From wordfence.com
1 2
On November 6th, 2024, our Wordfence Threat Intelligence team identified and began the responsible disclosure process for an Authentication Bypass vulnerability in the Really Simple Security plugin, and in the Really Simple Security Pro and Pro Multisite plugins, which are actively installed on...
on Thu, 6PM
From wordfence.com
0 0
On October 23rd, 2024, we received a submission for an Arbitrary File Upload vulnerability in AI Power: Complete AI Pack, a WordPress plugin with more than 10,000 active installations. This vulnerability makes it possible for an unauthenticated attacker to upload arbitrary files to a vulnerable...
on Oct 30
From wordfence.com
0 0
On August 3rd, 2024, we received a submission for an Arbitrary File Upload vulnerability in WP Hotel Booking, a WordPress plugin with more than 8,000 active installations. This vulnerability can be used by authenticated attackers, with subscriber-level access and above, to upload arbitrary files...
on Oct 1
From wordfence.com
0 0
On August 6th, 2024, we received a submission for an Arbitrary File Upload vulnerability in Jupiter X Core, a WordPress plugin with more than 90,000 active installations. This vulnerability makes it possible for an unauthenticated attacker to upload arbitrary files to a vulnerable site and...
on Sep 25
From wordfence.com
0 0
On August 28th, 2024, we received a submission for a Privilege Escalation via Account Takeover vulnerability in WCFM - WooCommerce Frontend Manager, a WordPress plugin with more than 20,000 active installations. This vulnerability makes it possible for an authenticated attacker to change the...
on Sep 25
From wordfence.com
GPU Hosting and Open Source AI Will Revolutionize or Kill WordPress
0 0
On the eve of WordCamp US 2024 we find ourselves in the midst of a revolution. It is perhaps the most profoundly transformative technology revolution our species has experienced in our short history in this Universe. In fundamental terms, since computers have existed we have been programming...
on Sep 17
From wordfence.com
How To Find XSS (Cross-Site Scripting) Vulnerabilities in WordPress Plugins and Themes
0 0
A comprehensive guide on how to find XSS (Cross-Site Scripting) vulnerabilities in WordPress plugins and themes and submit them for a bounty.
on Sep 7
From wordfence.com
0 0
On August 4th, 2024, we received a submission for an Arbitrary File Deletion vulnerability in MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar, a WordPress plugin with over 20,000 active installations. This vulnerability can be leveraged by attackers to delete critical files...
on Sep 7
From wordfence.com
0 2
📢 Did you know Wordfence runs a Bug Bounty Program for all WordPress plugin and themes at no cost to vendors? Through October 14th, researchers can earn up to $31,200, for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find a vulnerability, submit the details directly to us,...
on Sep 4
From wordfence.com
0 1
On August 7th, 2024, we received a submission for an unauthenticated Local File Inclusion, Arbitrary Settings Update, and User Creation vulnerability in WP Job Portal, a WordPress plugin with more than 6,000 active installations.
on Sep 3
From wordfence.com
0 0
📢 Did you know Wordfence runs a Bug Bounty Program for all WordPress plugin and themes at no cost to vendors? Through October 14th, researchers can earn up to $31,200, for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find a vulnerability, submit the details directly to us,...
on Aug 28
From wordfence.com
0 0
On June 19th, 2024, we received a submission for a Remote Code Execution via Twig Server-Side Template Injection vulnerability in WPML, a WordPress plugin with more than 1,000,000 active installations. This vulnerability can be leveraged to execute code remotely by authenticated users with...
on Aug 28
From wordfence.com
Wordfence Intelligence Weekly WordPress Vulnerability Report (July 29, 2024 to August 4, 2024)
0 0
📢 Did you know Wordfence runs a Bug Bounty Program for all WordPress plugin and themes at no cost to vendors? Researchers can earn up to $10,400, for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find a vulnerability, submit the details directly to us, and we handle all the...
on Aug 8
From wordfence.com
WordPress Security Plugin | Wordfence
0 0
The Wordfence WordPress security plugin provides free enterprise-class WordPress security, protecting your website from hacks and malware.
on Jul 29
From wordfence.com
10,000 WordPress Sites Affected by High Severity Vulnerabilities in BookingPress WordPress Plugin
0 1
10,000 WordPress Sites Affected by High Severity Vulnerabilities in BookingPress WordPress Plugin
on Jul 23
From wordfence.com
An Inside Look at The Malware and Techniques Used in the WordPress.org Supply Chain Attack
0 1
On Monday June 24th, 2024 the Wordfence Threat Intelligence team was made aware of the presence of malware in the Social Warfare repository plugin (see post Supply Chain Attack on WordPress.org Plugins Leads to 5 Maliciously Compromised WordPress Plugins). After adding the malicious code to our...
