via ithemes.com => original post link
This week, 116 vulnerabilities may affect over 6 million WordPress sites. There are 67 plugin vulnerabilities and 2 themes with security patches available, so run those updates if you use these plugins! Additionally, there are 45 plugin vulnerabilities and 2 theme vulnerabilities with no patch available yet. At least three of these have been closed and dropped from the wordpress.org plugin directory so far. If you are using any unpatched plugins or themes, check their vendors’ intentions and progress on a security release. If no patch is forthcoming or the vulnerable plugin or theme has been closed, you should consider deactivation and removal in favor of alternative solutions.
For reference, these reports are published every Wednesday and include all active vulnerabilities tracked by Patchstack as of Monday since the previous report. This leaves a 48-hour window for the newest emerging vulnerabilities to be patched before full public disclosure. iThemes Security Pro users have access to vulnerability alerts emerging within this window.
No new WordPress core vulnerabilities were disclosed this week.