Known vulnerabilities in WordPress.ORG WordPress 4.2.2

Vendor: WordPress.ORG

Website: https://wordpress.org/

Total Security Bulletins: 37

Security bulletins (37)

Secuity bulletin	Severity	Status	Published
SB2025100716: Multiple vulnerabilities in WordPress	Medium	Patched	07.10.2025
SB20240625118: Multiple vulnerabilities in WordPress	Medium	Patched	25.06.2024
SB2024020115: Multiple vulnerabilities in WordPress	High	Patched	01.02.2024
SB2023101623: Multiple vulnerabilities in WordPress	High	Patched Public exploit	16.10.2023
SB2023051804: Multiple vulnerabilities in WordPress	Medium	Patched	18.05.2023
SB2022122820: SSRF in WordPress	Medium	Not patched Public exploit	28.12.2022
SB2022102523: Multiple vulnerabilities in WordPress	High	Patched	25.10.2022
SB2022091414: Multiple vulnerabilities in WordPress	High	Patched	14.09.2022
SB2022031103: Multiple vulnerabilities in WordPress	Medium	Patched	11.03.2022
SB2022010706: Multiple vulnerabilities in WordPress	High	Patched Public exploit	07.01.2022
SB2020103007: Multiple vulnerabilities in WordPress	High	Patched Public exploit	30.10.2020
SB2020042920: Multiple vulnerabilities in WordPress	High	Patched Public exploit	29.04.2020
SB2019121301: Multiple vulnerabilities in WordPress	Low	Patched	13.12.2019
SB2019101505: Multiple vulnerabilities in WordPress	Medium	Patched Public exploit	15.10.2019
SB2019031311: Stored XSS in WordPress comments functionality	Medium	Patched	13.03.2019
SB2019022008: Remote code execution in WordPress	High	Patched Public exploit	20.02.2019
SB2018121308: Multiple vulnerabilities in WordPress	Low	Patched Public exploit	13.12.2018
SB2018062705: Arbitrary file deletion in WordPress	Low	Patched Public exploit	27.06.2018
SB2018062713: Arbitrary file deletion in WordPress WordPress	Low	Patched Public exploit	27.06.2018
SB2018020505: Denial of service in WordPress	Low	Patched Public exploit	05.02.2018
SB2018020514: Resource exhaustion in WordPress WordPress	Low	Patched Public exploit	05.02.2018
SB2017112913: Multiple vulnerabilities in WordPress	Low	Patched	29.11.2017
SB2017112935: Insufficient randomization in WordPress WordPress	Low	Patched	29.11.2017
SB2017112936: Cross-site scripting in WordPress WordPress	Low	Patched	29.11.2017
SB2017112937: Cross-site scripting in WordPress WordPress	Low	Patched	29.11.2017
SB2017112938: Improper access control in WordPress WordPress	Low	Patched	29.11.2017
SB2017103106: SQL injection in WordPress	Medium	Patched	31.10.2017
SB2017103115: SQL injection in WordPress WordPress	Medium	Patched	31.10.2017
SB2017091907: Multiple vulnerabilities in WordPress	Low	Patched	19.09.2017
SB2016090704: Directory traversal and XSS in WordPress	Medium	Patched	07.09.2016
SB2016090705: Directory traversal in upgrade package uploader in WordPress WordPress	Medium	Patched	07.09.2016
SB2016090706: Cross-site scripting in /wp-admin/includes/media.php script in WordPress WordPress	Low	Patched	07.09.2016
SB2016082001: Path traversal and CSRF in wp_ajax_update_plugin() in WordPress WordPress	Medium	Patched Public exploit	20.08.2016
SB2016081806: CSRF in WordPress	Medium	Patched Public exploit	18.08.2016
SB2012070323: Buffer overflow in gimp (Alpine package)	Medium	Patched	03.07.2012