WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Vulnerabilities

WordPress 5.7.1 Vulnerabilities

Version released on 2021-04-15

downloadDownload tar
downloadDownload zip
2022-08-30
WP < 6.0.2 - Reflected Cross-Site Scripting
Fixed in version 5.7.7
2022-08-30
WP < 6.0.2 - Authenticated Stored Cross-Site Scripting
Fixed in version 5.7.7
2022-08-30
WP < 6.0.2 - SQLi via Link API
Fixed in version 5.7.7
2022-03-11
WordPress < 5.9.2 - Prototype Pollution in jQuery
Fixed in version 5.7.6
2022-03-11
WordPress < 5.9.2 / Gutenberg < 12.7.2 - Prototype Pollution via Gutenberg’s wordpress/url package
Fixed in version 5.7.6
2022-01-06
WordPress < 5.8.3 - SQL Injection via WP_Query
Fixed in version 5.7.5
2022-01-06
WordPress < 5.8.3 - Author+ Stored XSS via Post Slugs
Fixed in version 5.7.5
2022-01-06
WordPress 4.1-5.8.2 - SQL Injection via WP_Meta_Query
Fixed in version 5.7.5
2022-01-06
WordPress < 5.8.3 - Super Admin Object Injection in Multisites
Fixed in version 5.7.5
2021-11-10
WordPress < 5.8.2 - Expired DST Root CA X3 Certificate
Fixed in version 5.7.4
2021-09-09
WordPress 5.4 to 5.8 - Lodash Library Update
Fixed in version 5.7.3
2021-09-09
WordPress 5.4 to 5.8 - Authenticated XSS in Block Editor
Fixed in version 5.7.3
2021-09-09
WordPress 5.4 to 5.8 - Data Exposure via REST API
Fixed in version 5.7.3
2021-05-13
WordPress 3.7 to 5.7.1 - Object Injection in PHPMailer
Fixed in version 5.7.2