WordPress
Plugins
Themes
API
Submit
Login
Register
WordPress 4.2.20 Vulnerabilities
Version released on 2018-04-03
Changelog
Download tar
Download zip
RSS
2019-10-14
WordPress <= 5.2.3 - Stored XSS in Customizer
fixed in version 4.2.25
2019-10-14
WordPress <= 5.2.3 - Unauthenticated View Private/Draft Posts
fixed in version 4.2.25
2019-10-14
WordPress <= 5.2.3 - Stored XSS in Style Tags
fixed in version 4.2.25
2019-10-14
WordPress <= 5.2.3 - JSON Request Cache Poisoning
fixed in version 4.2.25
2019-10-14
WordPress <= 5.2.3 - Server-Side Request Forgery (SSRF) in URL Validation
fixed in version 4.2.25
2019-10-14
WordPress <= 5.2.3 - Admin Referrer Validation
fixed in version 4.2.25
2019-09-05
WordPress <= 5.2.2 - Cross-Site Scripting (XSS) in URL Sanitisation
fixed in version 4.2.24
2019-03-13
WordPress 3.9-5.1 - Comment Cross-Site Scripting (XSS)
fixed in version 4.2.23
2019-02-19
WordPress 3.7-5.0 (except 4.9.9) - Authenticated Code Execution
fixed in version 5.0.1
2018-12-13
WordPress <= 5.0 - Authenticated File Delete
fixed in version 4.2.22
2018-12-13
WordPress <= 5.0 - Authenticated Post Type Bypass
fixed in version 4.2.22
2018-12-13
WordPress <= 5.0 - PHP Object Injection via Meta Data
fixed in version 4.2.22
2018-12-13
WordPress <= 5.0 - Authenticated Cross-Site Scripting (XSS)
fixed in version 4.2.22
2018-12-13
WordPress <= 5.0 - Cross-Site Scripting (XSS) that could affect plugins
fixed in version 4.2.22
2018-12-13
WordPress <= 5.0 - User Activation Screen Search Engine Indexing
fixed in version 4.2.22
2018-12-13
WordPress <= 5.0 - File Upload to XSS on Apache Web Servers
fixed in version 4.2.22
2018-06-27
WordPress <= 4.9.6 - Authenticated Arbitrary File Deletion
fixed in version 4.2.21