WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Vulnerabilities

WordPress 5.5 Vulnerabilities

Version released on 2020-08-11

downloadDownload tar
downloadDownload zip
2022-03-11
WordPress < 5.9.2 - Prototype Pollution in jQuery
Fixed in version 5.5.9
2022-01-06
WordPress < 5.8.3 - Super Admin Object Injection in Multisites
Fixed in version 5.5.8
2022-01-06
WordPress 4.1-5.8.2 - SQL Injection via WP_Meta_Query
Fixed in version 5.5.8
2022-01-06
WordPress < 5.8.3 - Author+ Stored XSS via Post Slugs
Fixed in version 5.5.8
2022-01-06
WordPress < 5.8.3 - SQL Injection via WP_Query
Fixed in version 5.5.8
2021-11-25
WordPress < 5.8 - Plugin Confusion
Fixed in version 5.8
2021-11-10
WordPress < 5.8.2 - Expired DST Root CA X3 Certificate
Fixed in version 5.5.7
2021-09-09
WordPress 5.4 to 5.8 - Lodash Library Update
Fixed in version 5.5.6
2021-09-09
WordPress 5.4 to 5.8 - Data Exposure via REST API
Fixed in version 5.5.6
2021-09-09
WordPress 5.4 to 5.8 - Authenticated XSS in Block Editor
Fixed in version 5.5.6
2021-05-13
WordPress 3.7 to 5.7.1 - Object Injection in PHPMailer
Fixed in version 5.5.5
2021-04-15
WordPress 4.7-5.7 - Authenticated Password Protected Pages Exposure
Fixed in version 5.5.4
2020-10-29
WordPress < 5.5.2 - Hardening Deserialization Requests
Fixed in version 5.5.2
2020-10-29
WordPress < 5.5.2 - Cross-Site Request Forgery (CSRF) to Change Theme Background
Fixed in version 5.5.2
2020-10-29
WordPress < 5.5.2 - Protected Meta That Could Lead to Arbitrary File Deletion
Fixed in version 5.5.2
2020-10-29
WordPress < 5.5.2 - Stored XSS in Post Slugs
Fixed in version 5.5.2
2020-10-29
WordPress < 5.5.2 - Unauthenticated DoS Attack to RCE
Fixed in version 5.5.2
2020-10-29
WordPress < 5.5.2 - XML-RPC Privilege Escalation
Fixed in version 5.5.2
2020-10-29
WordPress < 5.5.2 - Cross-Site Scripting (XSS) via Global Variables
Fixed in version 5.5.2
2020-10-29
WordPress < 5.5.2 - Disable Spam Embeds from Disabled Sites on a Multisite Network
Fixed in version 5.5.2