websafe-kb/07-framework-security/cms/wordpress/INDEX.md

WordPress

LAB ONLY | AUTHORIZED TARGETS ONLY | 自动生成索引

• 系统 ID: wordpress
• 分类: cms
• 覆盖策略: history-full
• 总案例数: 140
• 近 30 天新增/更新: 0
• 重点 Markdown 案例数: 0
• 已实证(真实版本): 0
• 已实证(synthetic): 0
• 阻塞数: 0
• 待人工/缺浏览器证据: 140
• 最近渲染时间: 2026-03-19T09:30:57+00:00

目标约束

• 适用目标类型: lab-local, lab-public, authorized-third-party
• 是否允许公网验证: yes, but ownership or authorization is required
• 授权前提: 资产归属可证明，或已取得书面/明确授权。
• 最小化验证方式: 最小化验证、只读探测、可审计回显、受控注入。
• 禁止场景: 无归属证明或无明确授权的公网目标；知名公共网站或与测试无关的第三方资产；会造成持久破坏、数据越权下载或不可回滚影响的动作

来源

• official WordPress Security News RSS (mode=core)
• official NVD WordPress (keyword=WordPress; mode=core)
• ecosystem-authority Wordfence Vulnerability Database (mode=plugin)
• ecosystem-authority Patchstack Database (mode=plugin)
• ecosystem-authority WPScan Vulnerability Database (mode=plugin)
• research PortSwigger Research (mode=core)