on Jun 29
From wordfence.com
3 More Plugins Infected in WordPress.org Supply Chain Attack Due to Compromised Developer Passwords
0 0
Update: As of 12:36PM EST, another plugin has been infected. We’ve updated the list below to include this fourth plugin and the plugins team has been notified. On June 24th, 2024, we became aware of a supply chain attack targeting multiple WordPress plugins hosted on WordPress.org. An attacker...
on Jun 28
From wordfence.com
Developer Accounts Compromised Due to Credential Reuse in WordPress.org Supply Chain Attack
0 1
On June 24th, 2024, the Wordfence Threat Intelligence Team became aware of a WordPress plugin, Social Warfare, that was infected with malware through the WordPress repository. Upon further investigation, our team quickly identified 4 additional affected plugins through our internal Threat...
on Jun 27
From wordfence.com
WordPress 6.5.5 Security Release – What You Need to Know
0 0
WordPress Core 6.5.5 fixes two Cross-Site Scripting (XSS) vulnerabilities and one Windows-specific Directory Traversal vulnerability.
on Jun 26
From wordfence.com
Supply Chain Attack on WordPress.org Plugins Leads to 5 Maliciously Compromised WordPress Plugins
0 0
On Monday June 24th, 2024 the Wordfence Threat Intelligence team became aware of a plugin, Social Warfare, that was injected with malicious code on June 22, 2024 based on a forum post by the WordPress.org Plugin Review team. We immediately checked the malicious file and uploaded it to our...
on Jun 25
From wordfence.com
0 0
Yoast SEO Plugin Security Vulnerability: On April 22th, 2024, we received a submission for a Reflected Cross-Site Scripting (XSS) vulnerability in Yoast SEO, a WordPress plugin with more than 5 million active installations.
on May 6
From wordfence.com
Unauthenticated Stored Cross-Site Scripting Vulnerability Patched in WordPress Core
0 0
WordPress 6.5.2 was released yesterday, on April 9, 2024. It included a single security patch, along with a handful of bug fixes. The security patch was for a Stored Cross-Site Scripting vulnerability that could be exploited by both unauthenticated users, when a comment block is present on a...
on Apr 10
From wordfence.com
0 0
On March 25th, 2024, during our second Bug Bounty Extravaganza, we received a submission for an unauthenticated SQL Injection vulnerability in LayerSlider, a WordPress plugin with more than 1,000,000 estimated active installations. This vulnerability can be leveraged to extract sensitive data...
on Apr 5
From wordfence.com
0 0
In May 2023, the Wordfence Threat Intelligence team discovered high and critical severity vulnerabilities in Kirotech’s UserPro plugin, which is active on
on Mar 27
From wordfence.com
0 0
🎉 Did you know we’re running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! On March 1st, 2024, during our second Bug Bounty Extravaganza,...
on Mar 16
From wordfence.com
Wordfence Intelligence Weekly WordPress Vulnerability Report (February 5, 2024 to February 11, 2024)
0 0
🎉 Did you know we’re running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through February 29th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there were 95 vulnerabilities disclosed in 65...
on Feb 15
From wordfence.com
The WordPress 6.4.3 Security Update - What You Need to Know
0 0
Today, January 30, 2024, WordPress released version 6.4.3, which contains two security patches for longstanding, albeit minor, security concerns in WordPress Core. The first patch addresses an issue that allows users with Administrator (or Super Administrator on Multisite) privileges to upload...
on Jan 31
From wordfence.com
High Severity Arbitrary File Upload Vulnerability Patched in File Manager Pro WordPress Plugin
0 0
On December 14th, 2023, shortly after the launch of our Holiday Bug Extravaganza, we received a submission for an Arbitrary File Upload vulnerability in File Manager Pro, a WordPress plugin with an estimated 10,000+ active installations. This vulnerability made it possible for authenticated...
on Jan 25
From wordfence.com
Millions of Attacks Target Tatsu Builder Plugin
0 0
The Wordfence Threat Intelligence team has been tracking a large-scale attack against a Remote Code Execution vulnerability in Tatsu Builder, which is tracked by CVE-2021-25094 and was publicly disclosed on March 24, 2022 by an independent security researcher. The issue is present in vulnerable...
on Jan 24
From wordfence.com
0 0
On December 11, 2023, we added an Unauthenticated Stored XSS vulnerability in the Popup Builder WordPress plugin to our Wordfence Intelligence Vulnerability Database. This vulnerability, which was originally reported by WPScan, allows an unauthenticated attacker to inject arbitrary JavaScript...
on Jan 23
From wordfence.com
Type Juggling Leads to Two Vulnerabilities in POST SMTP Mailer WordPress Plugin
0 0
On December 14th, 2023, during our Bug Bounty Program Holiday Bug Extravaganza, we received a submission for an Authorization Bypass vulnerability in POST SMTP Mailer, a WordPress plugin with over 300,000+ active installations. This vulnerability makes it possible for unauthenticated threat...
