WordPress Vulnerabilities

Version released on 2022-08-30

Download tar

Download zip

2022-12-13

WP <= 6.1.1 - Unauthenticated Blind SSRF via DNS Rebinding

No known fix

2022-10-17

WP < 6.0.3 - Stored XSS via wp-mail.php

Fixed in version 6.0.3

2022-10-17

WP < 6.0.3 - Open Redirect via wp_nonce_ays

Fixed in version 6.0.3

2022-10-17

WP < 6.0.3 - Email Address Disclosure via wp-mail.php

Fixed in version 6.0.3

2022-10-17

WP < 6.0.3 - Reflected XSS via SQLi in Media Library

Fixed in version 6.0.3

2022-10-17

WP < 6.0.3 - CSRF in wp-trackback.php

Fixed in version 6.0.3

2022-10-17

WP < 6.0.3 - Stored XSS via the Customizer

Fixed in version 6.0.3

2022-10-17

WP < 6.0.3 - Stored XSS via Comment Editing

Fixed in version 6.0.3

2022-10-17

WP < 6.0.3 - Content from Multipart Emails Leaked

Fixed in version 6.0.3

2022-10-17

WP < 6.0.3 - SQLi in WP_Date_Query

Fixed in version 6.0.3

2022-10-17

WP < 6.0.3 - Stored XSS via RSS Widget

Fixed in version 6.0.3

2022-10-17

WP < 6.0.3 - Data Exposure via REST Terms/Tags Endpoint

Fixed in version 6.0.3

2022-10-17

WP < 6.0.3 - Multiple Stored XSS via Gutenberg

Fixed in version 6.0.3