This week’s WordPress vulnerability report discloses 87 new flaws in plugins/themes, including 3 critical, 34 high, and 50 medium-severity issues. XSS (30) and missing authorization (19) dominate the threat landscape, with SQLi (10) and SSRF (3) also present. Firewall rules deployed for premium users; free users protected after 30 days. 84 patched, 3 unpatched.

In brief - WordPress ecosystems face significant risk from 87 newly disclosed vulnerabilities, primarily XSS and missing authorization flaws. Immediate patching and monitoring are critical to mitigate exposure.

Technically - The report details 87 vulnerabilities (CWE-mapped) with CVSS-rated severity: 3 critical, 34 high, 50 medium. XSS (CWE-79) and missing authorization (CWE-862) lead, followed by SQLi (CWE-89), sensitive data exposure (CWE-200), and SSRF (CWE-918). Wordfence Intelligence deployed enhanced firewall rules for premium users; free-tier protection delayed 30 days. Data sourced from in-house research, bug bounties, and public disclosures.

Source: https://www.wordfence.com/blog/2026/05/wordfence-intelligence-weekly-wordpress-vulnerability-report-april-27-2026-to-may-3-2026/

#Cybersecurity #ThreatIntel