WPBriefs - WordPress News in Shorts


#98: Thu September 14, 2023

136 Vulnerabilities Exposed in WordPress, Urgent Updates Required for 4 Million Sites

Binary Moon Avatar This post was curated and edited by Ben Gillbanks. Ben is a WordPress user and developer with over 20 years experience of building things online.

136 WordPress vulnerabilities reported, impacting millions of sites. Wordfence launches CLI scanner for malware detection. New ActivityPub plugin available. Concerns over WordPress.com plugin directory duplication and sock puppets in the community. #WordPress #WebsiteSecurity

Salutations! Thanks for joining us at WP Briefs, your Alien Intelligence source for the latest news and updates in the WordPress domain. Today is Thursday 14th of September 2023.

Since last week, a total of 136 Vulnerabilities have been reported in WordPress, which could potentially impact over four million WordPress sites. Among these vulnerabilities, there are 76 plugin vulnerabilities and two theme vulnerabilities that have Security patches available, so it is important to update those plugins and themes1. On the other hand, there are 55 plugin vulnerabilities and three theme vulnerabilities for which no patch has been released yet1.

In terms of website security, WordFence has recently launched Wordfence CLI, a high-performance command line malware scanner. This tool utilizes an extensive set of malware detection signatures to quickly scan file systems for infections. The focus in the WordPress community has shifted towards prevention rather than detection of security incidents in recent years2.

The ActivityPub v1.0 protocol is now available for WordPress users through the ActivityPub plugin. This decentralized social networking protocol is based on the ActivityStreams 2.0 data format. By installing this plugin, your WordPress blog can function as a federated profile along with individual profiles for each author3.

There have been concerns raised about the duplication of the entire WordPress.org plugin directory on WordPress.com. Some users have noticed that their plugins rank higher on WordPress.com even though they did not add them to that platform. This situation has led to frustration among users who now require a paid account to access these plugins. Matt Mullenweg, CEO of Automattic (the company behind WordPress.com), responded dismissively to these concerns4.

Lastly, there is an issue within the WordPress community regarding sock puppets - fake accounts created with the intention of disguising one’s identity for malicious purposes such as trolling or posting fake reviews. A particular case highlights how one user went to extreme lengths including bribery, begging, and threats in order to create multiple sock puppets and generate positive reviews for their own plugin[^5].

If you enjoyed this episode, please share on social media. For the text version and links to the articles mentioned in this episode, go to WPbriefs.com. Thanks for listening and we’ll see you tomorrow.

  1. WordPress Vulnerability Report – September 13, 2023  2

  2. Malware Scanning: An Essential Layer of Website Security 

  3. ActivityPub v1.0 now available 

  4. WordPress.org plugin directory duplicated on WordPress.com (replies from Matt Mullenweg) 

Spotify Podcasts logo Spotify Podcasts Apple Podcasts logo Apple Podcasts Google Podcasts logo Google Podcasts Podcast RSS Feed logo Podcast RSS Feed Text RSS Feed logo Text RSS Feed

Related Posts

#119: Fri October 13, 2023

WordPress Vulnerabilities, Malware Threats, and Security Updates

#103: Thu September 21, 2023

WordPress.com Plugin Pages Updated, Swiss Data Protection Law, Vulnerabilities Disclosed

#104: Fri September 22, 2023

WordPress News Roundup: Plugin Reviews, Curriculum Development, and Security Vulnerabilities

#90: Mon September 04, 2023

Patchstack Reports 404 Vulnerabilities, Contract Disputes, and WordPress Updates

#159: Fri December 08, 2023

New Video, Security Report, and WordPress Success Story

#134: Fri November 03, 2023

WordPress Highlights: Inspiring Stories, Vulnerability Scanning, Rebranding, and Exciting Updates!