案例列表

标题	严重度	案例状态	实证状态	实证方式	来源置信度	更新时间	案例页
CVE-2007-1893	medium	triage	triage-manual	synthetic	official	2025-04-09T00:30:58.490	-
CVE-2007-1894	medium	triage	triage-manual	synthetic	official	2025-04-09T00:30:58.490	-
CVE-2007-1732	low	triage	triage-manual	synthetic	official	2025-04-09T00:30:58.490	-
CVE-2007-1622	medium	triage	triage-manual	synthetic	official	2025-04-09T00:30:58.490	-
CVE-2007-1599	medium	triage	triage-manual	synthetic	official	2025-04-09T00:30:58.490	-
CVE-2007-1409	medium	triage	triage-manual	synthetic	official	2025-04-09T00:30:58.490	-
CVE-2007-1277	high	triage	triage-manual	synthetic	official	2025-04-09T00:30:58.490	-
CVE-2007-1244	medium	triage	triage-manual	synthetic	official	2025-04-09T00:30:58.490	-
CVE-2007-1230	medium	triage	triage-manual	synthetic	official	2025-04-09T00:30:58.490	-
CVE-2007-1049	medium	triage	triage-manual	synthetic	official	2025-04-09T00:30:58.490	-
CVE-2007-0539	high	triage	triage-manual	synthetic	official	2025-04-09T00:30:58.490	-
CVE-2007-0540	medium	triage	triage-manual	synthetic	official	2025-04-09T00:30:58.490	-
CVE-2007-0541	medium	triage	triage-manual	synthetic	official	2025-04-09T00:30:58.490	-
CVE-2007-0262	high	triage	triage-manual	synthetic	official	2025-04-09T00:30:58.490	-
CVE-2007-0233	high	triage	triage-manual	synthetic	official	2025-04-09T00:30:58.490	-
CVE-2007-0106	medium	triage	triage-manual	synthetic	official	2025-04-09T00:30:58.490	-
CVE-2007-0107	medium	triage	triage-manual	synthetic	official	2025-04-09T00:30:58.490	-
CVE-2007-0109	medium	triage	triage-manual	synthetic	official	2025-04-09T00:30:58.490	-
CVE-2006-6863	critical	triage	triage-manual	synthetic	official	2025-04-09T00:30:58.490	-
CVE-2006-6808	medium	triage	triage-manual	synthetic	official	2025-04-09T00:30:58.490	-
CVE-2006-6016	medium	triage	triage-manual	synthetic	official	2025-04-09T00:30:58.490	-
CVE-2006-6017	medium	triage	triage-manual	synthetic	official	2025-04-09T00:30:58.490	-
CVE-2006-5705	medium	triage	triage-manual	synthetic	official	2025-04-09T00:30:58.490	-
CVE-2006-4743	medium	triage	triage-manual	synthetic	official	2025-04-03T01:03:51.193	-
CVE-2006-4208	medium	triage	triage-manual	synthetic	official	2025-04-03T01:03:51.193	-
CVE-2006-4028	high	triage	triage-manual	synthetic	official	2025-04-03T01:03:51.193	-
CVE-2006-3389	medium	triage	triage-manual	synthetic	official	2025-04-03T01:03:51.193	-
CVE-2006-3390	medium	triage	triage-manual	synthetic	official	2025-04-03T01:03:51.193	-
CVE-2006-2702	medium	triage	triage-manual	synthetic	official	2025-04-03T01:03:51.193	-
CVE-2006-2667	high	triage	triage-manual	synthetic	official	2025-04-03T01:03:51.193	-
CVE-2006-1796	medium	triage	triage-manual	synthetic	official	2025-04-03T01:03:51.193	-
CVE-2006-1263	medium	triage	triage-manual	synthetic	official	2025-04-03T01:03:51.193	-
CVE-2006-1012	high	triage	triage-manual	synthetic	official	2025-04-03T01:03:51.193	-
CVE-2006-0985	medium	triage	triage-manual	synthetic	official	2025-04-03T01:03:51.193	-
CVE-2006-0986	medium	triage	triage-manual	synthetic	official	2025-04-03T01:03:51.193	-
CVE-2006-0733	low	triage	triage-manual	synthetic	official	2025-04-03T01:03:51.193	-
CVE-2005-4463	medium	triage	triage-manual	synthetic	official	2025-04-03T01:03:51.193	-
CVE-2005-3330	high	triage	triage-manual	synthetic	official	2025-04-03T01:03:51.193	-
CVE-2005-2612	high	triage	triage-manual	synthetic	official	2025-04-03T01:03:51.193	-
CVE-2005-1921	high	triage	triage-manual	synthetic	official	2025-04-03T01:03:51.193	-
CVE-2005-2107	medium	triage	triage-manual	synthetic	official	2025-04-03T01:03:51.193	-
CVE-2005-2108	high	triage	triage-manual	synthetic	official	2025-04-03T01:03:51.193	-
CVE-2005-2109	medium	triage	triage-manual	synthetic	official	2025-04-03T01:03:51.193	-
CVE-2005-2110	medium	triage	triage-manual	synthetic	official	2025-04-03T01:03:51.193	-
CVE-2005-1810	high	triage	triage-manual	synthetic	official	2025-04-03T01:03:51.193	-
CVE-2005-1687	high	triage	triage-manual	synthetic	official	2025-04-03T01:03:51.193	-
CVE-2005-1688	medium	triage	triage-manual	synthetic	official	2025-04-03T01:03:51.193	-
CVE-2005-1102	medium	triage	triage-manual	synthetic	official	2025-04-03T01:03:51.193	-
CVE-2004-1559	medium	triage	triage-manual	synthetic	official	2025-04-03T01:03:51.193	-
CVE-2004-1584	medium	triage	triage-manual	synthetic	official	2025-04-03T01:03:51.193	-
Interviews	unknown	triage	triage-manual	synthetic	official	``	-
