Wordfence Research and News

Blog icon
Category: Vulnerabilities
4,000,000 WordPress Sites Using Really Simple Security Free and Pro Versions Affected by Critical Authentication Bypass Vulnerability

4,000,000 WordPress Sites Using Really Simple Security Free and Pro Versions Affected by Critical Authentication Bypass Vulnerability

On November 6th, 2024, our Wordfence Threat Intelligence team identified and began the responsible disclosure process for an Authentication Bypass vulnerability in the Really Simple Security plugin, and in the Really Simple Security Pro and Pro Multisite plugins, which are actively installed on more than 4,000,000 WordPress websites.

28,000 WordPress Sites Affected by Arbitrary File Read and Deletion Vulnerability in WPLMS WordPress Theme

On October 19th, 2024, we received a submission for an Arbitrary File Read and Deletion vulnerability in WPLMS, a WordPress premium theme with more than 28,000 sales.

Wordfence Intelligence Weekly WordPress Vulnerability Report (October 28, 2024 to November 3, 2024)

🦸 👻 Calling all superheroes and haunters! Introducing the Cybersecurity Month Spooktacular Haunt and the WordPress Superhero Challenge for the Wordfence Bug Bounty Program!

Wordfence Intelligence Weekly WordPress Vulnerability Report (October 21, 2024 to October 27, 2024)

🦸 👻 Calling all superheroes and haunters! Introducing the Cybersecurity Month Spooktacular Haunt and the WordPress Superhero Challenge for the Wordfence Bug Bounty Program!

10,000 WordPress Sites Affected by Arbitrary File Upload Vulnerability in AI Power: Complete AI Pack WordPress Plugin

On October 23rd, 2024, we received a submission for an Arbitrary File Upload vulnerability in AI Power: Complete AI Pack, a WordPress plugin with more than 10,000 active installations.

Wordfence Intelligence Weekly WordPress Vulnerability Report (October 14, 2024 to October 20, 2024)

🦸 👻 Calling all superheroes and haunters! Introducing the Cybersecurity Month Spooktacular Haunt and the WordPress Superhero Challenge for the Wordfence Bug Bounty Program!

Wordfence Intelligence Weekly WordPress Vulnerability Report (October 7, 2024 to October 13, 2024)

🦸 👻 Calling all superheroes and haunters! Introducing the Cybersecurity Month Spooktacular Haunt and the WordPress Superhero Challenge for the Wordfence Bug Bounty Program!

Wordfence Intelligence Weekly WordPress Vulnerability Report (September 30, 2024 to October 6, 2024)

🦸 👻 Calling all superheroes and haunters! Introducing the Cybersecurity Month Spooktacular Haunt and the WordPress Superhero Challenge for the Wordfence Bug Bounty Program!

7,000 WordPress Sites Affected by Unauthenticated Critical Vulnerabilities in LatePoint WordPress Plugin

On September 17, 2024, our Wordfence Threat Intelligence team identified and began the responsible disclosure process for two critical vulnerabilities in the LatePoint plugin, which is estimated to be actively installed on more than 7,000 WordPress websites.

Wordfence Intelligence Weekly WordPress Vulnerability Report (September 23, 2024 to September 29, 2024)

📢 Did you know Wordfence runs a Bug Bounty Program for all WordPress plugins and themes at no cost to vendors?