This site uses cookies in accordance with our Privacy Policy.
Wordfence Research and News
Category: Research
Newest
10,000 WordPress Sites Affected by High Severity Vulnerabilities in BookingPress WordPress Plugin
10,000 WordPress Sites Affected by High Severity Vulnerabilities in BookingPress WordPress Plugin
7,000 WordPress Sites Affected by Privilege Escalation Vulnerability in ProfileGrid WordPress Plugin
š¢ Did you know Wordfence runs aĀ Bug Bounty ProgramĀ for all WordPress plugin and themes at no cost to vendors?Ā
$3,094 Bounty Awarded and 150,000 WordPress Sites Protected Against Arbitrary File Upload Vulnerability Patched in Modern Events Calendar WordPress Plugin
š¢ Did you know Wordfence runs aĀ Bug Bounty ProgramĀ for all WordPress plugin and themes at no cost to vendors?Ā
WordPress Security Research: A Beginner’s Series
Learn How To Find WordPress Vulnerabilities Step-by-Step Welcome to the inaugural post of our WordPress Security Research Beginner’s Series!
3 More Plugins Infected in WordPress.org Supply Chain Attack Due to Compromised Developer Passwords
Update #1: As of 12:36PM EST, another plugin has been infected.
An Inside Look at The Malware and Techniques Used in the WordPress.org Supply Chain Attack
On Monday June 24th, 2024 the Wordfence Threat Intelligence team was made aware of the presence of malware in the Social Warfare repository plugin (see post Supply Chain Attack on WordPress.org Plugins Leads to 5 Maliciously Compromised WordPress Plugins).
Developer Accounts Compromised Due to Credential Reuse in WordPress.org Supply Chain Attack
On June 24th, 2024, the Wordfence Threat Intelligence Team became aware of a WordPress plugin, Social Warfare, that was infected with malware through the WordPress repository.
Supply Chain Attack on WordPress.org Plugins Leads to 5 Maliciously Compromised WordPress Plugins
On Monday June 24th, 2024 the Wordfence Threat Intelligence team became aware of a plugin, Social Warfare, that was injected with malicious code on June 22, 2024 based on a forum post by the WordPress.org Plugin Review team.
40,000 WordPress Sites affected by Vulnerability That Leads to Privilege Escalation in Login/Signup Popup WordPress Plugin
On May 17th, 2024 we received a submission for an Arbitrary Options Update vulnerability in Login/Signup Popup, a WordPress plugin with more than 40,000 active installations.
30,000 WordPress Sites affected by Arbitrary SQL Execution Vulnerability Patched in Visualizer WordPress Plugin
30,000 WordPress Sites affected by Arbitrary SQL Execution Vulnerability Patched in Visualizer WordPress Plugin
Breaking WordPress Security Research in your inbox as it happens.
