Wordpress.Org Wordpress vulnerabilities

5 known vulnerabilities affecting wordpress.org/wordpress.

Total CVEs
5
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
MEDIUM5

Vulnerabilities

Page 1 of 1
CVE-2023-39999MEDIUMCVSS 4.3≥ 6.3, ≤ 6.3.1≥ 6.2, ≤ 6.2.2+21 more2023-10-13
CVE-2023-39999 [MEDIUM] CWE-200 CVE-2023-39999: Exposure of Sensitive Information to an Unauthorized Actor in WordPress from 6.3 through 6.3.1, from Exposure of Sensitive Information to an Unauthorized Actor in WordPress from 6.3 through 6.3.1, from 6.2 through 6.2.2, from 6.1 through 6.13, from 6.0 through 6.0.5, from 5.9 through 5.9.7, from 5.8 through 5.8.7, from 5.7 through 5.7.9, from 5.6 through 5.6.11, from 5.5 through 5.5.12, from 5.4 through 5.4.13, from 5.3 through 5.3.15, from 5.2 thr
nvd
CVE-2023-38000MEDIUMCVSS 5.4≥ 6.3, ≤ 6.3.1≥ 6.2, ≤ 6.2.2+3 more2023-10-13
CVE-2023-38000 [MEDIUM] CWE-79 CVE-2023-38000: Auth. Stored (contributor+) Cross-Site Scripting (XSS) vulnerability in WordPress core 6.3 through 6 Auth. Stored (contributor+) Cross-Site Scripting (XSS) vulnerability in WordPress core 6.3 through 6.3.1, from 6.2 through 6.2.2, from 6.1 through 6.1.3, from 6.0 through 6.0.5, from 5.9 through 5.9.7 and Gutenberg plugin <= 16.8.0 versions.
nvd
CVE-2022-43504MEDIUMCVSS 5.3vversions prior to 6.0.32022-12-05
CVE-2022-43504 [MEDIUM] CWE-287 CVE-2022-43504: Improper authentication vulnerability in WordPress versions prior to 6.0.3 allows a remote unauthent Improper authentication vulnerability in WordPress versions prior to 6.0.3 allows a remote unauthenticated attacker to obtain the email address of the user who posted a blog using the WordPress Post by Email Feature. The developer also provides new patched releases for all versions since 3.7.
nvd
CVE-2022-43500MEDIUMCVSS 6.1vversions prior to 6.0.32022-12-05
CVE-2022-43500 [MEDIUM] CWE-79 CVE-2022-43500: Cross-site scripting vulnerability in WordPress versions prior to 6.0.3 allows a remote unauthentica Cross-site scripting vulnerability in WordPress versions prior to 6.0.3 allows a remote unauthenticated attacker to inject an arbitrary script. The developer also provides new patched releases for all versions since 3.7.
nvd
CVE-2022-43497MEDIUMCVSS 6.1vversions prior to 6.0.32022-12-05
CVE-2022-43497 [MEDIUM] CWE-79 CVE-2022-43497: Cross-site scripting vulnerability in WordPress versions prior to 6.0.3 allows a remote unauthentica Cross-site scripting vulnerability in WordPress versions prior to 6.0.3 allows a remote unauthenticated attacker to inject an arbitrary script. The developer also provides new patched releases for all versions since 3.7.
nvd