Automattic Wordpress
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Automattic Wordpress.
EOL Dates
Ensure that you are using a supported version of Automattic Wordpress. Here are some end of life, and end of support dates for Automattic Wordpress.
| Release | EOL Date | Status |
|---|---|---|
| 6.9 | - |
Active
|
| 6.8 | December 2, 2025 |
EOL
Automattic Wordpress 6.8 became EOL in 2025. |
| 6.7 | April 15, 2025 |
EOL
Automattic Wordpress 6.7 became EOL in 2025. |
| 6.6 | November 12, 2024 |
EOL
Automattic Wordpress 6.6 became EOL in 2024. |
| 6.5 | July 16, 2024 |
EOL
Automattic Wordpress 6.5 became EOL in 2024. |
| 6.4 | April 2, 2024 |
EOL
Automattic Wordpress 6.4 became EOL in 2024. |
| 6.3 | November 7, 2023 |
EOL
Automattic Wordpress 6.3 became EOL in 2023. |
| 6.2 | August 8, 2023 |
EOL
Automattic Wordpress 6.2 became EOL in 2023. |
| 6.1 | March 29, 2023 |
EOL
Automattic Wordpress 6.1 became EOL in 2023. |
| 6.0 | November 1, 2022 |
EOL
Automattic Wordpress 6.0 became EOL in 2022. |
| 5.9 | May 24, 2022 |
EOL
Automattic Wordpress 5.9 became EOL in 2022. |
| 5.8 | January 25, 2022 |
EOL
Automattic Wordpress 5.8 became EOL in 2022. |
| 5.7 | July 20, 2021 |
EOL
Automattic Wordpress 5.7 became EOL in 2021. |
| 5.6 | March 9, 2021 |
EOL
Automattic Wordpress 5.6 became EOL in 2021. |
| 5.5 | December 8, 2020 |
EOL
Automattic Wordpress 5.5 became EOL in 2020. |
| 5.4 | August 11, 2020 |
EOL
Automattic Wordpress 5.4 became EOL in 2020. |
| 5.3 | March 31, 2020 |
EOL
Automattic Wordpress 5.3 became EOL in 2020. |
| 5.2 | November 12, 2019 |
EOL
Automattic Wordpress 5.2 became EOL in 2019. |
| 5.1 | May 7, 2019 |
EOL
Automattic Wordpress 5.1 became EOL in 2019. |
| 5.0 | February 21, 2019 |
EOL
Automattic Wordpress 5.0 became EOL in 2019. |
By the Year
In 2026 there have been 0 vulnerabilities in Automattic Wordpress. Last year, in 2025 Wordpress had 2 security vulnerabilities published. Right now, Wordpress is on track to have less security vulnerabilities in 2026 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 2 | 5.10 |
It may take a day or so for new Wordpress vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Automattic Wordpress Security Vulnerabilities
WordPress Core Stored XSS (CVE-2025-58674) up to v6.8.2
CVE-2025-58674
5.9 - Medium
- September 23, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WordPress allows Stored XSS. WordPress core security team is aware of the issue and working on a fix. This is low severity vulnerability that requires an attacker to have Author or higher user privileges to execute the attack vector.This issue affects WordPress: from 6.8 through 6.8.2, from 6.7 through 6.7.3, from 6.6 through 6.6.3, from 6.5 through 6.5.6, from 6.4 through 6.4.6, from 6.3 through 6.3.6, from 6.2 through 6.2.7, from 6.1 through 6.1.8, from 6.0 through 6.0.10, from 5.9 through 5.9.11, from 5.8 through 5.8.11, from 5.7 through 5.7.13, from 5.6 through 5.6.15, from 5.5 through 5.5.16, from 5.4 through 5.4.17, from 5.3 through 5.3.19, from 5.2 through 5.2.22, from 5.1 through 5.1.20, from 5.0 through 5.0.23, from 4.9 through 4.9.27, from 4.8 through 4.8.26, from 4.7 through 4.7.30.
XSS
WP <=6.8.2: Insert Sensitive Info into Outgoing Data (Contributor Priv.)
CVE-2025-58246
4.3 - Medium
- September 23, 2025
Insertion of Sensitive Information Into Sent Data vulnerability in WordPress allows Retrieve Embedded Sensitive Data. The WordPress Core security team is aware of the issue and is already working on a fix. This is a low-severity vulnerability. Contributor-level privileges required in order to exploit it. This issue affects WordPress: from 6.8 through 6.8.2, from 6.7 through 6.7.3, from 6.6 through 6.6.3, from 6.5 through 6.5.6, from 6.4 through 6.4.6, from 6.3 through 6.3.6, from 6.2 through 6.2.7, from 6.1 through 6.1.8, from 6.0 through 6.0.10, from 5.9 through 5.9.11, from 5.8 through 5.8.11, from 5.7 through 5.7.13, from 5.6 through 5.6.15, from 5.5 through 5.5.16, from 5.4 through 5.4.17, from 5.3 through 5.3.19, from 5.2 through 5.2.22, from 5.1 through 5.1.20, from 5.0 through 5.0.23, from 4.9 through 4.9.27, from 4.8 through 4.8.26, from 4.7 through 4.7.30.
Insertion of Sensitive Information Into Sent Data
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Automattic Wordpress or by Automattic? Click the Watch button to subscribe.
