Vulnerabilities in Wordpress
33 resultsCVE-2019-16780MEDIUMStored cross-site scripting (XSS) in WordPress block editorEPSS 1.7%CVE-2020-11025MEDIUMAuthenticated cross-site scripting (XSS) in WordPress CustomizerEPSS 1.5%CVE-2021-39201HIGHAuthenticated cross-site scripting (XSS) in WordPress editorEPSS 1.5%CVE-2020-11030MEDIUMCross-site scripting (XSS) in Search block in WordPressEPSS 1.4%CVE-2019-16781MEDIUMStored cross-site scripting (XSS) in WordPress block editorEPSS 1.4%CVE-2024-31210HIGHPHP file upload bypass via Plugin installerEPSS 0.9%CVE-2021-39203MEDIUMPrivate data disclosure/privilege escalation through the block editor in WordpressEPSS 0.9%CVE-2021-39202HIGHWordPress 5.8 beta: Stored Cross-Site Scripting (XSS) vulnerability in widgetEPSS 0.8%CVE-2025-54352LOWWordPress 3.5 through 6.8.2 allows remote attackers to guess titles of private and draft posts via pingback.ping XML-RPC requests. NOTE: theEPSS 0.3%CVE-2023-54333HIGHSocial-Share-Buttons 2.2.3 - SQL Injection via project_id ParameterEPSS 0.3%CVE-2025-58246MEDIUMWordPress <= 6.8.2 - (Contributor+) Sensitive Data Exposure VulnerabilityEPSS 0.3%CVE-2020-37233MEDIUMWordPress Plugin Buddypress 6.2.0 Persistent Cross-Site ScriptingEPSS 0.2%CVE-2025-58674MEDIUMWordPress <= 6.8.2 - (Author+) Cross Site Scripting (XSS) VulnerabilityEPSS 0.2%