Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/995233?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/995233?format=api", "purl": "pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1", "type": "deb", "namespace": "debian", "name": "wordpress", "version": "6.1.9+dfsg1-0+deb12u1", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "6.8.3+dfsg1-0+deb13u1", "latest_non_vulnerable_version": "6.8.3+dfsg1-0+deb13u1", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/92449?format=api", "vulnerability_id": "VCID-gyaq-8pvh-p7gg", "summary": "WordPress through 4.8.2 uses a weak MD5-based password hashing algorithm, which makes it easier for attackers to determine cleartext values by leveraging access to the hash values. NOTE: the approach to changing this may not be fully compatible with certain use cases, such as migration of a WordPress site from a web host that uses a recent PHP version to a different web host that uses PHP 5.2. These use cases are plausible (but very unlikely) based on statistics showing widespread deployment of WordPress with obsolete PHP versions.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-6707", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00182", "scoring_system": "epss", "scoring_elements": "0.39807", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00182", "scoring_system": "epss", "scoring_elements": "0.39887", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00182", "scoring_system": "epss", "scoring_elements": "0.39744", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00182", "scoring_system": "epss", "scoring_elements": "0.39893", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00182", "scoring_system": "epss", "scoring_elements": "0.39921", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00182", "scoring_system": "epss", "scoring_elements": "0.39843", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00182", "scoring_system": "epss", "scoring_elements": "0.39899", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00182", "scoring_system": "epss", "scoring_elements": "0.39912", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00182", "scoring_system": "epss", "scoring_elements": "0.39886", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00182", "scoring_system": "epss", "scoring_elements": "0.39867", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00182", "scoring_system": "epss", "scoring_elements": "0.39917", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-6707" }, { "reference_url": "https://core.trac.wordpress.org/ticket/21022", "reference_id": "", "reference_type": "", "scores": [], "url": "https://core.trac.wordpress.org/ticket/21022" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6707", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6707" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=880868", "reference_id": "880868", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=880868" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2012-6707", "reference_id": "CVE-2012-6707", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:N/A:N" }, { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-6707" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/995234?format=api", "purl": "pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1" } ], "aliases": [ "CVE-2012-6707" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gyaq-8pvh-p7gg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/95884?format=api", "vulnerability_id": "VCID-jghn-eujf-zbdn", "summary": "WordPress Core is vulnerable to Sensitive Information Exposure in versions up to, and including, 6.4.3 via the redirect_guess_404_permalink function. This can allow unauthenticated attackers to expose the slug of a custom post whose 'publicly_queryable' post status has been set to 'false'.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-5692", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00855", "scoring_system": "epss", "scoring_elements": "0.74935", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00855", "scoring_system": "epss", "scoring_elements": "0.74907", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00855", "scoring_system": "epss", "scoring_elements": "0.7499", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00855", "scoring_system": "epss", "scoring_elements": "0.74983", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00855", "scoring_system": "epss", "scoring_elements": "0.74946", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00855", "scoring_system": "epss", "scoring_elements": "0.74956", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00855", "scoring_system": "epss", "scoring_elements": "0.74977", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00855", "scoring_system": "epss", "scoring_elements": "0.74954", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00855", "scoring_system": "epss", "scoring_elements": "0.74942", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00855", "scoring_system": "epss", "scoring_elements": "0.74908", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01055", "scoring_system": "epss", "scoring_elements": "0.77617", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-5692" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5692", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5692" }, { "reference_url": "https://core.trac.wordpress.org/changeset/57645", "reference_id": "57645", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-05T13:58:59Z/" } ], "url": "https://core.trac.wordpress.org/changeset/57645" }, { "reference_url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6e6f993b-ce09-4050-84a1-cbe9953f36b1?source=cve", "reference_id": "6e6f993b-ce09-4050-84a1-cbe