/06/wordpress-6-5-5/"
},
{
"url": "https://core.trac.wordpress.org/changeset/58473"
},
{
"url": "https://core.trac.wordpress.org/changeset/58472"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-06-24T00:00:00.000Z",
"value": "Disclosed"
}
],
"title": "WordPress Core \u003c 6.5.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via HTML API"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-6307",
"datePublished": "2024-06-25T11:09:23.005Z",
"dateReserved": "2024-06-25T11:09:22.494Z",
"dateUpdated": "2024-08-01T21:33:05.534Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-6306 (GCVE-0-2024-6306)
Vulnerability from cvelistv5 – Published: 2024-06-25 11:09 – Updated: 2024-06-25 17:01
VLAI
**REJECT** Accidental Reservation making this a duplicate. Please use CVE-2024-32111.
Show details on NVD website{
"containers": {
"cna": {
"providerMetadata": {
"dateUpdated": "2024-06-25T17:01:00.307Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"rejectedReasons": [
{
"lang": "en",
"value": "**REJECT** Accidental Reservation making this a duplicate. Please use CVE-2024-32111."
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-6306",
"datePublished": "2024-06-25T11:09:22.113Z",
"dateRejected": "2024-06-25T17:01:00.307Z",
"dateReserved": "2024-06-25T11:09:21.616Z",
"dateUpdated": "2024-06-25T17:01:00.307Z",
"state": "REJECTED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-6305 (GCVE-0-2024-6305)
Vulnerability from cvelistv5 – Published: 2024-06-25 11:09 – Updated: 2024-06-25 16:59
VLAI
**REJECT** Accidental Reservation making this a duplicate. Please use CVE-2024-31111.
Show details on NVD website{
"containers": {
"cna": {
"providerMetadata": {
"dateUpdated": "2024-06-25T16:59:45.159Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"rejectedReasons": [
{
"lang": "en",
"value": "**REJECT** Accidental Reservation making this a duplicate. Please use CVE-2024-31111."
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-6305",
"datePublished": "2024-06-25T11:09:21.240Z",
"dateRejected": "2024-06-25T16:59:45.159Z",
"dateReserved": "2024-06-25T11:09:20.608Z",
"dateUpdated": "2024-06-25T16:59:45.159Z",
"state": "REJECTED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-4439 (GCVE-0-2024-4439)
Vulnerability from cvelistv5 – Published: 2024-05-03 05:32 – Updated: 2024-08-01 20:40
VLAI
Summary
WordPress Core is vulnerable to Stored Cross-Site Scripting via user display names in the Avatar block in various versions up to 6.5.2 due to insufficient output escaping on the display name. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. In addition, it also makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that have the comment block present and display the comment author's avatar.
Severity
7.2 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
- CWE-80 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| WordPress Foundation | WordPress |
Affected:
6.0 , ≤ 6.0.7
(semver)
Affected: 6.1 , ≤ 6.1.5 (semver) Affected: 6.2 , ≤ 6.2.4 (semver) Affected: 6.3 , ≤ 6.3.3 (semver) Affected: 6.4 , ≤ 6.4.3 (semver) Affected: 6.5 , ≤ 6.5.1 (semver) |
|
| wordpress | wordpress |
Affected:
6.0 , ≤ 6.5.1
(custom)
cpe:2.3:a:wordpress:wordpress:6.0:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:wordpress:wordpress:6.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wordpress",
"vendor": "wordpress",
"versions": [
{
"lessThanOrEqual": "6.5.1",
"status": "affected",
"version": "6.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-4439",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-09T19:37:57.427844Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-80",
"description": "CWE-80 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:54:08.655Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:40:47.361Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e363c09a-4381-4b3a-951c-9a0ff5669016?source=cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://wordpress.org/news/2024/04/wordpress-6-5-2-maintenance-and-security-release/"
},
{
"tags": [
"x_transferred"
],
"url": "https://core.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=57950%40%2F\u0026new=57950%40%2F\u0026sfp_email=\u0026sfph_mail=#file3"
},
{
"tags": [
"x_transferred"
],
"url": "https://core.trac.wordpress.org/changeset/57951/branches/6.4/src/wp-includes/blocks/avatar.php"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/blog/2024/04/unauthenticated-stored-cross-site-scripting-vulnerability-patched-in-wordpress-core/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "WordPress",
"vendor": "WordPress Foundation",
"versions": [
{
"lessThanOrEqual": "6.0.7",
"status": "affected",
"version": "6.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.5",
"status": "affected",
"version": "6.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.2.4",
"status": "affected",
"version": "6.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.3.3",
"status": "affected",
"version": "6.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.4.3",
"status": "affected",
"version": "6.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.5.1",
"status": "affected",
"version": "6.5",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "John Blackbourn"
