If you haven’t updated your WordPress website since October 2013, this wouldn’t affect you, but we strongly hope that is not the case! There’s a new object injection vulnerability which affects WordPress versions 3.7 to 5.7.1. Be sure to get updated to 5.7.2 as soon as possible!
According to WPScan, the new object injection vulnerability is due to versions of PHPMailer library between 6.1.8 and 6.4.0. The original CVE can be found here.
WordPress released version 5.5.2 yesterday, which fixed a reflected XSS vulnerability we reported earlier this year. The root cause of…
Read Story
Vulnerability reports and responsible disclosures are essential for website security awareness and education. Automated attacks targeting known software vulnerabilities are…
Read Story
On February 15, 2022, the Wordfence Threat Intelligence team responsibly disclosed a reflected Cross-Site Scripting (XSS) vulnerability in Header Footer…
Read Story