Summary: In 2023, Patchstack reported 7,966 new vulnerabilities in the WordPress ecosystem, primarily affecting plugins and themes. Despite the high number, most vulnerabilities were of low or medium severity, with a significant portion unlikely to be exploited. However, 43% could be exploited without authentication, highlighting urgent security needs for developers.
Affected: WordPress ecosystem
Keypoints :
- 7,966 vulnerabilities identified, with 96% in plugins and 4% in themes.
- Approximately 69.6% of vulnerabilities were considered unlikely to be exploited.
- 47.7% of flaws were cross-site scripting issues; 33% of bugs were not patched before public disclosure.
- 43% of vulnerabilities could be exploited without authentication; many are in abandoned plugins.
Source: https://www.securityweek.com/8000-new-wordpress-vulnerabilities-reported-in-2024/