This site uses cookies in accordance with our Privacy Policy.
Wordfence Research and News
Newest
Introducing New Pricing For Wordfence CLI!
We have an exciting announcement today about the Wordfence CLI project. We launched Wordfence CLI at WordCamp US back in August of 2023 with the goal of bringing malware and vulnerability scanning to the command line. We’ve been working closely with our customers since the launch to better understand their needs. As a result, we’ve …
Read More
Introducing Wordfence CLI 3.0.1: Now With Automatic Remediation!
Note: This post refers to Wordfence CLI, the command line tool for operations teams to rapidly scan large numbers of WordPress websites for vulnerabilities and malware, not the Wordfence plugin which is deeply integrated into WordPress and provides additional functionality, like a firewall, two-factor authentication and more.
Wordfence CLI 2.1.0 Adds Email Capability and Unattended Configuration
Note: This post refers to Wordfence CLI, the command line tool for operations teams to rapidly scan large numbers of WordPress websites for vulnerabilities and malware, not the Wordfence plugin which is deeply integrated into WordPress and provides additional functionality, like a firewall, two-factor authentication and more.
Announcing Vulnerability Scanning in Wordfence CLI 2.0.1 “Voodoo Child”
Note: If you’re a WordPress user, we recommend the Wordfence Security Plugin which provides a robust and complete set of security controls for WordPress websites.
Introducing Wordfence CLI: A High Performance Malware Scanner Built for the Command Line
Today, we are incredibly excited to announce the launch of Wordfence CLI: an open source, high performance malware scanner built for the command-line.
Emergency WP 5.5.3 Release
The WordPress core team has released an emergency release of WordPress 5.5.3, just one day after the release of version 5.5.2.
Introducing Wordfence Central Teams
Last year, we introduced Wordfence Central and today thousands of WordPress site owners are using this free tool to manage their WordPress sites.
WordPress Auto-Updates: What do you have to lose?
A new feature that will allow automatic updating of plugins and themes will be available in WordPress version 5.5, which is scheduled to be released on August 11, 2020.
Improper Access Controls in GDPR Cookie Consent Plugin
Description: Improper Access Controls Affected Plugin: GDPR Cookie Consent Affected Versions: <= 1.8.2 CVSS Score: 9.0 (Critical) CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H Patched Version: 1.8.3 The following post describes how improper access controls lead to a stored cross-site scripting vulnerability in the GDPR Cookie Consent plugin that emerged after it was removed from the repository.
Critical Authentication Bypass Vulnerability in InfiniteWP Client Plugin
Description: Authentication Bypass Affected Plugin: InfiniteWP Client Affected Versions: < 1.9.4.5 CVSS Score: 9.8 (Critical) CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Patched Version: 1.9.4.5 A vulnerability has been discovered in the InfiniteWP Client plugin versions 1.9.4.4 or earlier.
Breaking WordPress Security Research in your inbox as it happens.
