Skip to main content
(844) 422-7000


WordPress before 5.8 lacks support for the Update URI plugin header. This makes it easier for remote attackers to execute arbitrary code via a supply-chain attack against WordPress installations that use any plugin for which the slug satisfies the naming constraints of the Plugin Directory but is not yet present in that directory. (CVSS:7.5) (Last Update:2021-11-30)