Wordfence Research and News

Blog icon
Category: Vulnerabilities
Newest

Wordfence Intelligence Weekly WordPress Vulnerability Report (December 2, 2024 to December 8, 2024)

💥 Time to wrap up this year and kick-off the new year with a bang! We’re wrapping up the year with our End of Year Holiday Extravaganza, High-Risk Bonus Blitz Challenge, and Superhero Challenge for the Wordfence Bug Bounty Program. Through January 6th, 2025: All in-scope vulnerability types for WordPress plugins/themes with >= 1,000 active installations are in-scope for ALL …
Read More

6,000,000 WordPress Sites Protected Against Payment Refund and Subscription Cancellation Vulnerability in WPForms WordPress Plugin

On October 23th, 2024, we received a submission for a Missing Authorization to Payment Refund and Subscription Cancellation vulnerability in WPForms, a WordPress plugin with more than 6,000,000 active installations.

Wordfence Intelligence Weekly WordPress Vulnerability Report (November 25, 2024 to December 1, 2024)

💥 Time to wrap up this year and kick-off the new year with a bang!

Wordfence Intelligence Weekly WordPress Vulnerability Report (November 18, 2024 to November 24, 2024)

🦸 💥 Calling all superheroes and hunters! Introducing the End of Year Holiday Extravaganza and the WordPress Superhero Challenge for the Wordfence Bug Bounty Program!

200,000 WordPress Sites Affected by Unauthenticated Critical Vulnerabilities in Anti-Spam by CleanTalk WordPress Plugin

200,000 WordPress Sites Affected by Unauthenticated Critical Vulnerabilities in Anti-Spam by CleanTalk WordPress Plugin

Wordfence Intelligence Weekly WordPress Vulnerability Report (November 11, 2024 to November 17, 2024)

🦸 💥 Calling all superheroes and hunters! Introducing the End of Year Holiday Extravaganza and the WordPress Superhero Challenge for the Wordfence Bug Bounty Program!

Wordfence Intelligence Weekly WordPress Vulnerability Report (November 4, 2024 to November 10, 2024)

🦸 💥 Calling all superheroes and hunters! Introducing the End of Year Holiday Extravaganza and the WordPress Superhero Challenge for the Wordfence Bug Bounty Program!
4,000,000 WordPress Sites Using Really Simple Security Free and Pro Versions Affected by Critical Authentication Bypass Vulnerability

4,000,000 WordPress Sites Using Really Simple Security Free and Pro Versions Affected by Critical Authentication Bypass Vulnerability

On November 6th, 2024, our Wordfence Threat Intelligence team identified and began the responsible disclosure process for an Authentication Bypass vulnerability in the Really Simple Security plugin, and in the Really Simple Security Pro and Pro Multisite plugins, which are actively installed on more than 4,000,000 WordPress websites.

28,000 WordPress Sites Affected by Arbitrary File Read and Deletion Vulnerability in WPLMS WordPress Theme

On October 19th, 2024, we received a submission for an Arbitrary File Read and Deletion vulnerability in WPLMS, a WordPress premium theme with more than 28,000 sales.

Wordfence Intelligence Weekly WordPress Vulnerability Report (October 28, 2024 to November 3, 2024)

🦸 👻 Calling all superheroes and haunters! Introducing the Cybersecurity Month Spooktacular Haunt and the WordPress Superhero Challenge for the Wordfence Bug Bounty Program!