This site uses cookies in accordance with our Privacy Policy.
Wordfence Research and News
Stored XSS Patched in SyntaxHighlighter Evolved Plugin
Description: Stored XSS CVSS Severity Score: 6.1 (Medium) CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Affected Software: SyntaxHighlighter Evolved Plugin Slug: syntaxhighlighter Affected Version: 3.5.0 Patched Version: 3.5.1 While doing a security audit of the plugins and themes we run on wordfence.com, I discovered a stored XSS vulnerability in SyntaxHighlighter Evolved.
Wordfence Now Works on WP Engine and with Load Balancers
Today we are launching a version of Wordfence containing a new feature for sites on hosting providers with read-only file systems such as WP Engine or for environments where multiple web servers are behind a load balancer.
Details of an Additional File Deletion Vulnerability – Patched in WordPress 4.9.7
Today WordPress released version 4.9.7, a security release which addresses two separate arbitrary file deletion vulnerabilities requiring Author privileges.
Wordfence Now Includes 1.4 Billion Leaked Passwords in Password Auditing Feature
Last week, we reported a massive upsurge in brute force login attempts following the leak of a database of 1.4 billion clear text credentials.
Backdoor in Captcha Plugin Affects 300K WordPress Sites
The WordPress repository recently removed the plugin Captcha over what initially appeared to be a trademark issue with the current author using “WordPress” [Editors note: the original page has been removed, we’re now linking to a screen shot.] in their brand name.
Breaking WordPress Security Research in your inbox as it happens.
