There have been 146 vulnerabilities in the plugin and theme ecosystem disclosed in public disclosures within this WordPress Vulnerability Report.
More than 17 million WordPress sites may be affected by these vulnerabilities.
WordPress 6.2.1, the first security and maintenance update for the 6.2 version line, was released this week. Patches were applied to five security vulnerabilities, including Cross-Site Scripting (XSS), Cross-Site Request Forgery (CSRF), and path traversal. It is likely that your site is already protected if you have set your site to automatically update WordPress core point releases. Nonetheless, ensuring that the update is applied to your site is a good practice.
Please review the WordPress trac tickets for 6.2.1 for a full review of these patches.
There have been 146 vulnerabilities in the plugin and theme ecosystem disclosed in public disclosures within this WordPress vulnerability report. More than 17 million WordPress sites may be affected by these vulnerabilities. 92 of the vulnerabilities are in plugins, and 5 are in themes that have security patches. The two most popular ones are Elementor (used on more than five million sites) and Divi (used on over four million sites).
Moreover, there are 49 plugin vulnerabilities that have not yet been patched yet, and they are listed in a post over at iThemes Security Blog . If you are using any plugins or themes that have not been patched you need to check the vendors’ intentions and progress on a security release. If no patch is scheduled or planned it is likely the vulnerable item will be closed and/or dropped from the official WordPress theme and plugin repositories. At this point, deactivation and removal of the plugin or theme search for an alternative solution is the best path forward.
About The Author: Admin
More posts by Admin