This site uses cookies in accordance with our Privacy Policy.
Wordfence Research and News
Newest
Introducing New Pricing For Wordfence CLI!
We have an exciting announcement today about the Wordfence CLI project. We launched Wordfence CLI at WordCamp US back in August of 2023 with the goal of bringing malware and vulnerability scanning to the command line. We’ve been working closely with our customers since the launch to better understand their needs. As a result, we’ve …
Read More
The Wordfence 2023 State of WordPress Security Report
Today, the Wordfence Threat Intelligence team is releasing our 2023 State of WordPress Security Report as a free White Paper.
The WordPress 6.4.3 Security Update – What You Need to Know
Today, January 30, 2024, WordPress released version 6.4.3, which contains two security patches for longstanding, albeit minor, security concerns in WordPress Core.
Introducing Wordfence CLI 3.0.1: Now With Automatic Remediation!
Note: This post refers to Wordfence CLI, the command line tool for operations teams to rapidly scan large numbers of WordPress websites for vulnerabilities and malware, not the Wordfence plugin which is deeply integrated into WordPress and provides additional functionality, like a firewall, two-factor authentication and more.
Wordfence Intelligence Weekly WordPress Vulnerability Report (December 11, 2023 to December 17, 2023)
đWordfence just launched its bug bounty program. For the first 6 months, all awarded bounties receive a 10% bonus.
Wordfence CLI 2.1.0 Adds Email Capability and Unattended Configuration
Note: This post refers to Wordfence CLI, the command line tool for operations teams to rapidly scan large numbers of WordPress websites for vulnerabilities and malware, not the Wordfence plugin which is deeply integrated into WordPress and provides additional functionality, like a firewall, two-factor authentication and more.
Wordfence Intelligence Weekly WordPress Vulnerability Report (December 4, 2023 to December 10, 2023)
đ Wordfence just launched its bug bounty program. Through December 20th 2023, all researchers will earn 6.25x our normal bounty rates when Wordfence handles responsible disclosure for our Holiday Bug Extravaganza!Â
PSA: High Severity File Upload Vulnerability in Elementor Patched
On December 6, 2023, the Wordfence team noticed a changelog entry for version 3.18.1 of Elementor, a WordPress plugin installed on nearly 9 million sites.
PSA: Critical POP Chain Allowing Remote Code Execution Patched in WordPress 6.4.2
WordPress 6.4.2 was released today, on December 6, 2023. It includes a patch for a POP chain introduced in version 6.4 that, combined with a separate Object Injection vulnerability, could result in a Critical-Severity vulnerability allowing attackers to execute arbitrary PHP code on the site.
PSA: Fake CVE-2023-45124 Phishing Scam Tricks Users Into Installing Backdoor Plugin
The Wordfence Threat Intelligence Team has recently been informed of a phishing campaign targeting WordPress users.
Breaking WordPress Security Research in your inbox as it happens.
