Wordfence Research and News

Blog icon
Category: Research
Leading Image - Vulnerability Patched in Cozmolabs Profile Builder Plugin - Information Disclosure Leads to Account Takevoer

Vulnerability Patched in Cozmolabs Profile Builder Plugin – Information Disclosure Leads to Account Takeover

Hundreds, if not thousands of WordPress plugins are conceived with the idea of making site building and maintenance easier for site owners.

All In One SEO Pack Vulnerabilities Impacting 3 Million Sites Patched

On January 26, 2023, the Wordfence Team responsibly disclosed two vulnerabilities in All In One SEO Pack, a WordPress plugin installed on over 3 Million sites which provides search engine optimization tools designed to help content creators optimize their sites and reach more users.

Authorization vs. Intent: Why You Should Always Verify Both

The Wordfence Threat Intelligence team has observed a recent increase in the number of partial vulnerability patches that don’t properly address separate underlying issues.

High-Severity XSS Vulnerability in Metform Elementor Contact Form Builder

On January 4, 2023, independent security researcher Mohammed Chemouri reached out to the Wordfence Vulnerability Disclosure program to responsibly disclose and request a CVE ID for a vulnerability in Metform Elementor Contact Form Builder, a WordPress plugin with over 100,000 installations.
Quick Restaurant Menu

Multiple Vulnerabilities Patched in Quick Restaurant Menu Plugin

On January 16, 2023, the Wordfence Threat Intelligence team responsibly disclosed several vulnerabilities in Quick Restaurant Menu, a WordPress plugin that allows users to set up restaurant menus on their sites.

The Wordfence 2022 State of WordPress Security Report

Today, the Wordfence Threat Intelligence team is releasing our 2022 State of WordPress Security Report as a free White Paper.

Eleven Vulnerabilities Patched in Royal Elementor Addons

On December 23, 2022, the Wordfence Threat Intelligence team initiated the responsible disclosure process for a set of 11 vulnerabilities in Royal Elementor Addons, a WordPress plugin with over 100,000 installations.

PSA: YITH WooCommerce Gift Cards Premium Plugin Exploited in the Wild

The Wordfence Threat Intelligence team has been tracking exploits targeting a Critical Severity Arbitrary File Upload vulnerability in YITH WooCommerce Gift Cards Premium, a plugin with over 50,000 installations according to the vendor.
Exploiting WordPress Plugin Vulnerabilities to Steal AWS Metadata

Exploiting WordPress Plugin Vulnerabilities to Steal AWS Metadata

In an ideal world, vulnerabilities would not exist. A request would be sent to a server, properly validated, and only the intended information would be provided by the server.
Featured images showing hackers whimsically stealing things from a monitor

How Much is Your Hacked Site Worth?

The Wordfence Threat Intelligence team has recently concluded an investigation of online marketplaces, colloquially known as “shops” by threat actors, selling access to compromised services.
  • Ask Wordfence
  • General Security
  • Holiday
  • Learning
  • Long Read
  • Miscellaneous
  • Monthly Attack Activity Report
  • Podcasts
  • PSA
  • Research
  • SEO
  • Threat Research
  • Uncategorized
  • Videos
  • Vulnerabilities
  • Wordfence
  • Wordfence CLI
  • Wordfence Intelligence
  • WordPress Security

    • Breaking WordPress Security Research in your inbox as it happens.

    Example of a news story

    This site uses cookies in accordance with our Privacy Policy.