Wordfence Intelligence Weekly WordPress Vulnerability Report (Apr 10, 2023 to...
Last week, there were 69 vulnerabilities disclosed in 60 WordPress plugins and 4 WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 32...
View ArticleClik here to view.
Multiple Vulnerabilities Patched in Shield Security
On March 20, 2023, the Wordfence Threat Intelligence team began the responsible disclosure process for two vulnerabilities in Shield Security, a security plugin with over 50,000 installations. One of...
View ArticleWordfence Intelligence Weekly WordPress Vulnerability Report (Apr 17, 2023 to...
Last week, there were 152 vulnerabilities disclosed in 134 WordPress Plugins and 0 WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 41...
View ArticleWordfence Intelligence Weekly WordPress Vulnerability Report (Apr 24, 2023 to...
Last week, there were 77 vulnerabilities disclosed in 68 WordPress Plugins and 3 WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 32...
View ArticleWordfence Intelligence Weekly WordPress Vulnerability Report (May 1, 2023 to...
Last week, there were 58 vulnerabilities disclosed in 43 WordPress Plugins and 3 WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 27...
View ArticleWordPress Core 6.2.1 Security & Maintenance Release – What You Need to Know
On May 16, 2023, the WordPress core team released WordPress 6.2.1, which contains patches for 5 vulnerabilities, including a Medium Severity Directory Traversal vulnerability, a Medium-Severity...
View ArticleClik here to view.
PSA: Attackers Actively Exploiting Critical Vulnerability in Essential Addons...
On May 11 2023, Essential Addons for Elementor, a WordPress plugin with over one million active installations, released a patch for a critical vulnerability that made it possible for any...
View ArticleWordfence Intelligence Weekly WordPress Vulnerability Report (May 8, 2023 to...
Last week, there were 139 vulnerabilities disclosed in 105 WordPress Plugins and 2 WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 47...
View ArticleW3 Eden Addresses Authenticated Stored XSS Vulnerability in Download Manager...
On April 25, 2023, our Wordfence Threat Intelligence team identified and began the responsible disclosure process for a stored Cross-Site Scripting (XSS) vulnerability in W3 Eden’s Download Manager...
View ArticleClik here to view.
Wordfence Firewall Blocks Bizarre Large-Scale XSS Campaign
The Wordfence Threat Intelligence team has been monitoring an increase in attacks targeting a Cross-Site Scripting vulnerability in Beautiful Cookie Consent Banner, a WordPress plugin installed on over...
View ArticleWordfence Intelligence Weekly WordPress Vulnerability Report (May 15, 2023 to...
Last week, there were 82 vulnerabilities disclosed in 59 WordPress Plugins and 11 WordPress themes, along with 6 in WordPress Core, that have been added to the Wordfence Intelligence Vulnerability...
View ArticleWPDeveloper Addresses Privilege Escalation Vulnerability in ReviewX WordPress...
On May 20, 2023, our Wordfence Threat Intelligence team identified and began the responsible disclosure process for a Privilege Escalation vulnerability in WPDeveloper’s ReviewX plugin, which is...
View ArticleWordfence Intelligence Weekly WordPress Vulnerability Report (May 22, 2023 to...
Last week, there were 90 vulnerabilities disclosed in 77 WordPress Plugins and no WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 29...
View ArticleClik here to view.
Credential-Stealing Server Side Request Forgery Patched in Getwid
On April 6, 2023, the Wordfence Threat Intelligence team initiated the responsible disclosure process for two vulnerabilities in Getwid – Gutenberg Blocks, a plugin installed on over 50,000 WordPress...
View ArticleClik here to view.
Critical Security Update: Directorist WordPress Plugin Patches Two High-risk...
Alongside our usual work to discover, report, and remediate vulnerabilities in the WordPress ecosystem, the WordPress Threat Intelligence team has been conducting a deep-dive into WordPress plugin code...
View ArticleWordfence Intelligence Weekly WordPress Vulnerability Report (May 29, 2023 to...
Last week, there were 116 vulnerabilities disclosed in 88 WordPress Plugins and 3 WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 35...
View ArticleWordfence Intelligence Weekly WordPress Vulnerability Report (June 5, 2023 to...
Last week, there were 45 vulnerabilities disclosed in 30 WordPress Plugins and no WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 17...
View ArticleTyche Softwares Addresses Authentication Bypass Vulnerability in Abandoned...
On May 29, 2023, our Wordfence Threat Intelligence team identified and began the responsible disclosure process for an Authentication Bypass vulnerability in Tyche Softwares’s Abandoned Cart Lite for...
View ArticleStylemixThemes Addresses Authentication Bypass Vulnerability in BookIt...
On May 22, 2023, our Wordfence Threat Intelligence team identified and began the responsible disclosure process for an Authentication Bypass vulnerability in StylemixThemes’s BookIt plugin, which is...
View ArticleWordfence Intelligence Weekly WordPress Vulnerability Report (June 12, 2023...
Last week, there were 60 vulnerabilities disclosed in 52 WordPress Plugins and no WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 25...
View Article