WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Vulnerabilities

WordPress 1.5.1.2 Vulnerabilities

Version released on 2005-05-27

downloadDownload tar
downloadDownload zip
2019-09-05
WordPress <= 5.2.2 - Cross-Site Scripting (XSS) in URL Sanitisation
Fixed in version 5.2.3
2018-06-27
WordPress <= 4.9.6 - Authenticated Arbitrary File Deletion
No known fix
2018-02-05
WordPress <= 4.9.4 - Application Denial of Service (DoS) (unpatched)
No known fix
2017-11-29
WordPress 1.5.0-4.9 - RSS and Atom Feed Escaping
Fixed in version 4.9.1
2017-01-11
WordPress <= 4.7 - Post via Email Checks mail.example.com by Default
Fixed in version 4.7.1
2015-02-03
WordPress <= 1.5.1.2 - XML-RPC SQL Injection
Fixed in version 1.5.1.3
2014-11-30
WordPress <= 4.0 - Server Side Request Forgery (SSRF)
Fixed in version 4.0.1
2014-11-20
WordPress <= 4.0 - Long Password Denial of Service (DoS)
Fixed in version 4.0.1
2014-08-01
Wordpress 1.5.1 - 2.0.2 wp-register.php Multiple Parameter XSS
Fixed in version 2.0.2
2014-08-01
WordPress 1.5.1-3.5 - XML-RPC Pingback API Internal/External Port Scanning
Fixed in version 3.5.1
2014-08-01
WordPress 1.5.1-3.5 - XML-RPC Pingback Additional Issues
No known fix
2005-06-30
WordPress <= 1.5.1.2 - Multiple Cross-Site Scripting (XSS)
No known fix
2005-06-29
WordPress <= 1.5.1.2 - XML-RPC Eval Injection
No known fix
2005-05-07
WordPress <= 1.5.1.2 - Email Spoofing
No known fix