What Is a CVE and Why Should Every Website Owner Care?

You may have seen «CVE-2024-XXXX» in security bulletins and wondered what it means. CVE stands for Common Vulnerabilities and Exposures — a public registry of known security flaws in software.

Why CVEs matter for WordPress

WordPress plugins and themes are software. When a vulnerability is discovered and assigned a CVE, it means the flaw is documented, public, and attackers actively search for sites running the vulnerable version.

How to track CVEs relevant to your site

The WPScan Vulnerability Database lists WordPress-specific CVEs. Wordfence also sends email alerts when a plugin you have installed receives a new CVE disclosure.

What to do when a CVE affects your site

Update immediately. If no patch is available yet, deactivate the plugin until one is released. Speed matters — most attacks happen within 48 hours of a CVE being published.