This site uses cookies in accordance with our Privacy Policy.
Wordfence Research and News
Category: Research
Dissecting a Clever Malware Sample for Optimized Detection and Protection
As part of our product lineup, we offer security monitoring and malware removal services to our Wordfence Care and Response customers.
miniOrange Addresses Authentication Bypass Vulnerability in WordPress Social Login and Register WordPress Plugin
On May 28, 2023, our Wordfence Threat Intelligence team identified and began the responsible disclosure process for an Authentication Bypass vulnerability in miniOrange’s WordPress Social Login and Register plugin, which is actively installed on more than 30,000 WordPress websites.
Arbitrary User Password Change Vulnerability in LearnDash LMS WordPress Plugin
On June 5, 2023, our Wordfence Threat Intelligence team identified, and began the responsible disclosure process, for an Arbitrary User Password Change vulnerability in LearnDash LMS plugin, a WordPress plugin that is actively installed on more than 100,000 WordPress websites according to our estimates.
StylemixThemes Addresses Authentication Bypass Vulnerability in BookIt WordPress Plugin
On May 22, 2023, our Wordfence Threat Intelligence team identified and began the responsible disclosure process for an Authentication Bypass vulnerability in StylemixThemes’s BookIt plugin, which is actively installed on more than 10,000 WordPress websites.
Tyche Softwares Addresses Authentication Bypass Vulnerability in Abandoned Cart Lite for WooCommerce WordPress Plugin
On May 29, 2023, our Wordfence Threat Intelligence team identified and began the responsible disclosure process for an Authentication Bypass vulnerability in Tyche Softwares’s Abandoned Cart Lite for WooCommerce plugin, which is actively installed on more than 30,000 WordPress websites.
Critical Security Update: Directorist WordPress Plugin Patches Two High-risk Vulnerabilities
Alongside our usual work to discover, report, and remediate vulnerabilities in the WordPress ecosystem, the WordPress Threat Intelligence team has been conducting a deep-dive into WordPress plugin code with the objective of finding methods to bypass authentication and gain elevated privileges in WordPress plugins so we can help developers patch these vulnerabilities before threat actors ...
Credential-Stealing Server Side Request Forgery Patched in Getwid
On April 6, 2023, the Wordfence Threat Intelligence team initiated the responsible disclosure process for two vulnerabilities in Getwid – Gutenberg Blocks, a plugin installed on over 50,000 WordPress sites.
WPDeveloper Addresses Privilege Escalation Vulnerability in ReviewX WordPress Plugin
On May 20, 2023, our Wordfence Threat Intelligence team identified and began the responsible disclosure process for a Privilege Escalation vulnerability in WPDeveloper’s ReviewX plugin, which is actively installed on more than 10,000 WordPress websites.
Wordfence Firewall Blocks Bizarre Large-Scale XSS Campaign
The Wordfence Threat Intelligence team has been monitoring an increase in attacks targeting a Cross-Site Scripting vulnerability in Beautiful Cookie Consent Banner, a WordPress plugin installed on over 40,000 sites.
W3 Eden Addresses Authenticated Stored XSS Vulnerability in Download Manager WordPress Plugin
On April 25, 2023, our Wordfence Threat Intelligence team identified and began the responsible disclosure process for a stored Cross-Site Scripting (XSS) vulnerability in W3 Eden’s Download Manager plugin, which is actively installed on more than 100,000 WordPress websites, making it one of the most popular download management plugins.
Breaking WordPress Security Research in your inbox as it happens.
