WordPress Vulnerability Report – August 2, 2023

Since last week, 94 total vulnerabilities emerged in public disclosure. They may affect over 7 million WordPress sites. There are 56 plugin vulnerabilities with security patches, so run those updates!

Additionally, there are 35 plugin vulnerabilities and three theme vulnerabilities with no patch available yet. If you use an unpatched plugin or theme, check their vendors’ intentions and progress on a security release. Suppose no patch is forthcoming or the vulnerable software has been marked “closed” and dropped from the official WordPress theme and plugin repositories. In that case, you should consider deactivation and removal in favor of alternative solutions.

FREE ONLINE TRAINING EVENT AUG 8TH @ 1:00 P.M. (CT)

New research from Snicco, WeWatchYourWebsite, Automattic-backed GridPane, and PatchStack claims WordPress security plugins with malware scanners are fundamentally flawed. And they’re being actively defeated by malware in the wild right now!

In this webinar, StellarWP technical writer Dan Knauss will explain the problem with malware scanners and the WordPress security best practices you need to implement to truly keep your sites safe.

WordPress core is very secure when it’s properly configured and maintained. Vulnerable plugins not updated by site owners are the most common vector for attacks on WordPress websites. Our weekly WordPress Vulnerability Report, powered by Patchstack, covers new vulnerabilities that have emerged in plugins, themes, and/or WordPress core since last week’s report. Our goal is to spread awareness of emerging security threats and help you decide what to do if you find vulnerable software on your website. For a deeper analysis of recent trends in WordPress vulnerabilities and threat vectors, see our 2022 Annual Vulnerability Report.