Relevant Plugins and Vulnerabilities: PluginVulnerabilityPatched VersionInstalls WP Product Review Unauthenticated Stored XSS 3.7.6 40000 Form Maker by 10Web Authenticated SQL…
Read StoryDuring a routine research audit for our Sucuri Firewall, we discovered an Unauthenticated Persistent Cross-Site Scripting (XSS) affecting 40,000+ users…
Read StoryThis is a mid-month update to our regular Monthly Vulnerability Digest, which reveals a number of new patches for disclosed…
Read StoryOn July 10, 2020, our Threat Intelligence team discovered a vulnerability in All In One SEO Pack, a WordPress plugin…
Read StoryOn June 15, 2020, our Threat Intelligence team was made aware of a number of access control vulnerabilities that had…
Read StoryOn June 24, 2020, our Threat Intelligence team was made aware of a possible vulnerability in the Adning Advertising plugin,…
Read StoryHighlights for June 2020 Cross site scripting is still the most common vulnerability in WordPress Plugins. Bad actors are taking…
Read StoryOn March 16, 2020, LearnPress – WordPress LMS Plugin, a WordPress plugin with over 80,000 installations, patched a high-severity vulnerability…
Read StoryOn April 27, 2020, the Wordfence Threat Intelligence team discovered a Cross-Site Request Forgery(CSRF) vulnerability in Ninja Forms, a WordPress…
Read StoryOn May 6, 2020, our Threat Intelligence team received reports of active exploitation of vulnerabilities in two related plugins, Elementor…
Read Story