Opened 2 years ago
Closed 2 years ago
#56275 closed enhancement (maybelater)
Check plugins for known vulnerabilities
Reported by: | oglekler | Owned by: | |
---|---|---|---|
Milestone: | Priority: | normal | |
Severity: | normal | Version: | |
Component: | Site Health | Keywords: | |
Focuses: | Cc: |
Description
Site Health should check site's plugins and their versions names against plugins list with known vulnerabilities and give even more severe warning in case if there is a match with the list.
Further, it can offer an update or disable the plugin if there is no cure yet available.
Change History (1)
Note: See
TracTickets for help on using
tickets.
This would require WordPress.org to maintain a complete list of all vulnerabilities, including for premium plugins or themes. If that prerequisite does not exist, then this would offer a false security to users, and may have a negative impact on the project as a whole.
I'm aware that there are multiple databases of such vulnerabilities, but to guarantee its existence, and maintainability over the foreseeable future, it would need to be part of the WordPress.org suite of services (most of these services also require API keys to use, which is a barrier of entry to end users if they need to sign up and input data to use core features in my opinion).
I do like the idea though, but I'm going to mark this as a
maybelater
, in case the Meta team at any point does implement such a feature, at which point this is definitely something we would be implementing within core.