Updates on WordPress security, Wordfence and what we're cooking in the lab today.

Category Archive: Vulnerabilities

Wordfence Blog

XSS Vulnerability Patched in Plugin Designed to Enhance WooCommerce

This entry was posted in Research, Vulnerabilities, WordPress Security on December 01, 2021 by Chloe Chamberland   5 Replies

Note: To receive disclosures like this in your inbox the moment they’re published, you can subscribe to our WordPress Security Mailing List. On November 11, 2021 the Wordfence Threat Intelligence team initiated the responsible disclosure process for a vulnerability we discovered in “Variation Swatches for WooCommerce”, a WordPress plugin that is installed on over 80,000 …
Read More

WooCommerce Extension – Reflected XSS Vulnerability

This entry was posted in Research, Vulnerabilities, WordPress Security on November 17, 2021 by Chloe Chamberland   2 Replies

Note: To receive disclosures like this in your inbox the moment they’re published, you can subscribe to our WordPress Security Mailing List. On November 1, 2021 the Wordfence Threat Intelligence team initiated the responsible disclosure process for a vulnerability we discovered in “Preview E-mails for WooCommerce”, a WordPress plugin that is an extension for WooCommerce, …
Read More

Over 1 Million Sites Impacted by Vulnerability in Starter Templates Plugin

This entry was posted in Research, Vulnerabilities, WordPress Security on November 11, 2021 by Ram Gall   7 Replies

On October 4, 2021, the Wordfence Threat Intelligence team initiated the responsible disclosure process for the Starter Templates plugin, which is installed on over 1 Million WordPress websites. The full name of the WordPress plugin is “Starter Templates — Elementor, Gutenberg & Beaver Builder Templates”, but we are referring to it in this post as …
Read More

Vulnerability in WP DSGVO Tools (GDPR) Plugin Allows Unauthenticated Page Deletion

This entry was posted in Research, Vulnerabilities, WordPress Security on November 02, 2021 by Ram Gall   0 Replies

Note: To receive disclosures like this in your inbox the moment they’re published, you can subscribe to our WordPress Security Mailing List. On September 27, 2021, the Wordfence Threat Intelligence team initiated the disclosure process for a vulnerability we found in WP DSGVO Tools (GDPR), a WordPress plugin with over 30,000 installations. We were investigating …
Read More

XSS Vulnerability in NextScripts: Social Networks Auto-Poster Plugin Impacts 100,000 Sites

This entry was posted in Research, Vulnerabilities, WordPress Security on October 28, 2021 by Ram Gall   0 Replies

Note: To receive disclosures like this in your inbox the moment they’re published, you can subscribe to our WordPress Security Mailing List. On August 19, 2021, the Wordfence Threat Intelligence team began the disclosure process for a reflected Cross-Site Scripting(XSS) vulnerability we found in NextScripts: Social Networks Auto-Poster, a WordPress plugin with over 100,000 installations. …
Read More

1,000,000 Sites Affected by OptinMonster Vulnerabilities

This entry was posted in Research, Vulnerabilities, WordPress Security on October 27, 2021 by Chloe Chamberland   2 Replies

Note: To receive disclosures like this in your inbox the moment they’re published, you can subscribe to our WordPress Security Mailing List. On September 28, 2021 the Wordfence Threat Intelligence team initiated the responsible disclosure process for several vulnerabilities we discovered in OptinMonster, a WordPress plugin installed on over 1,000,000 sites. These flaws made it …
Read More

Site Deletion Vulnerability in Hashthemes Plugin

This entry was posted in Research, Vulnerabilities, WordPress Security on October 26, 2021 by Ram Gall   6 Replies

Update: a previous version of this article incorrectly indicated that this vulnerability could be used for site takeover, we have updated this for accuracy, as the impact is instead complete loss of site content. Note: To receive disclosures like this in your inbox the moment they’re published, you can subscribe to our WordPress Security Mailing …
Read More

Vulnerability Patched in Sassy Social Share Plugin

This entry was posted in Research, Vulnerabilities, WordPress Security on October 20, 2021 by Chloe Chamberland   7 Replies

Update: This article has been updated for accuracy: while we initially did create a rule to block this vulnerability we later found that the vulnerability was already blocked by an existing rule.  Note: To receive disclosures like this in your inbox the moment they’re published, you can subscribe to our WordPress Security Mailing List. In …
Read More

Multiple Vulnerabilities in Brizy Page Builder Plugin Allow Site Takeover

This entry was posted in Research, Vulnerabilities, WordPress Security on October 13, 2021 by Ram Gall   0 Replies

Note: To receive disclosures like this in your inbox the moment they’re published, you can subscribe to our WordPress Security Mailing List. On August 19, 2021, the Wordfence Threat Intelligence team initiated the Responsible Disclosure process for Brizy – Page Builder, a WordPress plugin installed on over 90,000 sites. During a routine review of our …
Read More

High Severity Vulnerability Patched in Access Demo Importer Plugin

This entry was posted in Research, Vulnerabilities, WordPress Security on October 06, 2021 by Chloe Chamberland   0 Replies

Note: To receive disclosures like this in your inbox the moment they’re published, you can subscribe to our WordPress Security Mailing List. On August 9, 2021, the Wordfence Threat Intelligence team attempted to initiate the responsible disclosure process for a vulnerability that we discovered in Access Demo Importer, a WordPress plugin installed on over 20,000 …
Read More

Follow Us

      


Protect your websites with the #1 WordPress Security Plugin

Get Premium
Over 200 million downloads

Wordfence Newsletter

Get WordPress Security Alerts and Product Updates