Discover Tuta Mail: Turn ON Privacy. Take back your data with Tuta's encrypted email, calendar and contacts.
Be informed about the latest reported WP Security Plugin Vulnerabilities. WP Security CVE AUG 2024 is a -31% DECREASE, compared to last month. Consider for your online safety, a WP/Woo SECURITY AUDIT, – OR – switching with a TOP10LIST alternative WP Security Plugin - OR - Hire professionals for managed Security.
TLDR: the details on how to hack a specific software is made public, forcing the vendor to provide a solution (patch or upgrade), that closes that specific vulnerability. CVE is short for Common Vulnerabilities and Exposures. The Common Vulnerabilities and Exposures (CVE) system provides a reference method for publicly known information-security vulnerabilities and exposures. Read more on wikipedia.org: Common Vulnerabilities and Exposures, Common Vulnerability Scoring System, Common Weakness Enumeration.
If you are serious about your online business, then you need to pay attention to the WordPress security best practices. The following cases made headlines PUBLICLY just last month in the WP Security CVE AUG 2024 category:
| Add Admin CSS | Unauthenticated Full Path Disclosure (BAC) |
| Add Admin JavaScript | Unauthenticated Full Path Disclosure (BAC) |
| Admin Trim Interface | Unauthenticated Full Path Disclosure (BAC) |
| Bug Library | Unauthenticated Remote Code Execution (RCE) |
| Bug Library | Cross-Site Scripting (XSS) |
| CM Email Registration Blacklist and Whitelist | Add/Delete Emails via Cross-Site Request Forgery (CSRF) Add and delete any item from blacklist/whitelist |
| CommandBar for WP Admin | Malicious polyfill.io Embed |
| CopySafe Web Protection | Cross-Site Scripting (XSS) |
| CopySafe Web Protection | Cross-Site Scripting (XSS) |
| Easy Custom Code (LESS/CSS/JS) – Live editing | Cross-Site Scripting (XSS) |
| Email Encoder Bundle | Cross-Site Scripting (XSS) |
| JSON API User | Unauthenticated Privilege Escalation (BAC) |
| JSON Content Importer | Server-Side Request Forgery (SSRF) |
| Login by Auth | Cross-Site Scripting (XSS) via wle |
| Login Logo Editor | Cross-Site Scripting (XSS) |
| OpenPGP Form Encryption | Cross-Site Scripting (XSS) |
| Secure Copy Content Protection and Content Locking | Cross-Site Scripting (XSS) |
| Sentry | Malicious polyfill.io Embed |
| SiteGround Security | Broken Access Control (BAC) |
| Support SVG | Cross-Site Scripting (XSS) via SVG Upload (BAC) |
| SVG Block | Cross-Site Scripting (XSS) via SVG File Upload (BAC) |
| SVG Support | Cross-Site Scripting (XSS) via SVG |
| Titan Antispam & Security | Broken Access Control (BAC) |
| Wallet System for WooCommerce | Private Data Exposure via Exported File |
| WooCommerce Social Login | PHP Object Injection |
| WordPress File Upload | Directory Traversal |
| WPS Hide Login | Hidden Login Page Disclosure (BAC) |
| WordPress Security CVE (plugin vulnerabilities) reported in 2023: | 396 |
| WordPress Security CVE (plugin vulnerabilities) reported in 2024: | 165 |
| ALL WordPress CVE (core+plugin+theme vulnerabilities) reported in 2023: | 5853 |
| ALL WordPress CVE (core+plugin+theme vulnerabilities) reported so far in 2024: | 4207 |
Security isn’t something that you can just do once. It's something that's constantly evolving and you need to regularly update your site’s security standards and conduct routine website safety checks if you want to stay protected. There isn’t a way to 100% protect your website from hackers and other malicious attempts. But, if you want to give your site the highest level of protection possible, then it’s a good idea to update immediately these WP Security CVE plugins.
You rely on a Security guard that currently is sleeping!
How wonderful would be to simply let others take care of your chores? We absolutely understand why you would want that. This is why we propose this unique campaign: the price of one cup of coffee for a managed service.
Start simply by contacting us with your selections:
We care about the protection of your personal data. Update, subscribe or unsubscribe anytime. Read our Privacy Policy.