WordPress Vulnerability Report – September 13, 2023

Since last week, 136 total vulnerabilities emerged in public disclosure. They may affect over four million WordPress sites. There are 76 plugin vulnerabilities and two theme vulnerabilities with security patches, so run those updates!

Additionally, there are 55 plugin vulnerabilities and three theme vulnerabilities with no patch available yet. If you use an unpatched plugin or theme, check their vendors’ intentions and progress on a security release. Suppose no patch is forthcoming or the vulnerable software has been marked “closed” and dropped from the official WordPress theme and plugin repositories. In that case, you should consider deactivation and removal in favor of alternative solutions.

WEBINAR REPLAY NOW AVAILABLE

Discover a streamlined approach to WordPress logins with Passkeys and Solid Security Pro (the new name for iThemes Security Pro). Passkeys are compatible with leading browsers such as Chrome, Firefox, and Safari, as well as biometric logins like Face ID, Touch ID, and Windows Hello. Say goodbye to the hassle of extra two-factor apps, password managers, or intricate password requirements, as website administrators and end users can now enjoy secure logins effortlessly.

Powered by the WebAuthn protocol, these cutting-edge login methods redefine passwordless login experiences, setting the stage for the future of safeguarding sensitive online information, including accessing WordPress sites. Timothy Jacobs, Lead Developer for SolidWP, gives an in-depth exploration of how this innovative technology enhances the WordPress login process for both you and your clients.

WordPress Core News

“Lionel” was released on August 8, 2023. This release of WordPress was built to help you “create beautiful and compelling websites more efficiently than ever.” See what’s new in WordPress 6.3.

Don’t forget to fully back up your website before installing WordPress 6.3. BackupBuddy, the industry-leading data protection and recovery solution for WordPress, will help you build a strong backup strategy to manage all updates. Embrace the enhanced content creation experience of WordPress 6.3 with confidence — and a backup copy of your website safely stored on a remote server.

WordPress core is very secure when it’s properly configured and maintained. Vulnerable plugins not updated by site owners are the most common vector for attacks on WordPress websites. Our weekly WordPress Vulnerability Report, powered by Patchstack, covers new vulnerabilities that have emerged in plugins, themes, and/or WordPress core since last week’s report. Our goal is to spread awareness of emerging security threats and help you decide what to do if you find vulnerable software on your website. For a deeper analysis of recent trends in WordPress vulnerabilities and threat vectors, see our 2022 Annual Vulnerability Report.