9953f36b1?source=cve", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-05T13:58:59Z/" } ], "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6e6f993b-ce09-4050-84a1-cbe9953f36b1?source=cve" }, { "reference_url": "https://github.com/WordPress/wordpress-develop/blob/6.3/src/wp-includes/canonical.php#L763", "reference_id": "canonical.php#L763", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-05T13:58:59Z/" } ], "url": "https://github.com/WordPress/wordpress-develop/blob/6.3/src/wp-includes/canonical.php#L763" }, { "reference_url": "https://developer.wordpress.org/reference/functions/is_post_publicly_viewable/", "reference_id": "is_post_publicly_viewable", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-05T13:58:59Z/" } ], "url": "https://developer.wordpress.org/reference/functions/is_post_publicly_viewable/" }, { "reference_url": "https://developer.wordpress.org/reference/functions/is_post_type_viewable/", "reference_id": "is_post_type_viewable", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-05T13:58:59Z/" } ], "url": "https://developer.wordpress.org/reference/functions/is_post_type_viewable/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/995234?format=api", "purl": "pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1" } ], "aliases": [ "CVE-2023-5692" ], "risk_score": 2.4, "exploitability": "0.5", "weighted_severity": "4.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jghn-eujf-zbdn" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/96062?format=api", "vulnerability_id": "VCID-4g2n-5v12-yuff", "summary": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Automattic WordPress allows Stored XSS.This issue affects WordPress: from 6.5 through 6.5.4, from 6.4 through 6.4.4, from 6.3 through 6.3.4, from 6.2 through 6.2.5, from 6.1 through 6.1.6, from 6.0 through 6.0.8, from 5.9 through 5.9.9.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-31111", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00433", "scoring_system": "epss", "scoring_elements": "0.62759", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00433", "scoring_system": "epss", "scoring_elements": "0.62763", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00433", "scoring_system": "epss", "scoring_elements": "0.62753", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00433", "scoring_system": "epss", "scoring_elements": "0.6277", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00433", "scoring_system": "epss", "scoring_elements": "0.62778", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00433", "scoring_system": "epss", "scoring_elements": "0.62681", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00433", "scoring_system": "epss", "scoring_elements": "0.62714", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00433", "scoring_system": "epss", "scoring_elements": "0.62677", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00433", "scoring_system": "epss", "scoring_elements": "0.62729", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00433", "scoring_system": "epss", "scoring_elements": "0.62746", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-31111" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31111", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31111" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1074486", "reference_id": "1074486", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1074486" }, { "reference_url": "https://wordpress.org/news/2024/06/wordpress-6-5-5/", "reference_id": "wordpress-6-5-5", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-25T13:49:17Z/" } ], "url": "https://wordpress.org/news/2024/06/wordpress-6-5-5/" }, { "reference_url": "https://patchstack.com/database/vulnerability/wordpress/wordpress-wordpress-core-core-6-5-5-cross-site-scripting-xss-via-template-part-vulnerability?_s_id=cve", "reference_id": "wordpress-wordpress-core-core-6-5-5-cross-site-scripting-xss-via-template-part-vulnerability?_s_id=cve", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-25T13:49:17Z/" } ], "url": "https://patchstack.com/database/vulnerability/wordpress/wordpress-wordpress-core-core-6-5-5-cross-site-scripting-xss-via-template-part-vulnerability?_s_id=cve" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/995233?format=api", "purl": "pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gyaq-8pvh-p7gg" }, { "vulnerability": "VCID-jghn-eujf-zbdn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1" } ], "aliases": [ "CVE-2024-31111" ], "risk_score": 2.2, "exploitability": "0.5", "weighted_severity": "4.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4g2n-5v12-yuff" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/96811?format=api", "vulnerability_id": "VCID-532z-9qbb-dyfw", "summary": "Insertion of Sensitive Information Into Sent Data vulnerability in WordPress allows Retrieve Embedded Sensitive Data. The WordPress Core security team is aware of the issue and is already working on a fix. This is a low-severity vulnerability. Contributor-level privileges required in order to exploit it. This issue affects WordPress: from 6.8 through 6.8.2, from 6.7 through 6.7.3, from 6.6 through 6.6.3, from 6.5 through 6.5.6, from 6.4 through 6.4.6, from 6.3 through 6.3.6, from 6.2 through 6.2.7, from 6.1 through 6.1.8, from 6.0 through 6.0.10, from 5.9 through 5.9.11, from 5.8 through 5.8.11, from 5.7 through 5.7.13, from 5.6 through 5.6.15, from 5.5 through 5.5.16, from 5.4 through 5.4.17, from 5.3 through 5.3.19, from 5.2 through 5.2.22, from 5.1 through 5.1.20, from 5.0 through 5.0.23, from 4.9 through 4.9.27, from 4.8 through 4.8.26, from 4.7 through 4.7.30.