In this blog post we are going to look at the vulnerabilities added to the WPScan WordPress Vulnerability Database in July 2021. The vulnerabilities were all hand curated and added to our database by WordPress security experts. The vulnerabilities come from independent security researchers from the security community who submit them to us via our submission form. We award monthly giveaways to randomly selected submitters. Many vulnerabilities are also found by the WPScan team through additional security research. Each vulnerability was responsibly disclosed to the software author, or to WordPress.
Total Vulnerabilities July 2021
In July, we added 158 total WordPress vulnerabilities to our database, that’s five vulnerabilities per day, every day, throughout July.

WordPress Vulnerabilities July 2021
This month we saw the release of WordPress 5.8 “Tatum”, but there have been no public security fixes. This release did drop support for Internet Explorer 11, which will have some small security benefits.
Plugin Vulnerabilities July 2021
In July, we added 153 WordPress plugin vulnerabilities to our database, that’s almost five plugin vulnerabilities per day, every day, throughout July.

Theme Vulnerabilities July 2021
In July, we added 5 WordPress theme vulnerabilities to our database. It is common to see less theme vulnerabilities than plugin vulnerabilities. This is due to there being less themes available than plugins and themes generally being less complex.

Top 10 Vulnerabilities July 2021
Vulnerability Type | Count | |
W1 | Cross-Site Scripting (XSS) | 65 |
W2 | Cross-Site Request Forgery (CSRF) | 30 |
W3 | SQL Injection | 17 |
W4 | Access Controls | 10 |
W5 | Directory Traversal | 5 |
W6 | Authentication Bypass | 4 |
W7 | Server-Side Request Forgery (SSRF) | 4 |
W8 | File Upload | 4 |
W9 | Insecure Direct Object Reference (IDOR) | 2 |
W10 | Privilege Escalation | 2 |
Keeping Secure
To find out if any of the vulnerabilities added to our database affect your WordPress website, you can install our security plugin, or use our security scanner. We also offer Enterprise API plans for enterprise users.
For more WordPress vulnerability statistics view our statistics page, which is updated daily.