Forums	unknown	triage	triage-manual	synthetic	official	``	-
Swag Store ↗ ︎	unknown	triage	triage-manual	synthetic	official	``	-
Booster for WooCommerce < 7.11.3 Broken Access Control vulnerability	unknown	triage	triage-manual	synthetic	ecosystem-authority	``	-
Blocks	unknown	triage	triage-manual	synthetic	official	``	-
Events	unknown	triage	triage-manual	synthetic	official	``	-
Wicked Folders <= 4.1.0 Insecure Direct Object Reference to Authenticated (Contributor+) Arbitrary Folder Deletion vulnerability	unknown	triage	triage-manual	synthetic	ecosystem-authority	``	-
Features	unknown	triage	triage-manual	synthetic	official	``	-
Surge of JavaScript Malware in sites with vulnerable versions of LiteSpeed Cache Plugin	unknown	triage	triage-manual	synthetic	ecosystem-authority	``	-
Manage subscriptions	unknown	triage	triage-manual	synthetic	ecosystem-authority	``	-
Performance	unknown	triage	triage-manual	synthetic	official	``	-
How to Install WPScan	unknown	triage	triage-manual	synthetic	ecosystem-authority	``	-
Stats WordPress stats	unknown	triage	triage-manual	synthetic	ecosystem-authority	``	-
Documentation	unknown	triage	triage-manual	synthetic	official	``	-
Modern Events Calendar <= 7.29.0 Broken Access Control vulnerability	unknown	triage	triage-manual	synthetic	ecosystem-authority	``	-
Gutenberg ↗ ︎	unknown	triage	triage-manual	synthetic	official	``	-
Showcase	unknown	triage	triage-manual	synthetic	official	``	-
WordPress.org	unknown	triage	triage-manual	synthetic	official	``	-
Education	unknown	triage	triage-manual	synthetic	official	``	-
Documentation	unknown	triage	triage-manual	synthetic	official	``	-
Education	unknown	triage	triage-manual	synthetic	official	``	-
Subscriptions for WooCommerce <= 1.9.2 Missing Authorization to Unauthenticated Arbitrary Subscription Cancellation vulnerability	unknown	triage	triage-manual	synthetic	ecosystem-authority	``	-
Submit vulnerabilities	unknown	triage	triage-manual	synthetic	ecosystem-authority	``	-
CLI scanner	unknown	triage	triage-manual	synthetic	ecosystem-authority	``	-
Patterns	unknown	triage	triage-manual	synthetic	official	``	-
Design	unknown	triage	triage-manual	synthetic	official	``	-
Developers	unknown	triage	triage-manual	synthetic	official	``	-
WordPress	unknown	triage	triage-manual	synthetic	ecosystem-authority	``	-
Writeprint Stylometry <= 0.1 Reflected Cross-Site Scripting via 'p' Parameter vulnerability	unknown	triage	triage-manual	synthetic	ecosystem-authority	``	-
Skip to content	unknown	triage	triage-manual	synthetic	official	``	-
Hosting	unknown	triage	triage-manual	synthetic	official	``	-
CLI Scanner	unknown	triage	triage-manual	synthetic	ecosystem-authority	``	-
General	unknown	triage	triage-manual	synthetic	official	``	-
WowStore <= 4.4.3 WordPress WowStore - Store Builder & Product Blocks for WooCommerce plugin <= 4.4.3 - Unauthenticated SQL Injection via 'search' Parameter vulnerability	unknown	triage	triage-manual	synthetic	ecosystem-authority	``	-
Disclosure policy	unknown	triage	triage-manual	synthetic	ecosystem-authority	``	-
Five for the Future	unknown	triage	triage-manual	synthetic	official	``	-
Features	unknown	triage	triage-manual	synthetic	ecosystem-authority	``	-
Unpatched Vulnerability in TI WooCommerce Wishlist Plugin	unknown	triage	triage-manual	synthetic	ecosystem-authority	``	-
Jannah <= 7.6.3 Local File Inclusion vulnerability	unknown	triage	triage-manual	synthetic	ecosystem-authority	``	-
Month in WordPress	unknown	triage	triage-manual	synthetic	official	``	-
Report this content	unknown	triage	triage-manual	synthetic	ecosystem-authority	``	-
Contextual Related Posts < 4.2.2 Broken Access Control vulnerability	unknown	triage	triage-manual	synthetic	ecosystem-authority	``	-
Log in now.	unknown	triage	triage-manual	synthetic	ecosystem-authority	``	-
Awards	unknown	triage	triage-manual	synthetic	official	``	-
All Posts	unknown	triage	triage-manual	synthetic	official	``	-
News	unknown	triage	triage-manual	synthetic	official	``	-
Enterprise	unknown	triage	triage-manual	synthetic	official	``	-
WordPress.tv ↗ ︎	unknown	triage	triage-manual	synthetic	official	``	-
News	unknown	triage	triage-manual	synthetic	official	``	-
About WordPress	unknown	triage	triage-manual	synthetic	official	``	-
[CR]Paid Link Manager <= 0.5 Reflected Cross-Site Scripting vulnerability	unknown	triage	triage-manual	synthetic	ecosystem-authority	``	-
