WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact
WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Vulnerabilities

WordPress 1.5.1.2 Vulnerabilities

Version released on 2005-05-27

downloadDownload tar
downloadDownload zip
2019-09-05
WordPress <= 5.2.2 - Cross-Site Scripting (XSS) in URL Sanitisation
Fixed in version 5.2.3
2018-06-27
WordPress <= 4.9.6 - Authenticated Arbitrary File Deletion
No known fix
2018-02-05
WordPress <= 4.9.4 - Application Denial of Service (DoS) (unpatched)
No known fix
2017-11-29
WordPress 1.5.0-4.9 - RSS and Atom Feed Escaping
Fixed in version 4.9.1
2017-01-11
WordPress <= 4.7 - Post via Email Checks mail.example.com by Default
Fixed in version 4.7.1
2015-02-03
WordPress <= 1.5.1.2 - XML-RPC SQL Injection
Fixed in version 1.5.1.3
2014-11-30
WordPress <= 4.0 - Server Side Request Forgery (SSRF)
Fixed in version 4.0.1
2014-11-20
WordPress <= 4.0 - Long Password Denial of Service (DoS)
Fixed in version 4.0.1
2014-08-01
Wordpress 1.5.1 - 2.0.2 wp-register.php Multiple Parameter XSS
Fixed in version 2.0.2
2014-08-01
WordPress 1.5.1-3.5 - XML-RPC Pingback API Internal/External Port Scanning
Fixed in version 3.5.1
2014-08-01
WordPress 1.5.1-3.5 - XML-RPC Pingback Additional Issues
No known fix
2005-06-30
WordPress <= 1.5.1.2 - Multiple Cross-Site Scripting (XSS)
No known fix
2005-06-29
WordPress <= 1.5.1.2 - XML-RPC Eval Injection
No known fix
2005-05-07
WordPress <= 1.5.1.2 - Email Spoofing
No known fix
WPScan

Vulnerabilities

WordPressPluginsThemesOur StatsSubmit vulnerabilities

About

How it worksPricingWordPress pluginNewsContact

For Developers

StatusAPI detailsCLI scanner

Other

PrivacyTerms of serviceSubmission termsDisclosure policyPrivacy Notice for California Users
jetpackIn partnership with Jetpack
githubtwitterfacebook
Angithubendeavor
Work With Us