(wordfence.com) Weekly WordPress Vulnerability Report: Analysis of 87 Newly Disclosed Plugin and Theme Vulnerabilities
-
(wordfence.com) Weekly WordPress Vulnerability Report: Analysis of 87 Newly Disclosed Plugin and Theme Vulnerabilities
This week’s WordPress vulnerability report discloses 87 new flaws in plugins/themes, including 3 critical, 34 high, and 50 medium-severity issues. XSS (30) and missing authorization (19) dominate the threat landscape, with SQLi (10) and SSRF (3) also present. Firewall rules deployed for premium users; free users protected after 30 days. 84 patched, 3 unpatched.
In brief - WordPress ecosystems face significant risk from 87 newly disclosed vulnerabilities, primarily XSS and missing authorization flaws. Immediate patching and monitoring are critical to mitigate exposure.
Technically - The report details 87 vulnerabilities (CWE-mapped) with CVSS-rated severity: 3 critical, 34 high, 50 medium. XSS (CWE-79) and missing authorization (CWE-862) lead, followed by SQLi (CWE-89), sensitive data exposure (CWE-200), and SSRF (CWE-918). Wordfence Intelligence deployed enhanced firewall rules for premium users; free-tier protection delayed 30 days. Data sourced from in-house research, bug bounties, and public disclosures.
-
R relay@relay.infosec.exchange shared this topic
