User’s Guide

About this site

WordPress Vulnerability Information” ( ) is a public interest security information site that distributes vulnerability information found in WordPress core programs, themes, and plugins in Japanese.

It is said that 40% of websites use WordPress (*1), and exploiting vulnerabilities related to WordPress is a very popular method for malicious attackers.

Even well-known companies and government agencies have been victims of unauthorized access due to failure to address known vulnerabilities discovered related to WordPress.(*2)

You can also receive information about updates that address vulnerabilities in the WordPress admin panel, but you will not see notifications for plugins and themes that have been left unfixed by the revealed vulnerabilities.
The only way to get such information is to check out a medium such as our website that distributes vulnerability information.

There are other informational websites that provide information on WordPress-related vulnerabilities and encourage countermeasures before the damage is done, but most of them are provided in English-speaking countries.

WordPress Vulnerability Information” provides WordPress related vulnerability information in Japanese so that Japanese people can be familiar with it.

1 40% of the web uses WordPress – W3Techs
2 Security risk approaching WordPress? What are the alternative measures based on the damage cases? – Canon ESET SPECIAL SITE

How to Read Vulnerability Information

Article Date

The date of information release on this website.

Severity score (CVSS 3.0)

A score indicating the severity of the vulnerability.

This is not a degree of danger, but is evaluated based on the extent of the impact (number of installations, etc.), the characteristics of the vulnerability itself, and the availability of countermeasures.(*1)

1 Common Vulnerability Assessment System CVSS v3 Overview – IPA


What kind of vulnerability is described.


Whether there is a solution and, if so, how to resolve it.


Information sources and links to vulnerability information are listed.

Delivery address for vulnerability-related information

If you have discovered a vulnerability, we will not be able to accept your submission to this site.

To submit vulnerability-related information, please contact the Information-technology Promotion Agency, Japan (IPA).

Reproduction and Citation

The vulnerability information on this site is provided under the Creative Commons Attribution 4.0 International License.

You may freely reprint or cite the information as long as you comply with the conditions (*1) and precautions described in the link above. Commercial use is also permitted.

Please refer to the following to place the credit notation.

出典:WordPress脆弱性情報(<a href="該当ページのURL">該当ページのタイトル</a>)

All rights reserved by this site or other copyright holders, except for the text of vulnerability information, such as images and logos.

If you would like to introduce our products to the media, etc., including materials that are prohibited from being reproduced without permission (*2), please contact us through the Contact Us page for the media.

1 The main requirements are a notation (credit notation) to the effect that the article is reprinted or cited from a vulnerability information blog and a link to the page from which the article is reprinted or cited. Please refer to the link for details.
2 Screenshots of the entire page, etc.

Reproduction and Citation

In principle, you are free to link to this site.
The same treatment applies to links to each page, not just the top page.

However, please be sure to link to the URL of the page, and do not link directly to images or other material files.

When you place a link, please indicate that it is a link to “WordPress Vulnerability Information”.
No permission or contact is required for links only.


While every effort has been made to ensure the accuracy of the information, this site assumes no responsibility for any actions (*1) taken by users using the vulnerability-related information.

The content of this site, including vulnerability-related information, may be changed, moved, or deleted without notice.

1 This includes the use of information that has been edited or processed.