WordPress Vulnerability Report – September 6, 2023

Since last week, 95 total vulnerabilities emerged in public disclosure. They may affect over two million WordPress sites. There are 32 plugin vulnerabilities with security patches, so run those updates!

Additionally, there are 60 plugin vulnerabilities and three theme vulnerabilities with no patch available yet. If you use an unpatched plugin or theme, check their vendors’ intentions and progress on a security release. Suppose no patch is forthcoming or the vulnerable software has been marked “closed” and dropped from the official WordPress theme and plugin repositories. In that case, you should consider deactivation and removal in favor of alternative solutions.

FREE ONLINE TRAINING EVENT SEPT 6TH @ 1:00 P.M. (CT)

Discover essential best practices for safeguarding your WordPress website through proactive security measures. Join WordPress security expert Thomas Raef as he explains the art and science of WordPress security, focusing on three key dimensions: hosting, WordPress configurations, and user management. You’ll also learn how Solid Security equips users with tools that diminish hacking risks, focusing on safeguarding plugins, themes, and user accounts.

WordPress Core News

“Lionel” was released on August 8, 2023. This release of WordPress was built to help you “create beautiful and compelling websites more efficiently than ever.” See what’s new in WordPress 6.3.

Don’t forget to fully back up your website before installing WordPress 6.3. BackupBuddy, the industry-leading data protection and recovery solution for WordPress, will help you build a strong backup strategy to manage all updates. Embrace the enhanced content creation experience of WordPress 6.3 with confidence — and a backup copy of your website safely stored on a remote server.

WordPress core is very secure when it’s properly configured and maintained. Vulnerable plugins not updated by site owners are the most common vector for attacks on WordPress websites. Our weekly WordPress Vulnerability Report, powered by Patchstack, covers new vulnerabilities that have emerged in plugins, themes, and/or WordPress core since last week’s report. Our goal is to spread awareness of emerging security threats and help you decide what to do if you find vulnerable software on your website. For a deeper analysis of recent trends in WordPress vulnerabilities and threat vectors, see our 2022 Annual Vulnerability Report.