WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact
WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Vulnerabilities

WordPress 5.5 Vulnerabilities

Version released on 2020-08-11

downloadDownload tar
downloadDownload zip
2022-03-11
WordPress < 5.9.2 - Prototype Pollution in jQuery
Fixed in version 5.5.9
2022-01-06
WordPress < 5.8.3 - Super Admin Object Injection in Multisites
Fixed in version 5.5.8
2022-01-06
WordPress 4.1-5.8.2 - SQL Injection via WP_Meta_Query
Fixed in version 5.5.8
2022-01-06
WordPress < 5.8.3 - Author+ Stored XSS via Post Slugs
Fixed in version 5.5.8
2022-01-06
WordPress < 5.8.3 - SQL Injection via WP_Query
Fixed in version 5.5.8
2021-11-25
WordPress < 5.8 - Plugin Confusion
Fixed in version 5.8
2021-11-10
WordPress < 5.8.2 - Expired DST Root CA X3 Certificate
Fixed in version 5.5.7
2021-09-09
WordPress 5.4 to 5.8 - Lodash Library Update
Fixed in version 5.5.6
2021-09-09
WordPress 5.4 to 5.8 - Data Exposure via REST API
Fixed in version 5.5.6
2021-09-09
WordPress 5.4 to 5.8 - Authenticated XSS in Block Editor
Fixed in version 5.5.6
2021-05-13
WordPress 3.7 to 5.7.1 - Object Injection in PHPMailer
Fixed in version 5.5.5
2021-04-15
WordPress 4.7-5.7 - Authenticated Password Protected Pages Exposure
Fixed in version 5.5.4
2020-10-29
WordPress < 5.5.2 - Hardening Deserialization Requests
Fixed in version 5.5.2
2020-10-29
WordPress < 5.5.2 - Cross-Site Request Forgery (CSRF) to Change Theme Background
Fixed in version 5.5.2
2020-10-29
WordPress < 5.5.2 - Protected Meta That Could Lead to Arbitrary File Deletion
Fixed in version 5.5.2
2020-10-29
WordPress < 5.5.2 - Stored XSS in Post Slugs
Fixed in version 5.5.2
2020-10-29
WordPress < 5.5.2 - Unauthenticated DoS Attack to RCE
Fixed in version 5.5.2
2020-10-29
WordPress < 5.5.2 - XML-RPC Privilege Escalation
Fixed in version 5.5.2
2020-10-29
WordPress < 5.5.2 - Cross-Site Scripting (XSS) via Global Variables
Fixed in version 5.5.2
2020-10-29
WordPress < 5.5.2 - Disable Spam Embeds from Disabled Sites on a Multisite Network
Fixed in version 5.5.2
WPScan

Vulnerabilities

WordPressPluginsThemesOur StatsSubmit vulnerabilities

About

How it worksPricingWordPress pluginNewsContact

For Developers

StatusAPI detailsCLI scanner

Other

PrivacyTerms of serviceDisclosure policy
jetpackIn partnership with Jetpack
githubtwitterfacebook
Angithubendeavor
Work With Us