“Never Assume Anything” – Unauthenticated Stored Cross-Site Scripting Vulnerability Exposed in 14 Email Logging Plugins
“Never Assume Anything” – that is the 4th Guiding Principle written in the Security section of the WordPress Common APIs…
Read Story
Massive Targeted Exploit Campaign Against WooCommerce Payments Underway
The Wordfence Threat Intelligence team has been monitoring an ongoing exploit campaign targeting a recently disclosed vulnerability in WooCommerce Payments,…
Read Story
Wordfence Intelligence Weekly WordPress Vulnerability Report (July 3, 2023 to July 9, 2023)
Last week, there were 61 vulnerabilities disclosed in 54 WordPress Plugins and 1 WordPress themes that have been added to…
Read Story
Interesting Arbitrary File Upload Vulnerability Patched in User Registration WordPress Plugin
On June 19, 2023, the Wordfence Threat Intelligence team identified and began the responsible disclosure process for an Arbitrary File…
Read Story
Open-Source Projects Use the Wordfence Vulnerability Data Feed API and You Can Too!
Prior to joining the Wordfence Threat Intelligence team, I spent several years as a vulnerability analyst, responsible for collecting, analyzing,…
Read Story
Wordfence Intelligence Weekly WordPress Vulnerability Report (June 26, 2023 to July 2, 2023)
Last week, there were 66 vulnerabilities disclosed in 56 WordPress Plugins and 1 WordPress themes that have been added to…
Read Story
PSA: Unpatched Critical Privilege Escalation Vulnerability in Ultimate Member Plugin Being Actively Exploited
Today, on June 29, 2023, the Wordfence Threat Intelligence Team became aware of an unpatched privilege escalation vulnerability being actively…
Read Story
Wordfence Intelligence Weekly WordPress Vulnerability Report (June 19, 2023 to June 25, 2023)
Last week, there were 84 vulnerabilities disclosed in 76 WordPress Plugins and 2 WordPress themes that have been added to…
Read Story
miniOrange Addresses Authentication Bypass Vulnerability in WordPress Social Login and Register WordPress Plugin
On May 28, 2023, our Wordfence Threat Intelligence team identified and began the responsible disclosure process for an Authentication Bypass…
Read Story
Arbitrary User Password Change Vulnerability in LearnDash LMS WordPress Plugin
On June 5, 2023, our Wordfence Threat Intelligence team identified, and began the responsible disclosure process, for an Arbitrary User…
Read Story