    Home /
    Blog /
    wordpress 4.5.12
  

Security Advisory

WordPress 4.5.12 Security: 4 Critical CVEs Explained

    📅 June 07, 2026
    ·⏱ 5 min read
    ·🔒 SiteRecipe Security Team
  

⚠ 3 websites still running wordpress 4.5.12 → View full list

Total

High

Medium

WordPress 4.5.12 is an older version that contains four known security vulnerabilities, with one rated as HIGH severity. If your website is still running this version, you're potentially exposing your site to attackers who could inject malicious code, steal sensitive information, or delete critical files. This comprehensive guide will help you identify if you're affected and walk you through the steps to secure your WordPress installation immediately.

According to our security scan, approximately 3 websites are still using WordPress 4.5.12, making them vulnerable to active exploits. The vulnerabilities range from Stored Cross-Site Scripting (XSS) attacks to Sensitive Information Exposure, each posing different levels of risk to your business. Understanding these threats and taking action is crucial for protecting your website and your users' data.

What is Wordpress 4.5.12?

WordPress 4.5.12 is an older release of the world's most popular website platform, released several years ago. Like all software, WordPress periodically releases updates to fix bugs and security issues. Version 4.5.12 was a minor update in the 4.5 series, but it did not address all the vulnerabilities that were later discovered in popular plugins used alongside WordPress. Think of it like an older version of your operating system—it still works, but it's missing important security patches that protect against modern threats.

Running outdated WordPress versions is like leaving your front door unlocked while traveling. While the core WordPress software may seem stable, the plugins and themes you use often have their own vulnerabilities. Version 4.5.12 is particularly concerning because it's paired with vulnerable versions of popular plugins like WP Meta SEO and Essential Blocks. These plugins are trusted by thousands of websites, but older versions contained security flaws that attackers actively exploit to gain unauthorized access or steal data.

Key Vulnerabilities in Wordpress 4.5.12

4 CVEs found. The most critical are explained below.

HIGH CVE-2023-6961 7.2/10 · CVSS v3.1 ⏱ Immediate

WP Meta SEO Plugin - Malicious Code Injection Vulnerability

The WP Meta SEO plugin has a security flaw that allows hackers to inject malicious code into your website without needing to log in. This happens through a weakness in how the plugin processes visitor information.

Impact: An attacker could inject harmful scripts that steal visitor data, redirect users to malicious sites, or compromise your website's credibility and trust.

↗ View on NVD

MEDIUM CVE-2024-4891 6.4/10 · CVSS v3.1 ⏱ Within 7 days

Essential Blocks Plugin - Code Injection Security Flaw

The Essential Blocks page builder plugin contains a vulnerability that allows attackers to inject malicious code through a specific setting called 'tagName'. While this requires some level of access, it poses a real risk to your site.

Impact: Hackers could inject malicious scripts that damage your website's functionality, steal visitor information, or deface your content.

↗ View on NVD

MEDIUM CVE-2023-6962 5.3/10 · CVSS v3.1 ⏱ Within 7 days

WP Meta SEO Plugin - Private Content Exposure Vulnerability

The WP Meta SEO plugin inadvertently exposes sensitive information that should be hidden, specifically through how it handles descriptions of password-protected content. Attackers can view this private information without authentication.

Impact: Confidential business information, private project details, or restricted content could become visible to the public and competitors.

↗ View on NVD

MEDIUM CVE-2021-25021 4.9/10 · CVSS v3.1 ⏱ Immediate

OMGF Plugin - Unsafe File Deletion Vulnerability

The OMGF (Host Google Fonts Locally) plugin has a flaw that allows administrators with higher permissions to accidentally delete important website folders when uninstalling the plugin. This is caused by improper validation of file paths.

Impact: Critical website files and folders could be permanently deleted, causing your site to malfunction or go offline completely.

↗ View on NVD

Is your website running Wordpress 4.5.12?

Scan your site in 30 seconds. Used by 500+ web agencies.

Scan my website — free 📋 See all 3 affected sites

How to Check If Your Website Is Affected

1 Log in to your WordPress dashboard with your admin credentials
2 Look at the bottom right corner or hover over your WordPress logo—it will display your current version number
3 If it shows 4.5.12 or any version below 6.0, your site is running outdated software and needs immediate updates

How to Fix These Vulnerabilities

1 Back up your entire website using your hosting provider's backup tool or a WordPress backup plugin—this protects you if something goes wrong during the update
2 Deactivate all plugins before updating by going to Plugins > Installed Plugins and clicking 'Deactivate' on each one
3 Update WordPress to the latest stable version by going to Dashboard > Updates and clicking 'Update Now', then update all your plugins to their latest versions
4 Test your website thoroughly on a staging environment to ensure everything works correctly before going live, then reactivate your plugins one by one while testing

Conclusion

WordPress 4.5.12 contains four known vulnerabilities that put your website at serious risk of attack. The HIGH severity Stored Cross-Site Scripting vulnerability in WP Meta SEO alone could allow attackers to inject malicious code that affects every visitor to your site. Combined with the Sensitive Information Exposure and path traversal vulnerabilities, running this outdated version is a cybersecurity liability that could damage your reputation and cost you customers.

Don't wait for an attack to happen—take action today to secure your WordPress installation. If you're unsure about the update process or worried about compatibility issues, SiteRecipe.com provides comprehensive security scanning and remediation guidance to help you identify vulnerabilities across your entire digital infrastructure. Visit SiteRecipe.com now to scan your website for free and discover exactly what security issues need attention. Our platform makes it easy to prioritize fixes and track your security posture over time.

Frequently Asked Questions

What is a Stored Cross-Site Scripting (XSS) vulnerability?

Stored XSS is when an attacker injects malicious code into your website that gets saved in your database. Every time someone visits your site, that malicious code runs in their browser, potentially stealing their information or redirecting them to dangerous websites. The CVE-2023-6961 vulnerability in WP Meta SEO allows this through the Referer header.

How do I know if my plugins are vulnerable?

WordPress plugins show their version numbers in your plugin list. Compare each plugin's version against known vulnerable versions (like WP Meta SEO versions up to 4.5.12). You can also use SiteRecipe.com's security scanner, which automatically checks your installed plugins against a database of known vulnerabilities and alerts you to any issues.

Can I safely skip updating to the latest WordPress version?

No, updating is essential for security. While WordPress tries to maintain backward compatibility, staying on outdated versions like 4.5.12 leaves you exposed to known exploits that hackers actively target. Updates typically improve performance and fix bugs, so the benefits far outweigh any minor compatibility risks.

What happens if I get hacked due to these vulnerabilities?

A successful attack could result in stolen customer data, malware distribution from your site, defaced content, or complete site takeover. Recovery is expensive and time-consuming, and you may face legal liability if customer data is compromised. Prevention through timely updates is far cheaper than dealing with a breach.

Is it risky to update WordPress on a live website?

While updates are generally safe, best practice is to test on a staging environment first. Most modern hosting providers make this easy with one-click staging tools. However, staying on an insecure version is riskier than updating—the security benefits outweigh the minimal update risks when done properly.

Generate white-label reports for your clients

Web agencies use SiteRecipe to produce branded PDF security reports in 30 seconds.

Free scan Agency plans 📋 3 affected sites

DISCLAIMER: This report is based on publicly available CVE data from the National Vulnerability Database (NVD) maintained by NIST. Detection of a technology version does not confirm active exploitation on any specific website. For informational purposes only. SiteRecipe is not responsible for actions taken based on this report. Always consult a qualified security professional.

Source: nvd.nist.gov · Published: June 07, 2026 · SiteRecipe.com