Make WordPress Core

#56275 closed enhancement (maybelater)

Check plugins for known vulnerabilities

Reported by: oglekler's profile oglekler Owned by:
Milestone: Priority: normal
Severity: normal Version:
Component: Site Health Keywords:
Focuses: Cc:

Description

Site Health should check site's plugins and their versions names against plugins list with known vulnerabilities and give even more severe warning in case if there is a match with the list.

Further, it can offer an update or disable the plugin if there is no cure yet available.

Change History (1)

#1 @Clorith
19 months ago

  • Milestone Awaiting Review deleted
  • Resolution set to maybelater
  • Status changed from new to closed

This would require WordPress.org to maintain a complete list of all vulnerabilities, including for premium plugins or themes. If that prerequisite does not exist, then this would offer a false security to users, and may have a negative impact on the project as a whole.

I'm aware that there are multiple databases of such vulnerabilities, but to guarantee its existence, and maintainability over the foreseeable future, it would need to be part of the WordPress.org suite of services (most of these services also require API keys to use, which is a barrier of entry to end users if they need to sign up and input data to use core features in my opinion).

I do like the idea though, but I'm going to mark this as a maybelater, in case the Meta team at any point does implement such a feature, at which point this is definitely something we would be implementing within core.

Note: See TracTickets for help on using tickets.