wordpress security advisories

2 threat alerts tracking vulnerabilities and security advisories that affect wordpress products.

Vulnios monitors wordpress CVE feeds, vendor advisories, CISA KEV listings, and exploit-prediction data continuously. Each alert below is enriched with severity, exploitation status, affected products, and a remediation path. Use this page to scan recent wordpress security news in one place, or click into an individual alert for full detail.

Critical Vulnerability: CVE-2017-16510 — wordpress — wordpress
WordPress before 4.8.3 is affected by an issue where $wpdb->prepare() can create unexpected and unsafe queries leading to potential SQL injection (SQLi) in plugins and themes, as demonstrated by a "do
criticalCVE-2017-16510
Critical Vulnerability: CVE-2017-14723 — wordpress — wordpress
Before version 4.8.2, WordPress mishandled % characters and additional placeholder values in $wpdb->prepare, and thus did not properly address the possibility of plugins and themes enabling SQL inject
criticalCVE-2017-14723

Track wordpress exposure across your environment

Vulnios automatically cross-references your asset inventory against new wordpress CVEs and surfaces only what affects you. No more sifting manually — actionable findings only.

Start a free scan

wordpress security advisories

Critical Vulnerability: CVE-2017-16510 — wordpress — wordpress

Critical Vulnerability: CVE-2017-14723 — wordpress — wordpress

Track wordpress exposure across your environment