Wordfence Research and News

Newest

XSS Injection Campaign Exploits WordPress AMP Plugin

News broke last week disclosing a number of vulnerabilities in the AMP For WP plugin, installed on over 100,000 WordPress sites. WordPress contributor Sybre Waaijer identified the security issue and confidentially disclosed it to the WordPress plugins team. To exploit the flaw, an attacker needs to have a minimum of subscriber-level access on a vulnerable site. The …
Read More

Service Vulnerability: MelbourneIT Fixes NFS Permissions Problem

In February, we wrote about a vulnerability on three shared hosting services.

A Feeding Frenzy to Deface WordPress Sites

In this report we share data on the ongoing flood of WordPress REST-API exploits we are seeing in the wild.

Hacking 27% of the Web via WordPress Auto-Update

At Wordfence, we continually look for security vulnerabilities in the third party plugins and themes that are widely used by the WordPress community.

Vulnerability fixed in Jetpack 4.0.3. Severity: 6.1 (Medium)

An XSS vulnerability has been fixed in Jetpack version 4.0.3 which was released yesterday.

XSS Vulnerability in Wordfence 6.1.1 to 6.1.6. Severity: 6.1 (Medium)

An hour ago a security researcher, Kacper Szurek, reported a reflected XSS vulnerability in the current version of Wordfence.

General Security

Monthly Attack Activity Report

Threat Research

Vulnerabilities

Wordfence Intelligence

WordPress Security