Is there an official or “blessed” vulnerability database for #WordPress plugins? I’m looking for what the community uses as the definitive resource.
Discussion
Loading...
@ramsey Unfortunately, I often ask myself the same question. Officially, there is nothing from WordPress itself, but https://www.cve.org/CVERecord/SearchResults?query=wordpress%20plugin should theoretically have some information. I follow #wordpress here in the Fediverse, where a few messages are posted from time to time. You can also use a security plugin that informs you about possible problems on your site. Or https://wordpress.org/plugins/patchstack/ #patchstack
@ramsey WordPress _IS_ the vulnerability.
I'm being facetious, but WP seems like an odd choice these days, given how many better options for building static sites and blogs exist now (eg: Astro).
It could be argued that WordPress has a rich ecosystem, but you're literally asking for ways to ensure said ecosystem doesn't bite you.
@ramsey According to https://www.cve.org/PartnerInformation/ListofPartners the "official CNAs for WordPress are Wordfence and WPScan
https://www.cve.org/PartnerInformation/ListofPartners/partner/Wordfence
https://www.cve.org/PartnerInformation/ListofPartners/partner/WPScan
Not sure that helps though...
@ramsey whoever shouts the loudest the current week as far as I know…