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-58246", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.11038", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.11054", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.11022", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.11", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.10856", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.10869", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.11099", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.1092", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.10997", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.1105", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.1197", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-58246" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58246", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58246" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1117047", "reference_id": "1117047", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1117047" }, { "reference_url": "https://wordpress.org/news/2025/09/wordpress-6-8-3-release/", "reference_id": "wordpress-6-8-3-release", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-23T18:30:39Z/" } ], "url": "https://wordpress.org/news/2025/09/wordpress-6-8-3-release/" }, { "reference_url": "https://patchstack.com/database/wordpress/wordpress/wordpress/vulnerability/wordpress-wordpress-wordpress-6-8-2-sensitive-data-exposure-vulnerability?_s_id=cve", "reference_id": "wordpress-wordpress-wordpress-6-8-2-sensitive-data-exposure-vulnerability?_s_id=cve", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-23T18:30:39Z/" } ], "url": "https://patchstack.com/database/wordpress/wordpress/wordpress/vulnerability/wordpress-wordpress-wordpress-6-8-2-sensitive-data-exposure-vulnerability?_s_id=cve" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/995233?format=api", "purl": "pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gyaq-8pvh-p7gg" }, { "vulnerability": "VCID-jghn-eujf-zbdn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1" } ], "aliases": [ "CVE-2025-58246" ], "risk_score": 1.5, "exploitability": "0.5", "weighted_severity": "3.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-532z-9qbb-dyfw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/96346?format=api", "vulnerability_id": "VCID-m8mf-t2td-67h7", "summary": "WordPress Core is vulnerable to Stored Cross-Site Scripting via the HTML API in various versions prior to 6.5.5 due to insufficient input sanitization and output escaping on URLs. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-6307", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00635", "scoring_system": "epss", "scoring_elements": "0.70437", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00635", "scoring_system": "epss", "scoring_elements": "0.70352", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00635", "scoring_system": "epss", "scoring_elements": "0.70397", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00635", "scoring_system": "epss", "scoring_elements": "0.70412", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00635", "scoring_system": "epss", "scoring_elements": "0.70436", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00635", "scoring_system": "epss", "scoring_elements": "0.70421", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00635", "scoring_system": "epss", "scoring_elements": "0.70406", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00635", "scoring_system": "epss", "scoring_elements": "0.70448", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00635", "scoring_system": "epss", "scoring_elements": "0.70457", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00635", "scoring_system": "epss", "scoring_elements": "0.70356", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00635", "scoring_system": "epss", "scoring_elements": "0.70373", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-6307" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6307", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6307" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1074486", "reference_id": "1074486", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1074486" }, { "reference_url": "https://core.trac.wordpress.org/changeset/58472", "reference_id": "58472", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-06T03:09:30Z/" } ], "url": "https://core.trac.wordpress.org/changeset/58472" }, { "reference_url": "https://core.trac.wordpress.org/changeset/58473", "reference_id": "58473", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-06T03:09:30Z/" } ], "url": "https://core.trac.wordpress.org/changeset/58473" }, { "reference_url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/bc0d36f8-6569-49a1-b722-5cf57c4bb32a?source=cve", "reference_id": "bc0d36f8-6569-49a1-b722-5cf57c4bb32a?source=cve", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-06T03:09:30Z/" } ], "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/bc0d36f8-6569-49a1-b722-5cf57c4bb32a?source=cve" }, { "reference_url": "https://wordpress.org/news/2024/06/wordpress-6-5-5/", "reference_id": "wordpress-6-5-5", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-06T03:09:30Z/" } ], "url": "https://wordpress.org/news/2024/06/wordpress-6-5-5/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/995233?format=api", "purl": "pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gyaq-8pvh-p7gg" }, { "vulnerability": "VCID-jghn-eujf-zbdn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1" } ], "aliases": [ "CVE-2024-6307" ], "risk_score": 2.2, "exploitability": "0.5", "weighted_severity": "4.