On May 16, 2023, the WordPress core team released WordPress 6.2.1, which contains patches for 5 vulnerabilities, including a Medium Severity Directory Traversal vulnerability, a Medium-Severity Cross-Site Scripting vulnerability, and several lower-severity vulnerabilities. These patches have been backported to every version of WordPress since 4.1. WordPress has supported automatic core updates for security releases since …
Read More
Last week, there were 58 vulnerabilities disclosed in 43 WordPress Plugins and 3 WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 27 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities in this report now to ensure your site is not affected. Our mission with …
Read More
Last week, there were 77 vulnerabilities disclosed in 68 WordPress Plugins and 3 WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 32 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities in this report now to ensure your site is not affected. Our mission with …
Read More
Last week, there were 152 vulnerabilities disclosed in 134 WordPress Plugins and 0 WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 41 Vulnerability Researchers that contributed to WordPress Security last week. There were more unpatched vulnerabilities than patched last week, so it’s more important than ever to review …
Read More
On March 20, 2023, the Wordfence Threat Intelligence team began the responsible disclosure process for two vulnerabilities in Shield Security, a security plugin with over 50,000 installations. One of these vulnerabilities allowed unauthenticated attackers to inject malicious JavaScript into an administrator dashboard in some configurations, while another allowed authenticated attackers to spoof log entries into …
Read More
Last week, there were 69 vulnerabilities disclosed in 60 WordPress plugins and 4 WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 32 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities in this report now to ensure your site is not affected. Our mission with …
Read More
On March 14, 2023, the Wordfence Threat Intelligence team initiated the responsible disclosure process for 2 nearly identical Cross-Site Scripting vulnerabilities in the Weaver Xtreme theme and the Weaver Show Posts plugin, which each have over 10,000 installations. The plugin developer responded the same day and we provided full disclosure. Wordfence Premium, Care, and Response …
Read More
Last week, there were 97 vulnerabilities disclosed in 63 WordPress Plugins and 5 WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 28 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities in this report now to ensure your site is not affected. Our mission with …
Read More
On April 5, 2023 the Wordfence Threat Intelligence team initiated the responsible disclosure process for a vulnerability we discovered in WP Data Access, a WordPress plugin that is installed on over 10,000 sites. This flaw makes it possible for an authenticated attacker to grant themselves administrative privileges via a profile update, if the targeted site …
Read More
On January 26, 2023, the Wordfence team responsibly disclosed an unauthenticated stored Cross-Site Scripting vulnerability in Limit Login Attempts, a WordPress plugin installed on over 600,000 sites that provides site owners with the ability to block IP addresses that have made repeated failed login attempts. The plugin is vulnerable in versions up to, and including, …
Read More