},
{
"lang": "en",
"type": "finder",
"value": "Matthew Rollings"
}
],
"descriptions": [
{
"lang": "en",
"value": "WordPress Core is vulnerable to Stored Cross-Site Scripting via user display names in the Avatar block in various versions up to 6.5.2 due to insufficient output escaping on the display name. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. In addition, it also makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that have the comment block present and display the comment author\u0027s avatar."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-03T05:32:34.988Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e363c09a-4381-4b3a-951c-9a0ff5669016?source=cve"
},
{
"url": "https://wordpress.org/news/2024/04/wordpress-6-5-2-maintenance-and-security-release/"
},
{
"url": "https://core.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=57950%40%2F\u0026new=57950%40%2F\u0026sfp_email=\u0026sfph_mail=#file3"
},
{
"url": "https://core.trac.wordpress.org/changeset/57951/branches/6.4/src/wp-includes/blocks/avatar.php"
},
{
"url": "https://www.wordfence.com/blog/2024/04/unauthenticated-stored-cross-site-scripting-vulnerability-patched-in-wordpress-core/"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-04-09T00:00:00.000Z",
"value": "Disclosed"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-4439",
"datePublished": "2024-05-03T05:32:34.988Z",
"dateReserved": "2024-05-02T16:33:12.426Z",
"dateUpdated": "2024-08-01T20:40:47.361Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-5692 (GCVE-0-2023-5692)
Vulnerability from cvelistv5 – Published: 2024-04-05 12:52 – Updated: 2026-04-08 16:59
VLAI
Title
WordPress Core <= 6.4.3 - Sensitive Information Exposure via redirect_guess_404_permalink
Summary
WordPress Core is vulnerable to Sensitive Information Exposure in versions up to, and including, 6.4.3 via the redirect_guess_404_permalink function. This can allow unauthenticated attackers to expose the slug of a custom post whose 'publicly_queryable' post status has been set to 'false'.
Severity
5.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| WordPress Foundation | WordPress |
Affected:
0 , ≤ 6.4.3
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-5692",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-05T13:58:59.450942Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-05T17:22:42.122Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:07:32.642Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6e6f993b-ce09-4050-84a1-cbe9953f36b1?source=cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/WordPress/wordpress-develop/blob/6.3/src/wp-includes/canonical.php#L763"
},
{
"tags": [
"x_transferred"
],
"url": "https://developer.wordpress.org/reference/functions/is_post_publicly_viewable/"
},
{
"tags": [
"x_transferred"
],
"url": "https://developer.wordpress.org/reference/functions/is_post_type_viewable/"
},
{
"tags": [
"x_transferred"
],
"url": "https://core.trac.wordpress.org/changeset/57645"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "WordPress",
"vendor": "WordPress Foundation",
"versions": [
{
"lessThanOrEqual": "6.4.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Francesco Carlucci"
}
],
"descriptions": [
{
"lang": "en",
"value": "WordPress Core is vulnerable to Sensitive Information Exposure in versions up to, and including, 6.4.3 via the redirect_guess_404_permalink function. This can allow unauthenticated attackers to expose the slug of a custom post whose \u0027publicly_queryable\u0027 post status has been set to \u0027false\u0027."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T16:59:40.696Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6e6f993b-ce09-4050-84a1-cbe9953f36b1?source=cve"
},
{
"url": "https://github.com/WordPress/wordpress-develop/blob/6.3/src/wp-includes/canonical.php#L763"
},
{
"url": "https://developer.wordpress.org/reference/functions/is_post_publicly_viewable/"
},
{
"url": "https://developer.wordpress.org/reference/functions/is_post_type_viewable/"
},
{
"url": "https://core.trac.wordpress.org/changeset/57645"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-10-10T00:00:00.000Z",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2024-04-04T00:00:00.000Z",
"value": "Disclosed"
}
],
"title": "WordPress Core \u003c= 6.4.3 - Sensitive Information Exposure via redirect_guess_404_permalink"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2023-5692",
"datePublished": "2024-04-05T12:52:32.816Z",
"dateReserved": "2023-10-20T20:25:15.177Z",
"dateUpdated": "2026-04-08T16:59:40.696Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-2745 (GCVE-0-2023-2745)
Vulnerability from cvelistv5 – Published: 2023-05-17 08:36 – Updated: 2026-04-08 17:31
VLAI
Title
WordPress Core < 6.2.1 - Directory Traversal
Summary
WordPress Core is vulnerable to Directory Traversal in versions up to, and including, 6.2, via the ‘wp_lang’ parameter. This allows unauthenticated attackers to access and load arbitrary translation files. In cases where an attacker is able to upload a crafted translation file onto the site, such as via an upload form, this could be also used to perform a Cross-Site Scripting attack.
