When does WordPress reach end-of-life?

The latest supported WordPress release is 7.0.0. After end-of-life a release no longer receives security patches.

WordPress ↗

WordPress · CMS

100/100 Healthy

Summary iPlain-English security verdict for WordPress, generated from its current health score, actively-exploited vulnerabilities, and latest supported version.

WordPress currently scores 100/100 — healthy. 1 actively-exploited vulnerability (CISA KEV) affects older releases (e.g. CVE-2016-10033) — staying on the latest supported version keeps you clear of it. The latest supported release is 7.0.0. It's on the latest patch with no significant known issues — keep it current.

Disclosure trend iNew CVEs published for WordPress each year (NVD). A higher bar means more disclosures that year — more scrutiny, not necessarily less safe.

'19

'20

'21

'22

'23

'24

'25

'26

Patch priority — what to act on iThe issues to fix first — actively exploited (CISA KEV) first, then by exploitation probability (EPSS), then severity. Each row's "→ fixed in" is the earliest version that patches it; "see advisory" means no fixed version is published.

Most urgent first — actively exploited, then likeliest to be exploited.

CVE-2016-10033 CRITICAL ● exploited CWE-88 EPSS 94% → see advisory CVE-2019-8943 MEDIUM Path traversal EPSS 94% → see advisory CVE-2019-8942 HIGH Unrestricted file upload EPSS 93% → fixed in 4.9.9 CVE-2016-10045 CRITICAL Command injection EPSS 93% → see advisory CVE-2017-5487 MEDIUM Information disclosure EPSS 92% → see advisory CVE-2021-29447 HIGH XML external entity (XXE) EPSS 91% → fixed in 5.7.1 CVE-2024-4439 HIGH CWE-80 EPSS 91% → see advisory CVE-2022-21661 HIGH SQL injection EPSS 90% → fixed in 5.8.3 CVE-2022-3590 MEDIUM CWE-367 EPSS 90% → see advisory CVE-2018-12895 HIGH Path traversal EPSS 90% → fixed in 4.9.7 CVE-2018-6389 HIGH Uncontrolled resource consumption EPSS 87% → see advisory CVE-2009-2335 MEDIUM CWE-16 EPSS 85% → fixed in 2.8.1

Versions & lifecycle iWhen each release line stops receiving security patches (end-of-life). After EOL there are no more fixes — plan upgrades before these dates.

How long each WordPress release line is supported — and when it sunsets.

7.0 latest 7.0.0 Supported

6.9 latest 6.9.4 End of life ended 2026-05-20

6.8 latest 6.8.5 End of life ended 2025-12-02

6.7 latest 6.7.5 End of life ended 2025-04-15

6.6 latest 6.6.5 End of life ended 2024-11-12

6.5 latest 6.5.8 End of life ended 2024-07-16

6.4 latest 6.4.8 End of life ended 2024-04-02

6.3 latest 6.3.8 End of life ended 2023-11-07

6.2 latest 6.2.9 End of life ended 2023-08-08

6.1 latest 6.1.10 End of life ended 2023-03-29

See all upcoming end-of-life dates →