Since our last report, 109 new vulnerabilities have been publicly disclosed in WordPress plugins.1 Security patches for 79 plugins are available now, so run those updates as soon as possible. If you�re a Solid Security Pro user, version management has already warned you and updated these plugins if you’ve activated this feature in your settings.
Additionally, there are 30 vulnerabilities with no patch available yet. If you�re a Solid Security Pro user, those vulnerabilities are already protected by the Solid Security firewall with virtual patches from Patchstack. If no patch is forthcoming from the vendor or the vulnerable software has been marked �closed� and dropped from the official WordPress repositories, you should deactivate it soon and look for alternative solutions.
WordPress Core
WordPress 6.4.1 was released on November 8 as a short-cycle maintenance release to address several bugs, including loss of backward compatibility with a dependency, cURL 7.29 or earlier. This broke the WordPress internal update facility on servers running very old, insecure cURL versions.
WordPress 6.4 was released on November 7 as the third major release of 2023. Following a major release, you should not update live sites without taking backups and testing the update in a non-production environment first.
WordPress Plugins � 79 Patched / 30 Unpatched
WordPress Themes � 0 Patched / 0 Unpatched
Notes
- This report comes out on Wednesdays and covers the last seven days of public disclosures in the Patchstack vulnerability database from the beginning of the previous week to the beginning of the current week � from last Monday to this Monday. This period intentionally excludes any vulnerabilities added to the database in the last 48 hours. However, that up-to-the-minute Patchstack vulnerability data powers Solid Security Pro for our customers who have purchased Solid Suite or Solid Security Pro. Using Patchstack’s virtual patches, Solid Security Pro automatically protects WordPress sites from active exploits aimed at unpatched vulnerabilities.