on Jan 21
From wordfence.com
Over 100 WordPress Repository Plugins Affected by Shortcode-based Stored Cross-Site Scripting
0 0
On August 14, 2023, the Wordfence Threat Intelligence team began a research project to find Stored Cross-Site Scripting (XSS) via Shortcode vulnerabilities in WordPress repository plugins. This type of vulnerability enables threat actors with contributor-level permissions or higher to inject...
on Dec 12
From wordfence.com
Critical Unauthenticated Remote Code Execution Found in Backup Migration Plugin
0 0
🎁 Wordfence just launched its bug bounty program. Through December 20th 2023, all researchers will earn 6.25x our normal bounty rates when Wordfence handles responsible disclosure for our Holiday Bug Extravaganza! The researcher who reported this vulnerability was awarded $2,751.00! Register as...
on Dec 11
From wordfence.com
PSA: High Severity File Upload Vulnerability in Elementor Patched
0 0
On December 6, 2023, the Wordfence team noticed a changelog entry for version 3.18.1 of Elementor, a WordPress plugin installed on nearly 9 million sites. We did not discover the original vulnerability and only became aware of it after reviewing the changelog containing a partial patch. We...
on Dec 8
From wordfence.com
PSA: Critical POP Chain Allowing Remote Code Execution Patched in WordPress 6.4.2
0 0
WordPress 6.4.2 was released today, on December 6, 2023. It includes a patch for a POP chain introduced in version 6.4 that, combined with a separate Object Injection vulnerability, could result in a Critical-Severity vulnerability allowing attackers to execute arbitrary PHP code on the site. We...
on Dec 6
From wordfence.com
0 0
🎁 Wordfence just launched its bug bounty program. Through December 20th 2023, all researchers will earn 6.25x our normal bounty rates when Wordfence handles responsible disclosure for our Holiday Bug Extravaganza! Register as a researcher and submit your vulnerabilities today!🎁 On November 24,...
on Dec 4
From wordfence.com
PSA: Fake CVE-2023-45124 Phishing Scam Tricks Users Into Installing Backdoor Plugin
0 1
The Wordfence Threat Intelligence Team has recently been informed of a phishing campaign targeting WordPress users. The Phishing email claims to be from the WordPress team and warns of a Remote Code Execution vulnerability on the user’s site with an identifier of CVE-2023-45124, which is not...
on Dec 1
From wordfence.com
0 0
At Wordfence our mission is to Secure The Web. WordPress powers over 40% of the Web, and Wordfence secures over 4 million WordPress websites. Today we are announcing that for the next 20 days, Wordfence will be paying out some of the highest bug bounties in the history of WordPress to help find...
on Dec 1
From wordfence.com
Announcing Vulnerability Scanning in Wordfence CLI 2.0.1 "Voodoo Child"
0 0
Note: If you’re a WordPress user, we recommend the Wordfence Security Plugin which provides a robust and complete set of security controls for WordPress websites. If you host WordPress servers and need high performance malware and vulnerability scanning on the command line, read on! Our mission...
on Oct 31, 2023
From wordfence.com
Several Critical Vulnerabilities Patched in AI ChatBot Plugin for WordPress
0 1
On September 28, 2023, the Wordfence Threat Intelligence team initiated the responsible disclosure process for multiple vulnerabilities in AI ChatBot, a WordPress plugin with over 4,000 active installations. After making our initial contact attempt on September 28th, 2023, we received a response...
on Oct 25, 2023
From wordfence.com
0 0
On August 14, 2023, our Wordfence Threat Intelligence team identified and began the responsible disclosure process for a stored Cross-Site Scripting (XSS) vulnerability in LiteSpeed Cache plugin, which is actively installed on more than 4,000,000 WordPress websites, making it the most popular...
on Oct 23, 2023
From wordfence.com
0 0
Today, on October 13, 2023, the Wordfence Threat Intelligence Team became aware of a vulnerability that was recently patched in Royal Elementor Addons and Templates, a WordPress plugin installed on over 200,000 sites, that makes it possible for unauthenticated attackers to upload arbitrary files...
on Oct 14, 2023
From wordfence.com
Backdoor Masquerading as Legitimate Plugin
0 0
As part of our product lineup, we offer security monitoring and malware removal services to our Wordfence Care and Response customers. In the event of a security incident, our incident response team will investigate the root cause, find and remove malware from your site, and help with other...
on Oct 10, 2023
From wordfence.com
Know your Malware - A Beginner’s Guide to Encoding Techniques Used to Obfuscate Malware
0 0
With the launch of Wordfence CLI, our high performance security scanner that can detect the vast majority of PHP malware targeting WordPress, Wordfence continues to emphasize the importance of malware detection and remediation. Malware targeting WordPress uses a variety of obfuscation techniques...
on Oct 2, 2023