Severity
5.4 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
7 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| WordPress Foundation | WordPress |
Affected:
0 , < 4.1.38
(semver)
Affected: 4.2 , < 4.2.35 (semver) Affected: 4.3 , < 4.3.31 (semver) Affected: 4.4 , < 4.4.30 (semver) Affected: 4.5 , < 4.5.29 (semver) Affected: 4.6 , < 4.6.26 (semver) Affected: 4.7 , < 4.7.26 (semver) Affected: 4.8 , < 4.8.22 (semver) Affected: 4.9 , < 4.9.23 (semver) Affected: 5.0 , < 5.0.19 (semver) Affected: 5.1 , < 5.1.16 (semver) Affected: 5.2 , < 5.2.18 (semver) Affected: 5.3 , < 5.3.15 (semver) Affected: 5.4 , < 5.4.13 (semver) Affected: 5.5 , < 5.5.12 (semver) Affected: 5.6 , < 5.6.11 (semver) Affected: 5.7 , < 5.7.9 (semver) Affected: 5.8 , < 5.8.7 (semver) Affected: 5.9 , < 5.9.6 (semver) Affected: 6.0 , < 6.0.4 (semver) Affected: 6.1 , < 6.1.2 (semver) Affected: 6.2 , < 6.2.1 (semver) |
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-04-24T18:22:33.536Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://www.exploit-db.com/exploits/52274"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/edcf46b6-368e-49c0-b2c3-99bf6e2d358f?source=cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://wordpress.org/news/2023/05/wordpress-6-2-1-maintenance-security-release/"
},
{
"tags": [
"x_transferred"
],
"url": "https://core.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=55765%40%2F\u0026new=55765%40%2F\u0026sfp_email=\u0026sfph_mail="
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/172426/WordPress-Core-6.2-XSS-CSRF-Directory-Traversal.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00024.html"
}
],
"title": "CVE Program Container",
"x_generator": {
"engine": "ADPogram 0.0.1"
}
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-2745",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-13T16:22:24.483760Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-13T16:49:16.213Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "WordPress",
"vendor": "WordPress Foundation",
"versions": [
{
"lessThan": "4.1.38",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "4.2.35",
"status": "affected",
"version": "4.2",
"versionType": "semver"
},
{
"lessThan": "4.3.31",
"status": "affected",
"version": "4.3",
"versionType": "semver"
},
{
"lessThan": "4.4.30",
"status": "affected",
"version": "4.4",
"versionType": "semver"
},
{
"lessThan": "4.5.29",
"status": "affected",
"version": "4.5",
"versionType": "semver"
},
{
"lessThan": "4.6.26",
"status": "affected",
"version": "4.6",
"versionType": "semver"
},
{
"lessThan": "4.7.26",
"status": "affected",
"version": "4.7",
"versionType": "semver"
},
{
"lessThan": "4.8.22",
"status": "affected",
"version": "4.8",
"versionType": "semver"
},
{
"lessThan": "4.9.23",
"status": "affected",
"version": "4.9",
"versionType": "semver"
},
{
"lessThan": "5.0.19",
"status": "affected",
"version": "5.0",
"versionType": "semver"
},
{
"lessThan": "5.1.16",
"status": "affected",
"version": "5.1",
"versionType": "semver"
},
{
"lessThan": "5.2.18",
"status": "affected",
"version": "5.2",
"versionType": "semver"
},
{
"lessThan": "5.3.15",
"status": "affected",
"version": "5.3",
"versionType": "semver"
},
{
"lessThan": "5.4.13",
"status": "affected",
"version": "5.4",
"versionType": "semver"
},
{
"lessThan": "5.5.12",
"status": "affected",
"version": "5.5",
"versionType": "semver"
},
{
"lessThan": "5.6.11",
"status": "affected",
"version": "5.6",
"versionType": "semver"
},
{
"lessThan": "5.7.9",
"status": "affected",
"version": "5.7",
"versionType": "semver"
},
{
"lessThan": "5.8.7",
"status": "affected",
"version": "5.8",
"versionType": "semver"
},
{
"lessThan": "5.9.6",
"status": "affected",
"version": "5.9",
"versionType": "semver"
},
{
"lessThan": "6.0.4",
"status": "affected",
"version": "6.0",
"versionType": "semver"
},
{
"lessThan": "6.1.2",
"status": "affected",
"version": "6.1",
"versionType": "semver"
},
{
"lessThan": "6.2.1",
"status": "affected",
"version": "6.2",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Ramuel Gall"
},
{
"lang": "en",
"type": "finder",
"value": "Matt Rusnak"
}
],
"descriptions": [
{
"lang": "en",
"value": "WordPress Core is vulnerable to Directory Traversal in versions up to, and including, 6.2, via the \u2018wp_lang\u2019 parameter. This allows unauthenticated attackers to access and load arbitrary translation files. In cases where an attacker is able to upload a crafted translation file onto the site, such as via an upload form, this could be also used to perform a Cross-Site Scripting attack."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T17:31:40.202Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/edcf46b6-368e-49c0-b2c3-99bf6e2d358f?source=cve"
},
{
"url": "https://wordpress.org/news/2023/05/wordpress-6-2-1-maintenance-security-release/"
},
{
"url": "https://core.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=55765%40%2F\u0026new=55765%40%2F\u0026sfp_email=\u0026sfph_mail="
},
{
"url": "https://www.wordfence.com/blog/2023/05/wordpress-core-6-2-1-security-maintenance-release-what-you-need-to-know/"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-05-16T00:00:00.000Z",
"value": "Disclosed"
}
],
"title": "WordPress Core \u003c 6.2.1 - Directory Traversal"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2023-2745",
"datePublished": "2023-05-17T08:36:44.034Z",
"dateReserved": "2023-05-16T19:53:02.398Z",
"dateUpdated": "2026-04-08T17:31:40.202Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}