WPScan
How it works
Pricing
Vulnerabilities
WordPress
Plugins
Themes
Stats
Submit vulnerabilities
For developers
Status
API details
CLI scanner
Contact
Login
Get started
WPScan
How it works
Pricing
Vulnerabilities
WordPress
Plugins
Themes
Stats
Submit vulnerabilities
For developers
Status
API details
CLI scanner
Contact
Login
Get started
WordPress Vulnerabilities
WordPress 5.7.1 Vulnerabilities
Version released on 2021-04-15
Download tar
Download zip
2022-03-11
WordPress < 5.9.2 - Prototype Pollution in jQuery
Fixed in version 5.7.6
2022-03-11
WordPress < 5.9.2 / Gutenberg < 12.7.2 - Prototype Pollution via Gutenberg’s wordpress/url package
Fixed in version 5.7.6
2022-01-06
WordPress < 5.8.3 - SQL Injection via WP_Query
Fixed in version 5.7.5
2022-01-06
WordPress < 5.8.3 - Author+ Stored XSS via Post Slugs
Fixed in version 5.7.5
2022-01-06
WordPress 4.1-5.8.2 - SQL Injection via WP_Meta_Query
Fixed in version 5.7.5
2022-01-06
WordPress < 5.8.3 - Super Admin Object Injection in Multisites
Fixed in version 5.7.5
2021-11-10
WordPress < 5.8.2 - Expired DST Root CA X3 Certificate
Fixed in version 5.7.4
2021-09-09
WordPress 5.4 to 5.8 - Lodash Library Update
Fixed in version 5.7.3
2021-09-09
WordPress 5.4 to 5.8 - Authenticated XSS in Block Editor
Fixed in version 5.7.3
2021-09-09
WordPress 5.4 to 5.8 - Data Exposure via REST API
Fixed in version 5.7.3
2021-05-13
WordPress 3.7 to 5.7.1 - Object Injection in PHPMailer
Fixed in version 5.7.2
Download tar
Fixed in version 5.7.6Fixed in version 5.7.6