Exposição de WordPress

Blogs, CMS
2.107
score de exposição
2.932.393
sites usam
0
em exploração
176
críticos
Análise Vexday

WordPress acumula 2.381 CVEs catalogadas, com 174 classificadas como críticas e 95 surgidas apenas nos últimos 90 dias, o que indica um fluxo contínuo e elevado de novas vulnerabilidades para a plataforma. A falha mais comum é CWE-79 (Cross-Site Scripting), refletindo a superfície de ataque característica de ambientes com grande volume de plugins e temas de terceiros. Embora a taxa de exploração ativa esteja abaixo da média geral do catálogo CISA KEV, o EPSS máximo observado chega a 0,977, e o CVE-2022-21661 — uma vulnerabilidade de consulta SQL — apresenta EPSS de 0,978, sinalizando altíssima probabilidade de exploração e merecendo atenção prioritária em qualquer plano de remediação. Equipes de segurança devem monitorar ativamente o ritmo de publicações recentes e manter políticas rigorosas de atualização, especialmente em instalações com extensões de terceiros.

CVEs

2.395 resultados
CVE-2025-14802MEDIUMLearnPress – WordPress LMS Plugin <= 4.3.2.2 - Insecure Direct Object Reference to Authenticated (Instructor+) Teacher Material DeletionEPSS 0.3%CVE-2024-12620MEDIUMAnimateGL Animations for WordPress – Elementor & Gutenberg Blocks Animations <= 1.4.23 - Missing Authorization to Unauthenticated Settings UpdateEPSS 0.3%CVE-2025-49403HIGHWordPress Premium Age Verification / Restriction for WordPress Plugin <= 3.0.2 - Arbitrary File Download VulnerabilityEPSS 0.3%CVE-2025-28928HIGHWordPress Are you robot google recaptcha for Wordpress plugin <= 2.2 - Reflected Cross Site Scripting (XSS) vulnerabilityEPSS 0.3%CVE-2024-3977MEDIUMWordPress Jitsi Shortcode <= 0.1 - Admin+ Stored XSSEPSS 0.3%CVE-2023-41129MEDIUMWordPress Patreon WordPress Plugin <= 1.8.6 is vulnerable to Cross Site Request Forgery (CSRF)EPSS 0.3%CVE-2025-6038HIGHLisfinity Core - Lisfinity Core plugin used for pebas® Lisfinity WordPress theme <= 1.4.0 - Authenticated (Subscriber+) Privilege EscalationEPSS 0.3%CVE-2022-44741MEDIUMWordPress Testimonial Slider plugin <= 1.3.1 - Cross-Site Request Forgery (CSRF) vulnerabilityEPSS 0.3%CVE-2022-41136MEDIUMWordPress Shortcodes Ultimate plugin <= 5.12.0 - CSRF vulnerability leading to Stored XSSEPSS 0.3%CVE-2022-25608MEDIUMWordPress Yoo Slider – Image Slider & Video Slider plugin <= 2.0.0 - Cross-Site Request Forgery (CSRF) vulnerability leading to slider Duplicate/DeleteEPSS 0.3%CVE-2022-37411MEDIUMWordPress Captcha Code plugin <= 2.7 - Cross-Site Request Forgery (CSRF) vulnerabilityEPSS 0.3%CVE-2024-1809MEDIUMAnalytify – Google Analytics Dashboard For WordPress (GA4 analytics made easy) <= 5.2.3 - Missing AuthorizationEPSS 0.3%CVE-2022-36388MEDIUMWordPress YDS Support Ticket System plugin <= 1.0 - Cross-Site Request Forgery (CSRF) vulnerabilityEPSS 0.3%CVE-2024-11134MEDIUMEventer <= 3.9.9 - Missing Authorization to Authenticated (Subscriber+) Bookings ExportEPSS 0.3%CVE-2025-6080HIGHWPGYM <= 67.7.0 - Missing Authorization to Admin Account CreationEPSS 0.3%CVE-2026-7052HIGHHT Contact Form <= 2.8.2 - Unauthenticated Stored Cross-Site Scripting via File Upload FieldEPSS 0.3%CVE-2024-47386HIGHWordPress WP Extended plugin <= 3.0.8 - Reflected Cross Site Scripting (XSS) vulnerabilityEPSS 0.3%CVE-2024-13411MEDIUMZapier for WordPress <= 1.5.1 - Authenticated (Subscriber+) Blind Server-Side Request Forgery via updated_user FunctionEPSS 0.3%CVE-2022-1787Sideblog <= 6.0 - Arbitrary Settings Update via CSRF to Stored XSSEPSS 0.3%CVE-2022-1780LaTeX for WordPress <= 3.4.10 - Arbitrary Settings Update via CSRF to Stored XSSEPSS 0.3%