XSS Flaw Impacting 100,000 Sites Patched in KingComposer
On June 15, 2020, our Threat Intelligence team was made aware of a number of access control vulnerabilities that had…
Read Story
Critical Vulnerabilities Patched in Adning Advertising Plugin
On June 24, 2020, our Threat Intelligence team was made aware of a possible vulnerability in the Adning Advertising plugin,…
Read Story
Vulnerabilities Digest: June 2020
Highlights for June 2020 Cross site scripting is still the most common vulnerability in WordPress Plugins. Bad actors are taking…
Read Story
High-Severity Vulnerabilities Patched in LearnPress
On March 16, 2020, LearnPress – WordPress LMS Plugin, a WordPress plugin with over 80,000 installations, patched a high-severity vulnerability…
Read Story
High Severity Vulnerability Patched in Ninja Forms
On April 27, 2020, the Wordfence Threat Intelligence team discovered a Cross-Site Request Forgery(CSRF) vulnerability in Ninja Forms, a WordPress…
Read Story
Combined Attack on Elementor Pro and Ultimate Addons for Elementor Puts 1 Million Sites at Risk
On May 6, 2020, our Threat Intelligence team received reports of active exploitation of vulnerabilities in two related plugins, Elementor…
Read Story
Unpacking The 7 Vulnerabilities Fixed in Today’s WordPress 5.4.1 Security Update
WordPress Core version 5.4.1 has just been released. Since this release is marked as a combined security and bug fix…
Read Story
One Attacker Outpaces All Others
Starting April 28th, we saw a 30 times increase in cross site scripting attack volume, originating from a single attacker,…
Read Story
Vulnerabilities Patched in Page Builder by SiteOrigin Affects Over 1 Million Sites
On Monday, May 4, 2020, the Wordfence Threat Intelligence team discovered two vulnerabilities present in Page Builder by SiteOrigin, a…
Read Story
Slimstat: Stored XSS from Visitors
The WordPress Slimstat plugin, which currently has over 100k installs, allows your website to gather analytics data for your WordPress…
Read Story