Arbitrary User Password Change Vulnerability in LearnDash LMS WordPress Plugin
On June 5, 2023, our Wordfence Threat Intelligence team identified, and began the responsible disclosure process, for an Arbitrary User Password Change vulnerability in LearnDash LMS plugin, a...
View ArticleminiOrange Addresses Authentication Bypass Vulnerability in WordPress Social...
On May 28, 2023, our Wordfence Threat Intelligence team identified and began the responsible disclosure process for an Authentication Bypass vulnerability in miniOrange’s WordPress Social Login and...
View ArticleWordfence Intelligence Weekly WordPress Vulnerability Report (June 19, 2023...
Last week, there were 84 vulnerabilities disclosed in 76 WordPress Plugins and 2 WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 42...
View ArticlePSA: Unpatched Critical Privilege Escalation Vulnerability in Ultimate Member...
Today, on June 29, 2023, the Wordfence Threat Intelligence Team became aware of an unpatched privilege escalation vulnerability being actively exploited in Ultimate Member, a WordPress plugin installed...
View ArticleWordfence Intelligence Weekly WordPress Vulnerability Report (June 26, 2023...
Last week, there were 66 vulnerabilities disclosed in 56 WordPress Plugins and 1 WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 34...
View ArticleClik here to view.
Open-Source Projects Use the Wordfence Vulnerability Data Feed API and You...
Prior to joining the Wordfence Threat Intelligence team, I spent several years as a vulnerability analyst, responsible for collecting, analyzing, and curating every publicly disclosed vulnerability....
View ArticleClik here to view.
Dissecting a Clever Malware Sample for Optimized Detection and Protection
As part of our product lineup, we offer security monitoring and malware removal services to our Wordfence Care and Response customers. In case of a security incident, our incident response team will...
View ArticleClik here to view.
Interesting Arbitrary File Upload Vulnerability Patched in User Registration...
On June 19, 2023, the Wordfence Threat Intelligence team identified and began the responsible disclosure process for an Arbitrary File Upload vulnerability in WPEverest’s User Registration plugin,...
View ArticleWordfence Intelligence Weekly WordPress Vulnerability Report (July 3, 2023 to...
Last week, there were 61 vulnerabilities disclosed in 54 WordPress Plugins and 1 WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 28...
View ArticleClik here to view.
Massive Targeted Exploit Campaign Against WooCommerce Payments Underway
The Wordfence Threat Intelligence team has been monitoring an ongoing exploit campaign targeting a recently disclosed vulnerability in WooCommerce Payments, a plugin installed on over 600,000 sites....
View ArticleClik here to view.
“Never Assume Anything” – Unauthenticated Stored Cross-Site Scripting...
“Never Assume Anything” – that is the 4th Guiding Principle written in the Security section of the WordPress Common APIs Handbook for developers. When it comes to WordPress plugin security, assumptions...
View ArticleWordfence Intelligence Weekly WordPress Vulnerability Report (July 10, 2023...
Note: We accidentally sent out an email for this report with last weeks subject line. Due to the subject line not being very different week to week for this report, we opted to just leave it as is and...
View ArticleWordfence Intelligence Weekly WordPress Vulnerability Report (July 17, 2023...
Last week, there were 62 vulnerabilities disclosed in 1035 WordPress Plugins and 90 WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 36...
View ArticleClik here to view.
PSA: Wordfence Brand Being Actively Used in Phishing Campaigns
Earlier this week we became aware that malicious actors are using Wordfence brand image to run a phishing scam on WordPress and Wordfence users, posing as unknown login notifications from their own...
View ArticleClik here to view.
WebToffee Addresses Authentication Bypass Vulnerability in Stripe Payment...
On June 8, 2023, our Wordfence Threat Intelligence team identified and began the responsible disclosure process for an Authentication Bypass vulnerability in WebToffee’s Stripe Payment Plugin for...
View ArticleWordfence Intelligence Weekly WordPress Vulnerability Report (July 24, 2023...
Last week, there were 64 vulnerabilities disclosed in 66 WordPress Plugins and 3 WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 32...
View ArticleClik here to view.
Demystifying the WordPress Vulnerability Landscape: 2023 Mid-Year Wordfence...
In the first 6 months of 2023, our team has already added 2,471[1] individual vulnerability records to the Wordfence Intelligence WordPress Vulnerability Database. These vulnerabilities affected...
View ArticleweDevs Addresses Privilege Escalation Vulnerability in WP Project Manager...
On July 9, 2023, our Wordfence Threat Intelligence team identified and began the responsible disclosure process for a Privilege Escalation vulnerability in weDevs’s WP Project Manager plugin, which is...
View ArticleClik here to view.
Threat Actors Using Obfuscation in Attempt to Evade Detection
As part of our product lineup, we offer security monitoring and malware removal services to our Wordfence Care and Response customers. In the event of a security incident, our incident response team...
View ArticleWordfence Intelligence Weekly WordPress Vulnerability Report (August 7, 2023...
Last week, there were 86 vulnerabilities disclosed in 68 WordPress Plugins and 3 WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 36...
View Article