January 2017 WordPress Core, Plugins & Themes Vulnerabilities Roundup

Last updated on April 12th, 2019 by Robert Abela. Filed under News

In this first monthly roundup of WordPress core, plugins and themes reported vulnerabilities for 2017 we had a good number of WordPress plugins  and vulnerabilities reported. This vulnerabilities and security issues roundup is made possible through WP Security Bloggers, an aggregate of popular WordPress security blogs and websites that publish WordPress security news and updates. Subscribe to the WP Security Bloggers newsletter to keep yourself up to date with what is happening in the world of WordPress security.

Overview of WordPress Vulnerabilities in January 2017

In January 33 WordPress plugin vulnerabilities were reported, and 12 in WordPress core. Since we have been keeping a record of reported vulnerabilities, this has been the busiest month for WordPress core vulnerability. All these vulnerabilities are all a good sign, that WordPress is simply becoming a more secure software, as explained in Crunching the numbers, how secure WordPress is?

Below is the complete list of all the WordPress plugins and themes vulnerabilities reported in January 2017:

WordPress Plugins Vulnerabilities

WordPress Core Vulnerabilities

You can read the release notes of WordPress 4.7.1 for more information on the above mentioned WordPress core vulnerabilities that are not linked.

WordPress Hosting, Firewall and Backup

This Website is:


Your count of plugin vulnerabilities reported this month is somewhat off.

For 8 entries you link to posts we created to provide the details of vulnerabilities so that we could provide more detailed information on the issues to those using our Plugin Vulnerabilities plugin and service. In the case of many of those vulnerabilities they were probably actually reported by someone else years ago, but when we went to add them to our data on plugin vulnerabilities there was no page detailing them that was already available that we could link to.

At least a couple of other entries not from us are dated as being from previous months.

Robert Abela 18/02/2017

Thanks for pointing this out, appreciated. Will go through the list again and check them. Do you have the list of those from your system please? You can send it to robert@wpwhitesecurity.com.

Adetayo 04/02/2017

Hi WPWhiteSecurity,

I noticed the date in the title is January 2016, and the overview states that it is for December 2016 please correct it if it is an error.

I am Adetayo, an ardent follower of your blog and a subscriber to your post. I do post this security release on my blog with a link back to your site as the source.

I hope you a fine with that, if not then I think I will have to stop.

Thank you.

Robert Abela 18/02/2017

Hello Adetayo,

Yes there was an error and I corrected it. Thank you for pointing it out. And yes, feel free to link to this post.

Leave a Reply

Your email address will not be published. Required fields are marked *