High-Severity Vulnerabilities Patched in LearnPress
On March 16, 2020, LearnPress – WordPress LMS Plugin, a WordPress plugin with over 80,000 installations, patched a high-severity vulnerability…
Read Story
High Severity Vulnerability Patched in Ninja Forms
On April 27, 2020, the Wordfence Threat Intelligence team discovered a Cross-Site Request Forgery(CSRF) vulnerability in Ninja Forms, a WordPress…
Read Story
Combined Attack on Elementor Pro and Ultimate Addons for Elementor Puts 1 Million Sites at Risk
On May 6, 2020, our Threat Intelligence team received reports of active exploitation of vulnerabilities in two related plugins, Elementor…
Read Story
Unpacking The 7 Vulnerabilities Fixed in Today’s WordPress 5.4.1 Security Update
WordPress Core version 5.4.1 has just been released. Since this release is marked as a combined security and bug fix…
Read Story
One Attacker Outpaces All Others
Starting April 28th, we saw a 30 times increase in cross site scripting attack volume, originating from a single attacker,…
Read Story
Vulnerabilities Patched in Page Builder by SiteOrigin Affects Over 1 Million Sites
On Monday, May 4, 2020, the Wordfence Threat Intelligence team discovered two vulnerabilities present in Page Builder by SiteOrigin, a…
Read Story
Slimstat: Stored XSS from Visitors
The WordPress Slimstat plugin, which currently has over 100k installs, allows your website to gather analytics data for your WordPress…
Read Story
Stored XSS in MyBB
The open source PHP forum software myBB recently published a new update, version 1.8.21. This is a security release fixing…
Read Story
OS Command Injection in WP-Database-Backup
On May 28th, a critical OS Command Injection vulnerability affecting the WP-Database-Backup plugin was disclosed to the public by the…
Read Story
WordPress Plugin WP Statistics: Unauthenticated Stored XSS Under Certain Configurations
The WordPress plugin WP Statistics, which has an active installation base of 500k users, has an unauthenticated stored XSS vulnerability…
Read Story