Wordfence Research and News

Blog icon
Newest

Duplicator Update Patches Remote Code Execution Flaw

A critical remote code execution (RCE) vulnerability has been patched in the latest release of Duplicator, a WordPress backup and migration plugin with millions of downloads. In their public disclosure of this flaw, Synacktiv detailed its scope and severity, and provided a viable proof of concept exploit for the security community. In this post we’ll …
Read More

Arbitrary File Deletion Flaw Present in WordPress Core

The security community has been abuzz this week following the disclosure of a vulnerability present in all current versions of WordPress.

Vulnerability Roundup: 3 Vulnerable WP Plugins and Update Your Joomla

It’s been a tough week for the WP Statistics plugin. Last Friday, Sucuri (now owned by GoDaddy) discovered a SQL injection vulnerability in the WP Statistics plugin version 12.0.7 and older.

WordPress 4.7.3 Security Release – Upgrade ASAP

WordPress 4.7.3 has just been released. It is the third in a series of recent security releases for WordPress core.

Rapid Growth in Defacements, Who was Hit, Who is Attacking

Yesterday we published numbers indicating how widespread the defacement campaign is targeting the REST-API vulnerability recently fixed in WordPress 4.7.2.

Critical Vulnerability in PHPMailer. Affects WP Core.

A critical remote code execution vulnerability in PHPMailer has been discovered by Polish researcher Dawid Golunski.

Vulnerability in Easy Forms for MailChimp 6.1.2 and older

Panagiotis Vagenas, a Wordfence Security Researcher, has discovered a reflected cross site scripting vulnerability in the Easy Forms for MailChimp plugin for WordPress.

Major Vulnerability in Freshdesk – Results from a recent Wordfence Red Team Exercise

Wordfence recently conducted a red team exercise on our own network.

Vulnerability in User Role Editor – Users Can Become Admins

There is a major vulnerability in a popular plugin with over 300,000 active installs: User Role Editor 4.24 and older.

A Backdoored WordPress Plugin and 3 Additional Vulnerabilities

We have several plugin vulnerabilities we’d like to bring to your attention this week.
  • Ask Wordfence
  • General Security
  • Holiday
  • Learning
  • Long Read
  • Miscellaneous
  • Monthly Attack Activity Report
  • Podcasts
  • PSA
  • Research
  • SEO
  • Threat Research
  • Uncategorized
  • Videos
  • Vulnerabilities
  • Wordfence
  • Wordfence CLI
  • Wordfence Intelligence
  • WordPress Security

    • Breaking WordPress Security Research in your inbox as it happens.

    Example of a news story

    This site uses cookies in accordance with our Privacy Policy.