Last week, 139 vulnerabilities were disclosed in 116 WordPress Plugins and 10 WordPress Themes, with contributions from 84 vulnerability researchers.
This report covers the full scope of what was added to the Wordfence Intelligence Vulnerability Database during this period.
Of the 139 vulnerabilities, 6 were rated Critical severity, 46 High, 86 Medium, and 1 Low. On the patching front, 109 have been addressed by developers, but 30 remain unpatched.
Among the most serious issues: Barcode Scanner's unauthenticated privilege escalation (CVSS 9.8), Visa Acceptance Solutions' authentication bypass (CVSS 9.8), WebStack theme's unauthenticated arbitrary file upload (CVSS 9.8), and an injected backdoor discovered in WowShipping Pro (CVSS 9.8).
Cross-site Scripting was the most common vulnerability type with 48 instances, followed by Missing Authorization at 27 and SQL Injection at 15.
The Wordfence Intelligence Vulnerability Database, API, webhook integration, and CLI Vulnerability Scanner are all completely free to access and use.
Whether you are an individual site owner, hosting provider, or enterprise, these tools can help you stay ahead of threats.
Read the full report with complete vulnerability details: