This site uses cookies in accordance with our Privacy Policy.
Wordfence Research and News
Newest
Zero-Day Vulnerability in Yellow Pencil Visual Theme Customizer Exploited in the Wild
On Monday the WordPress plugin Yellow Pencil Visual Theme Customizer was closed in the WordPress.org plugin repository. The plugin is quite popular, with an active install base of over 30,000 websites. On Tuesday a security researcher made the irresponsible and dangerous decision to publish a blog post including a proof of concept (POC) detailing how …
Read More
Yuzo Related Posts Zero-Day Vulnerability Exploited in the Wild
The Yuzo Related Posts plugin, which is installed on over 60,000 websites, was removed from the WordPress.org plugin directory on March 30, 2019 after an unpatched vulnerability was publicly, and irresponsibly, disclosed by a security researcher that same day.
Duplicator Update Patches Remote Code Execution Flaw
A critical remote code execution (RCE) vulnerability has been patched in the latest release of Duplicator, a WordPress backup and migration plugin with millions of downloads.
Ninja Forms Security Updates: What You Need To Know
Yesterday, the popular WordPress plugin Ninja Forms released version 3.3.14, which disclosed and patched two security issues present in the plugin.
3 Severe Plugin Vulnerabilities Fixed in the Last 24 Hours
The following three plugins contain severe vulnerabilities that have all been fixed within the past 24 hours.
WordPress Security January Roundup: Core XSS and 4 Plugin vulnerabilities
This has certainly been an eventful month in WordPress security. January 6th saw a WordPress core security update.
Breaking WordPress Security Research in your inbox as it happens.
