Unpacking The 7 Vulnerabilities Fixed in Today’s WordPress 5.4.1 Security Update
WordPress Core version 5.4.1 has just been released. Since this release is marked as a combined security and bug fix…
Read Story
One Attacker Outpaces All Others
Starting April 28th, we saw a 30 times increase in cross site scripting attack volume, originating from a single attacker,…
Read Story
Vulnerabilities Patched in Page Builder by SiteOrigin Affects Over 1 Million Sites
On Monday, May 4, 2020, the Wordfence Threat Intelligence team discovered two vulnerabilities present in Page Builder by SiteOrigin, a…
Read Story
Slimstat: Stored XSS from Visitors
The WordPress Slimstat plugin, which currently has over 100k installs, allows your website to gather analytics data for your WordPress…
Read Story
Stored XSS in MyBB
The open source PHP forum software myBB recently published a new update, version 1.8.21. This is a security release fixing…
Read Story
OS Command Injection in WP-Database-Backup
On May 28th, a critical OS Command Injection vulnerability affecting the WP-Database-Backup plugin was disclosed to the public by the…
Read Story
WordPress Plugin WP Statistics: Unauthenticated Stored XSS Under Certain Configurations
The WordPress plugin WP Statistics, which has an active installation base of 500k users, has an unauthenticated stored XSS vulnerability…
Read Story
Dissecting the WordPress 5.2.3 Update
Last week, WordPress released version 5.2.3 which was a security and maintenance update, and as such, contained many security fixes.…
Read Story
Icegram Persistent Cross-Site Scripting
Icegram is a plugin that helps you collect email addresses for your newsletter. Other features include light-box popup offers, header…
Read Story
Zero-Day RCE in vBulletin v5.0.0-v5.5.4
A new remote code execution (RCE) zero-day vulnerability has been disclosed by an anonymous researcher on the full disclosure mailing…
Read Story