WordPress Vulnerability Statistics for July 2021

In this blog post we are going to look at the vulnerabilities added to the WPScan WordPress Vulnerability Database in July 2021. The vulnerabilities were all hand curated and added to our database by WordPress security experts. The vulnerabilities come from independent security researchers from the security community who submit them to us via our submission form. We award monthly giveaways to randomly selected submitters. Many vulnerabilities are also found by the WPScan team through additional security research. Each vulnerability was responsibly disclosed to the software author, or to WordPress.

Total Vulnerabilities July 2021

In July, we added 158 total WordPress vulnerabilities to our database, that’s five vulnerabilities per day, every day, throughout July.

158 total WordPress vulnerabilities added to WPScan database in July 2021

WordPress Vulnerabilities July 2021

This month we saw the release of WordPress 5.8 “Tatum”, but there have been no public security fixes. This release did drop support for Internet Explorer 11, which will have some small security benefits.

Plugin Vulnerabilities July 2021

In July, we added 153 WordPress plugin vulnerabilities to our database, that’s almost five plugin vulnerabilities per day, every day, throughout July.

153 total plugin vulnerabilities added to WPScan database in July 2021

Theme Vulnerabilities July 2021

In July, we added 5 WordPress theme vulnerabilities to our database. It is common to see less theme vulnerabilities than plugin vulnerabilities. This is due to there being less themes available than plugins and themes generally being less complex.

5 total theme vulnerabilities added to WPScan database in July 2021

Top 10 Vulnerabilities July 2021

Vulnerability TypeCount
W1Cross-Site Scripting (XSS)65
W2Cross-Site Request Forgery (CSRF)30
W3SQL Injection17
W4Access Controls10
W5Directory Traversal5
W6Authentication Bypass4
W7Server-Side Request Forgery (SSRF)4
W8File Upload4
W9Insecure Direct Object Reference (IDOR)2
W10Privilege Escalation2

Keeping Secure

To find out if any of the vulnerabilities added to our database affect your WordPress website, you can install our security plugin, or use our security scanner. We also offer Enterprise API plans for enterprise users.

For more WordPress vulnerability statistics view our statistics page, which is updated daily.

Leave a Reply