WordPress < 5.8.3 - SQL Injection via WP_Query 5.1.12 2022-21661 8.6 https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-6676-cqfm-gw84 https://hackerone.com/reports/1378209
WordPress < 5.8 - Plugin Confusion 5.8 2021-44223 8.2 https://vavkamil.cz/2021/11/25/wordpress-plugin-confusion-update-can-get-you-pwned/
WordPress 4.1-5.8.2 - SQL Injection via WP_Meta_Query 5.1.12 2022-21664 6.8 https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-jp3p-gw8h-6x86
WP < 6.2.1 - Contributor+ Stored XSS via Open Embed Auto Discovery 5.1.16 N/A 6.8 https://wordpress.org/news/2023/05/wordpress-6-2-1-maintenance-security-release/
WordPress 3.7 to 5.7.1 - Object Injection in PHPMailer 5.1.10 2020-36326 6.6 https://github.com/WordPress/WordPress/commit/267061c9595fedd321582d14c21ec9e7da2dcf62 https://wordpress.org/news/2021/05/wordpress-5-7-2-security-release/ https://github.com/PHPMailer/PHPMailer/commit/e2e07a355ee8ff36aba21d0242c5950c56e4c6f9 https://www.wordfence.com/blog/2021/05/wordpress-5-7-2-security-release-what-you-need-to-know/
WP < 6.2.2 - Shortcode Execution in User Generated Data 5.1.16 N/A 6.5 https://wordpress.org/news/2023/05/wordpress-6-2-1-maintenance-security-release/ https://wordpress.org/news/2023/05/wordpress-6-2-2-security-release/
WP < 6.0.2 - SQLi via Link API 5.1.14 N/A 5.8 https://wordpress.org/news/2022/08/wordpress-6-0-2-security-and-maintenance-release/
WordPress < 5.9.2 - Prototype Pollution in jQuery 5.1.13 N/A 5.6 https://wordpress.org/news/2022/03/wordpress-5-9-2-security-maintenance-release/
WP < 6.2.1 - Contributor+ Content Injection 5.1.16 N/A 5.5 https://wordpress.org/news/2023/05/wordpress-6-2-1-maintenance-security-release/
WordPress < 5.8.3 - Author+ Stored XSS via Post Slugs 5.1.12 2022-21662 5.4 https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-699q-3hj9-889w https://hackerone.com/reports/425342 https://blog.sonarsource.com/wordpress-stored-xss-vulnerability
{"html5":"htmlmixed","css":"css","javascript":"javascript","php":"php","python":"python","ruby":"ruby","lua":"text\/x-lua","bash":"text\/x-sh","go":"go","c":"text\/x-csrc","cpp":"text\/x-c++src","diff":"diff","latex":"stex","sql":"sql","xml":"xml","apl":"apl","asterisk":"asterisk","c_loadrunner":"text\/x-csrc","c_mac":"text\/x-csrc","coffeescript":"text\/x-coffeescript","csharp":"text\/x-csharp","d":"d","ecmascript":"javascript","erlang":"erlang","groovy":"text\/x-groovy","haskell":"text\/x-haskell","haxe":"text\/x-haxe","html4strict":"htmlmixed","java":"text\/x-java","java5":"text\/x-java","jquery":"javascript","mirc":"mirc","mysql":"sql","ocaml":"text\/x-ocaml","pascal":"text\/x-pascal","perl":"perl","perl6":"perl","plsql":"sql","properties":"text\/x-properties","q":"text\/x-q","scala":"scala","scheme":"text\/x-scheme","tcl":"text\/x-tcl","vb":"text\/x-vb","verilog":"text\/x-verilog","yaml":"text\/x-yaml","z80":"text\/x-z80"}