Clik here to view.
Several Critical Vulnerabilities Patched in AI ChatBot Plugin for WordPress
On September 28, 2023, the Wordfence Threat Intelligence team initiated the responsible disclosure process for multiple vulnerabilities in AI ChatBot, a WordPress plugin with over 4,000 active...
View ArticleWordfence Intelligence Weekly WordPress Vulnerability Report (October 16,...
Last week, there were 109 vulnerabilities disclosed in 95 WordPress Plugins and 1 WordPress theme that have been added to the Wordfence Intelligence Vulnerability Database, and there were 39...
View ArticleKnow Your Malware Part Two – Hacky Obfuscation Techniques
In the first post in this series, we covered common PHP encoding techniques and how they’re used by malware to hide from security analysts and scanners. In today’s post, we’re going to dive a little...
View ArticleWordfence Intelligence Weekly WordPress Vulnerability Report (October 23,...
Last week, there were 109 vulnerabilities disclosed in 102 WordPress Plugins and no WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 37...
View ArticleClik here to view.
Wordfence Launches Bug Bounty Program to Fund WordPress Security Research and...
At Defiant Inc and Wordfence, our mission is to Secure the Web. A critical component of creating and maintaining a secure online community is the research that reveals vulnerabilities in software....
View ArticleClik here to view.
Wordfence Intelligence Weekly WordPress Vulnerability Report (October 30,...
Wordfence just launched its bug bounty program. Over the next 6 months, all awarded bounties receive a 10% bonus. View the announcement to learn more now! Last week, there were 79 vulnerabilities...
View ArticleFostering Innovation in Web Security
I’ve always created growth by focusing on free. It started back in 2003 when I launched WorkZoo in London. WorkZoo was a job search engine that ended up being one of Time Magazine’s top 50 websites of...
View ArticleClik here to view.
Wordfence Intelligence Weekly WordPress Vulnerability Report (November 6,...
Wordfence just launched its bug bounty program. Over the next 6 months, all awarded bounties receive a 10% bonus. View the announcement to learn more now! Please note there was a minor error in the...
View ArticleClik here to view.
Several Critical Vulnerabilities including Privilege Escalation,...
On May 1, 2023, the Wordfence Threat Intelligence team began the responsible disclosure process for multiple high and critical severity vulnerabilities we discovered in Kirotech’s UserPro plugin, which...
View ArticleClik here to view.
Wordfence Intelligence Weekly WordPress Vulnerability Report (November 13,...
Wordfence just launched its bug bounty program. For the first 6 months, all awarded bounties receive a 10% bonus. View the announcement to learn more now! Last week, there were 126 vulnerabilities...
View ArticleClik here to view.
Wordfence Intelligence Weekly WordPress Vulnerability Report (November 20,...
Wordfence just launched its bug bounty program. For the first 6 months, all awarded bounties receive a 10% bonus. View the announcement to learn more now! Last week, there were 115 vulnerabilities...
View ArticleClik here to view.
Earn up to $10,000 for Vulnerabilities in WordPress Software – 6X Rewards in...
At Wordfence our mission is to Secure The Web. WordPress powers over 40% of the Web, and Wordfence secures over 4 million WordPress websites. Today we are announcing that for the next 20 days,...
View ArticleClik here to view.
PSA: Fake CVE-2023-45124 Phishing Scam Tricks Users Into Installing Backdoor...
The Wordfence Threat Intelligence Team has recently been informed of a phishing campaign targeting WordPress users. The Phishing email claims to be from the WordPress team and warns of a Remote Code...
View ArticleClik here to view.
Update ASAP! Critical Unauthenticated Arbitrary File Upload in MW WP Form...
Wordfence just launched its bug bounty program. Through December 20th 2023, all researchers will earn 6.25x our normal bounty rates when Wordfence handles responsible disclosure for our Holiday Bug...
View ArticlePSA: Critical POP Chain Allowing Remote Code Execution Patched in WordPress...
WordPress 6.4.2 was released today, on December 6, 2023. It includes a patch for a POP chain introduced in version 6.4 that, combined with a separate Object Injection vulnerability, could result in a...
View ArticleClik here to view.
Wordfence Intelligence Weekly WordPress Vulnerability Report (November 27,...
Wordfence just launched its bug bounty program. Through December 20th 2023, all researchers will earn 6.25x our normal bounty rates when Wordfence handles responsible disclosure for our Holiday Bug...
View ArticlePSA: High Severity File Upload Vulnerability in Elementor Patched
On December 6, 2023, the Wordfence team noticed a changelog entry for version 3.18.1 of Elementor, a WordPress plugin installed on nearly 9 million sites. We did not discover the original vulnerability...
View ArticleOver 100 WordPress Repository Plugins Affected by Shortcode-based Stored...
On August 14, 2023, the Wordfence Threat Intelligence team began a research project to find Stored Cross-Site Scripting (XSS) via Shortcode vulnerabilities in WordPress repository plugins. This type of...
View ArticleClik here to view.
Wordfence Intelligence Weekly WordPress Vulnerability Report (December 4,...
Wordfence just launched its bug bounty program. Through December 20th 2023, all researchers will earn 6.25x our normal bounty rates when Wordfence handles responsible disclosure for our Holiday Bug...
View ArticleClik here to view.
Wordfence Intelligence Weekly WordPress Vulnerability Report (December 11,...
Wordfence just launched its bug bounty program. For the first 6 months, all awarded bounties receive a 10% bonus. View the announcement to learn more now! Last week, there were 16 vulnerabilities...
View Article