WordPress	unknown	triage	triage-manual	synthetic	ecosystem-authority	``	-
WP User Frontend <= 4.2.8 Missing Authorization to Unauthenticated Arbitrary Post Modification via 'post_id' Parameter vulnerability	unknown	triage	triage-manual	synthetic	ecosystem-authority	``	-
Duplicate Post <= 4.5 Authenticated (Contributor+) Missing Authorization to Arbitrary Post Duplication and Overwrite vulnerability	unknown	triage	triage-manual	synthetic	ecosystem-authority	``	-
Pricing	unknown	triage	triage-manual	synthetic	ecosystem-authority	``	-
Object Injection vulnerability fixed in SEOPress 7.9	unknown	triage	triage-manual	synthetic	ecosystem-authority	``	-
Unauthorized Plugin Installation/Activation in Hunk Companion	unknown	triage	triage-manual	synthetic	ecosystem-authority	``	-
Sign up	unknown	triage	triage-manual	synthetic	ecosystem-authority	``	-
View site in Reader	unknown	triage	triage-manual	synthetic	ecosystem-authority	``	-
Unauthenticated Privilege Escalation in Profile-Builder plugin	unknown	triage	triage-manual	synthetic	ecosystem-authority	``	-
New Malware Campaign Targets WP-Automatic Plugin	unknown	triage	triage-manual	synthetic	ecosystem-authority	``	-
Plugins	unknown	triage	triage-manual	synthetic	ecosystem-authority	``	-
NEX-Forms <= 9.1.9 WordPress NEX-Forms - Ultimate Forms Plugin for WordPress plugin <= 9.1.9 - Missing Authorization to Unauthenticated Arbitrary Form Entry Modification via nf_set_entry_update_id vulnerability	unknown	triage	triage-manual	synthetic	ecosystem-authority	``	-
Make WordPress	unknown	triage	triage-manual	synthetic	official	``	-
Photo Directory	unknown	triage	triage-manual	synthetic	official	``	-
NEX-Forms <= 9.1.9 WordPress NEX-Forms - Ultimate Forms Plugin for WordPress plugin <= 9.1.9 - Missing Authorization to Authenticated (Subscriber+) License Deactivation via deactivate_license vulnerability	unknown	triage	triage-manual	synthetic	ecosystem-authority	``	-
Job Board ↗ ︎	unknown	triage	triage-manual	synthetic	official	``	-
Thim Elementor Kit <= 1.3.7 Missing Authorization to Unauthenticated Private Course Disclosure vulnerability	unknown	triage	triage-manual	synthetic	ecosystem-authority	``	-
Plugins	unknown	triage	triage-manual	synthetic	official	``	-
Meta	unknown	triage	triage-manual	synthetic	official	``	-
Development	unknown	triage	triage-manual	synthetic	official	``	-
Our Stats	unknown	triage	triage-manual	synthetic	ecosystem-authority	``	-
Managed VDP New	unknown	triage	triage-manual	synthetic	ecosystem-authority	``	-
Community	unknown	triage	triage-manual	synthetic	official	``	-
Vulnerability statistics	unknown	triage	triage-manual	synthetic	ecosystem-authority	``	-
Whitepaper 2026 New	unknown	triage	triage-manual	synthetic	ecosystem-authority	``	-
Events	unknown	triage	triage-manual	synthetic	official	``	-
Get WordPress	unknown	triage	triage-manual	synthetic	official	``	-
WP EasyPay <= 4.2.11 Broken Access Control vulnerability	unknown	triage	triage-manual	synthetic	ecosystem-authority	``	-
Master Addons for Elementor <= 2.1.3 Cross Site Scripting (XSS) vulnerability	unknown	triage	triage-manual	synthetic	ecosystem-authority	``	-
WP Go Maps <= 10.0.05 Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting via admin_post_wpgmza_save_settings vulnerability	unknown	triage	triage-manual	synthetic	ecosystem-authority	``	-
WordPress plugin	unknown	triage	triage-manual	synthetic	ecosystem-authority	``	-
Themes	unknown	triage	triage-manual	synthetic	official	``	-
Software vendors	unknown	triage	triage-manual	synthetic	ecosystem-authority	``	-
Enterprise Features	unknown	triage	triage-manual	synthetic	ecosystem-authority	``	-
LearnPress – Sepay Payment <= 4.0.0 Broken Authentication vulnerability	unknown	triage	triage-manual	synthetic	ecosystem-authority	``	-
The 10 Best Vulnerability Scanners for Effective Web Security	unknown	triage	triage-manual	synthetic	ecosystem-authority	``	-
Flexmls® IDX <= 3.15.9 Reflected Cross Site Scripting (XSS) vulnerability	unknown	triage	triage-manual	synthetic	ecosystem-authority	``	-
Learn WordPress	unknown	triage	triage-manual	synthetic	official	``	-
Royal Elementor Addons <= 1.7.1049 WordPress Royal Addons for Elementor - Addons and Templates Kit for Elementor plugin <= 1.7.1049 - Missing Authorization to Unauthenticated Custom Post Type Contents Exposure vulnerability	unknown	triage	triage-manual	synthetic	ecosystem-authority	``	-