Critical Vulnerability Exposes over 700,000 Sites Using Divi, Extra, and Divi Builder
On July 23, 2020, our Threat Intelligence team discovered a vulnerability present in two themes by Elegant Themes, Divi and…
Read Story
Newsletter Plugin Vulnerabilities Affect Over 300,000 Sites
On July 13, 2020, our Threat Intelligence team was alerted to a recently patched vulnerability in Newsletter, a WordPress plugin…
Read Story
Critical Arbitrary File Upload Vulnerability Patched in wpDiscuz Plugin
On June 19th, our Threat Intelligence team discovered a vulnerability present in Comments – wpDiscuz, a WordPress plugin installed on…
Read Story
High Severity Vulnerability Patched in TC Custom JavaScript
On June 12, 2020, Wordfence Threat Intelligence discovered an unauthenticated stored Cross-Site Scripting(XSS) vulnerability in TC Custom JavaScript, a WordPress…
Read Story
Stored XSS in Elementor
During a routine audit of WordPress plugins last december, we discovered a Stored XSS vulnerability in the very popular Elementor…
Read Story
Vulnerabilities Digest: February 2020
Fixed Plugins and Vulnerabilities PluginVulnerabilityPatched VersionInstalls Duplicator Arbitrary File Download 1.3.28 1000000 Modula Image Gallery Authenticated Stored XSS 2.2.5 70000…
Read Story
Vulnerabilities Digest: March 2020
Fixed Plugins and Vulnerabilities PluginVulnerabilityPatched VersionInstalls Cookiebot Reflected Cross-Site Scripting 3.6.1 40000 Data Tables Generator By Supsystic Authenticated Stored XSS…
Read Story
Vulnerabilities Digest: April 2020
Relevant Plugins and Vulnerabilities: PluginVulnerabilityPatched VersionInstalls Widget Settings Importer/Exporter Stored XSS Closed 40000 Accordion Stored/Reflected XSS 2.2.9 30000 Support Ticket…
Read Story
Vulnerabilities Digest: May 2020
Relevant Plugins and Vulnerabilities: PluginVulnerabilityPatched VersionInstalls WP Product Review Unauthenticated Stored XSS 3.7.6 40000 Form Maker by 10Web Authenticated SQL…
Read Story
Unauthenticated Stored Cross Site Scripting in WP Product Review
During a routine research audit for our Sucuri Firewall, we discovered an Unauthenticated Persistent Cross-Site Scripting (XSS) affecting 40,000+ users…
Read Story