For the past 30 months, we have reported quite a lot of vulnerabilities we discovered in WordPress themes and plugins. Here are some interesting stats and facts about them, as well as few recommendations for all developers of WordPress plugins and themes.
In this article we will see how to provide a very high level of protection to a WordPress blog with a web application firewall.
The WordPress Welcart e-Commerce plugin (20,000+ active installations) fixed multiple information disclosure vulnerabilities affecting version 2.2.7 and below.
The WordPress Advanced Shipment Tracking for WooCommerce (50,000+ active installations) fixed a critical vulnerability affection version 188.8.131.52 and below.
The WordPress Frontend File Manager plugin (2,000+ active installations) fixed multiple critical vulnerabilities affecting version 18.2 and below that could lead to content injection, privilege escalation, stored XSS, arbitrary file upload among several other issues.