Patchstack Weekly - the State of WordPress Security report, tl;dr edition

    EPISODE #62   The State of WordPress Security 2022 Report   Last year we saw 328% more reported security bugs added to our vulnerability database compared to 2021. This is actually a positive sign of the ecosystem becoming more secure, as more bugs are being caught (and patched). On the downside, we also saw that 26% of new critical severity bugs went unpatched, highlighting the silent risk posed by abandoned plugins. Today's episode is a sort of a tl;dr, as we dive into some of the bigger findings from our 2022 security whitepaper and explain what they mean for you:   [Read more here 👀](   Vulnerability news This week's vulnerability roundup includes a little mystery around the Postmatic Plugin (a.k.a Replyable) - the developers had patched a PHP Object Injection vulnerability in the plugin. However, the plugin is currently closed due to an unknown security issue. So if you're using Postmatic/Replyable, we suggest looking for an alternative solution until this matter is cleared up.   WooCommerce Checkout Field Manager Plugin Arbitrary File Upload vulnerability   Sites affected: 200+ CVSS 3.0 score: 10.0 (Critical severity)Fixed in version: 18.0   WordPress Watu Quiz Plugin Cross Site Scripting (XSS) vulnerability   Sites affected: 5,000+ CVSS 3.0 score: 7.1 (High severity)Fixed in version: 3.3.9.1   WordPress Postmatic Plugin PHP Object Injection vulnerability   Sites affected: N/A CVSS 3.0 score: 7.4 (High severity)Fixed in version: 2.2.10         If you are using any of the mentioned plugins, you need to update to the latest version as soon as possible. Websites with Patchstack Professional are already protected!   Always keep your plugins updated! Professional users can [enable automatic updating](. If you are not protecting your WordPress site against plugin vulnerabilities yet, you can [start for free](.   [( [( []( []( ©2023 Patchstack OÜ Aida 7, 80011 Pärnu, Estonia [Unsubscribe](.• [Privacy policy](