Clik here to view.
High-Severity XSS Vulnerability in Metform Elementor Contact Form Builder
On January 4, 2023, independent security researcher Mohammed Chemouri reached out to the Wordfence Vulnerability Disclosure program to responsibly disclose and request a CVE ID for a vulnerability in...
View ArticleWordfence Intelligence CE Weekly Vulnerability Report (1-30-2023 to 2-5-2023)
In case you missed it, Wordfence has curated an industry leading vulnerability database with all known WordPress core, theme and, plugin vulnerabilities known as Wordfence Intelligence Community...
View ArticleWordfence Intelligence CE Weekly Vulnerability Report (Feb 6, 2023 to Feb 12,...
In case you missed it, Wordfence has curated an industry leading vulnerability database with all known WordPress core, theme, and plugin vulnerabilities known as Wordfence Intelligence Community...
View ArticleAuthorization vs. Intent: Why You Should Always Verify Both
The Wordfence Threat Intelligence team has observed a recent increase in the number of partial vulnerability patches that don’t properly address separate underlying issues. More specifically, we have...
View ArticleWordfence Intelligence CE Weekly Vulnerability Report (Feb 13, 2023 to Feb...
Wordfence has curated an industry leading vulnerability database with all known WordPress core, theme, and plugin vulnerabilities known as Wordfence Intelligence Community Edition. This database is...
View ArticleClik here to view.
All In One SEO Pack Vulnerabilities Impacting 3 Million Sites Patched
On January 26, 2023, the Wordfence Team responsibly disclosed two vulnerabilities in All In One SEO Pack, a WordPress plugin installed on over 3 Million sites which provides search engine optimization...
View ArticleWordfence Intelligence Weekly WordPress Vulnerability Report (Feb 20, 2023 to...
Wordfence has curated an industry leading vulnerability database with all known WordPress core, theme, and plugin vulnerabilities known as Wordfence Intelligence Community Edition. This database is...
View ArticleClik here to view.
Wordfence Intelligence: Because Community Created Vulnerabilities Are...
Last August, at Black Hat 2022 in Las Vegas, we launched Wordfence Intelligence, a product designed to provide large enterprise customers with rich IP threat data, malware signatures, malware hashes,...
View ArticleWordfence Intelligence Weekly WordPress Vulnerability Report (Feb 27, 2023 to...
Wordfence has curated an industry leading vulnerability database with all known WordPress core, theme, and plugin vulnerabilities known as Wordfence Intelligence. This database is continuously updated,...
View ArticleClik here to view.
Vulnerability Patched in Cozmolabs Profile Builder Plugin – Information...
Hundreds, if not thousands of WordPress plugins are conceived with the idea of making site building and maintenance easier for site owners. They add features not available in WordPress Core that would...
View ArticleWordfence Intelligence Weekly WordPress Vulnerability Report (Mar 6, 2023 to...
Last week, there were 60 vulnerabilities disclosed in 40 WordPress Plugins and 1 WordPress theme that have been added to the Wordfence Intelligence Vulnerability Database, and there were 16...
View ArticleClik here to view.
Multiple Reflected Cross-Site Scripting Vulnerabilities in Three WordPress...
The Wordfence Threat Intelligence Team recently disclosed several Reflected Cross-Site Scripting vulnerabilities that we discovered in three different plugins – Watu Quiz (installed on 5,000 sites),...
View ArticleWordfence Intelligence Weekly WordPress Vulnerability Report (Mar 13, 2023 to...
Last week, there were 92 vulnerabilities disclosed in 76 WordPress Plugins and 7 WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 34...
View ArticlePSA: Update Now! Critical Authentication Bypass in WooCommerce Payments...
The Wordfence Threat Intelligence team regularly monitors plugin updates and reviews any indicating that a potential security issue may have been addressed. Today, March 23, 2023, we noticed that the...
View ArticleWordfence Intelligence Weekly WordPress Vulnerability Report (Mar 20, 2023 to...
Last week, there were 80 vulnerabilities disclosed in 69 WordPress Plugins and 1 WordPress theme that have been added to the Wordfence Intelligence Vulnerability Database, and there were 31...
View ArticleWordfence Intelligence Weekly WordPress Vulnerability Report (Mar 27, 2023 to...
Last week, there were 82 vulnerabilities disclosed in 70 WordPress Plugins and 1 WordPress theme that have been added to the Wordfence Intelligence Vulnerability Database, and there were 34...
View ArticleClik here to view.
Update Now! Severe Vulnerability Impacting 600,000 Sites Patched in Limit...
On January 26, 2023, the Wordfence team responsibly disclosed an unauthenticated stored Cross-Site Scripting vulnerability in Limit Login Attempts, a WordPress plugin installed on over 600,000 sites...
View ArticlePrivilege Escalation Vulnerability Patched Promptly in WP Data Access...
On April 5, 2023 the Wordfence Threat Intelligence team initiated the responsible disclosure process for a vulnerability we discovered in WP Data Access, a WordPress plugin that is installed on over...
View ArticleWordfence Intelligence Weekly WordPress Vulnerability Report (Apr 3, 2023 to...
Last week, there were 97 vulnerabilities disclosed in 63 WordPress Plugins and 5 WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 28...
View ArticleClik here to view.
Hiding in Plain Sight: Cross-Site Scripting Vulnerabilities Patched in Weaver...
On March 14, 2023, the Wordfence Threat Intelligence team initiated the responsible disclosure process for 2 nearly identical Cross-Site Scripting vulnerabilities in the Weaver Xtreme theme and the...
View Article