Connect with us

WordPress News

WordPress Vulnerability Statistics for July 2021

Published

on

WordPress Vulnerability Statistics for July 2021


In this blog post we are going to look at the vulnerabilities added to the WPScan WordPress Vulnerability Database in July 2021. The vulnerabilities were all hand curated and added to our database by WordPress security experts. The vulnerabilities come from independent security researchers from the security community who submit them to us via our submission form. We award monthly giveaways to randomly selected submitters. Many vulnerabilities are also found by the WPScan team through additional security research. Each vulnerability was responsibly disclosed to the software author, or to WordPress.

Total Vulnerabilities July 2021

In July, we added 158 total WordPress vulnerabilities to our database, that’s five vulnerabilities per day, every day, throughout July.

158 total WordPress vulnerabilities added to WPScan database in July 2021

WordPress Vulnerabilities July 2021

This month we saw the release of WordPress 5.8 “Tatum”, but there have been no public security fixes. This release did drop support for Internet Explorer 11, which will have some small security benefits.

Plugin Vulnerabilities July 2021

In July, we added 153 WordPress plugin vulnerabilities to our database, that’s almost five plugin vulnerabilities per day, every day, throughout July.

153 total plugin vulnerabilities added to WPScan database in July 2021

Theme Vulnerabilities July 2021

In July, we added 5 WordPress theme vulnerabilities to our database. It is common to see less theme vulnerabilities than plugin vulnerabilities. This is due to there being less themes available than plugins and themes generally being less complex.

5 total theme vulnerabilities added to WPScan database in July 2021

Top 10 Vulnerabilities July 2021

Vulnerability Type Count
W1 Cross-Site Scripting (XSS) 65
W2 Cross-Site Request Forgery (CSRF) 30
W3 SQL Injection 17
W4 Access Controls 10
W5 Directory Traversal 5
W6 Authentication Bypass 4
W7 Server-Side Request Forgery (SSRF) 4
W8 File Upload 4
W9 Insecure Direct Object Reference (IDOR) 2
W10 Privilege Escalation 2

Keeping Secure

To find out if any of the vulnerabilities added to our database affect your WordPress website, you can install our security plugin, or use our security scanner. We also offer Enterprise API plans for enterprise users.



Source link

Continue Reading
Click to comment

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.