via ithemes.com => original post link
This week, 162 vulnerabilities may affect over 8 million WordPress sites. There are 74 plugin vulnerabilities with security patches available, so run those updates if you use these plugins! Additionally, there are 88 plugin vulnerabilities with no patch available yet. At least nine of these have been closed and dropped from the wordpress.org plugin directory so far. If you are using any unpatched plugins or themes, check their vendors’ intentions and progress on a security release. If no patch is forthcoming or the vulnerable plugin or theme has been closed, you should consider deactivation and removal in favor of alternative solutions.
For reference, these reports are published every Wednesday and include all active vulnerabilities tracked by Patchstack as of Monday since the previous report. This leaves a 48-hour window for the newest emerging vulnerabilities to be patched before full public disclosure. iThemes Security Pro users have access to vulnerability alerts emerging within this window.
No new WordPress core vulnerabilities were disclosed this week.