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-m8mf-t2td-67h7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/94971?format=api", "vulnerability_id": "VCID-yqam-kpce-dfg7", "summary": "WordPress before 5.8 lacks support for the Update URI plugin header. This makes it easier for remote attackers to execute arbitrary code via a supply-chain attack against WordPress installations that use any plugin for which the slug satisfies the naming constraints of the WordPress.org Plugin Directory but is not yet present in that directory.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-44223", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.27489", "scoring_system": "epss", "scoring_elements": "0.96388", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.27489", "scoring_system": "epss", "scoring_elements": "0.96395", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.27489", "scoring_system": "epss", "scoring_elements": "0.96399", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.27489", "scoring_system": "epss", "scoring_elements": "0.96402", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.27489", "scoring_system": "epss", "scoring_elements": "0.96411", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.27489", "scoring_system": "epss", "scoring_elements": "0.96414", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.27489", "scoring_system": "epss", "scoring_elements": "0.96419", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.27489", "scoring_system": "epss", "scoring_elements": "0.9642", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.27489", "scoring_system": "epss", "scoring_elements": "0.96423", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.27489", "scoring_system": "epss", "scoring_elements": "0.9643", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.27489", "scoring_system": "epss", "scoring_elements": "0.96434", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.27489", "scoring_system": "epss", "scoring_elements": "0.96435", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-44223" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44223", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44223" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/995233?format=api", "purl": "pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gyaq-8pvh-p7gg" }, { "vulnerability": "VCID-jghn-eujf-zbdn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1" } ], "aliases": [ "CVE-2021-44223" ], "risk_score": 0.1, "exploitability": "0.5", "weighted_severity": "0.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yqam-kpce-dfg7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/96812?format=api", "vulnerability_id": "VCID-zj9a-shru-e7gs", "summary": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WordPress allows Stored XSS. WordPress core security team is aware of the issue and working on a fix. This is low severity vulnerability that requires an attacker to have Author or higher user privileges to execute the attack vector.This issue affects WordPress: from 6.8 through 6.8.2, from 6.7 through 6.7.3, from 6.6 through 6.6.3, from 6.5 through 6.5.6, from 6.4 through 6.4.6, from 6.3 through 6.3.6, from 6.2 through 6.2.7, from 6.1 through 6.1.8, from 6.0 through 6.0.10, from 5.9 through 5.9.11, from 5.8 through 5.8.11, from 5.7 through 5.7.13, from 5.6 through 5.6.15, from 5.5 through 5.5.16, from 5.4 through 5.4.17, from 5.3 through 5.3.19, from 5.2 through 5.2.22, from 5.1 through 5.1.20, from 5.0 through 5.0.23, from 4.9 through 4.9.27, from 4.8 through 4.8.26, from 4.7 through 4.7.30.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-58674", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07411", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07516", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07502", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.0749", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07412", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07399", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07453", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07436", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07493", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08189", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-58674" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58674", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58674" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1117047", "reference_id": "1117047", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1117047" }, { "reference_url": "https://wordpress.org/news/2025/09/wordpress-6-8-3-release/", "reference_id": "wordpress-6-8-3-release", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-23T19:15:09Z/" } ], "url": "https://wordpress.org/news/2025/09/wordpress-6-8-3-release/" }, { "reference_url": "https://patchstack.com/database/wordpress/wordpress/wordpress/vulnerability/wordpress-wordpress-wordpress-6-8-2-cross-site-scripting-xss-vulnerability?_s_id=cve", "reference_id": "wordpress-wordpress-wordpress-6-8-2-cross-site-scripting-xss-vulnerability?_s_id=cve", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-23T19:15:09Z/" } ], "url": "https://patchstack.com/database/wordpress/wordpress/wordpress/vulnerability/wordpress-wordpress-wordpress-6-8-2-cross-site-scripting-xss-vulnerability?_s_id=cve" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/995233?format=api", "purl": "pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gyaq-8pvh-p7gg" }, { "vulnerability": "VCID-jghn-eujf-zbdn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1" } ], "aliases": [ "CVE-2025-58674" ], "risk_score": 2.0, "exploitability": "0.5", "weighted_severity": "4.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zj9a-shru-e7gs" } ], "risk_score": "3.4", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1" }