WordPress users have been subject to a rash of plugin vulnerabilities over the past couple of months. Some of these vulnerabilities have been so widespread that the FBI recently warned users of attacks designed to exploit WordPress sites. Not long after WordPress published its Security White Paper, an outbreak of issues popped up, starting with a blind SQL injection vulnerability in WordPress SEO by Yoast, followed by a security release from the Pods Framework, and a few other plugins containing similar issues. WordPress.org has not yet created a way to publicly identify the plugins for which its security team is pushing out automatic updates. The process involves coordination with the plugin developer and the core developers who have been allocated to verify and test the vulnerabilities. Once their automatic update process for mitigating serious vulnerabilities is ironed out, it would be helpful to have a section of WordPress.org dedicated to transparency about which plugins have received these forced automatic updates. In the meantime, WordPress users need to remain vigilant about staying current with updates. Plugin Vulnerabilities is a plugin that helps users stay on top of security
Share This

We are using cookies on our website

Please confirm, if you accept our tracking cookies. You can also decline the tracking, so you can continue to visit our website without any data sent to third party services.