Website Takeover Campaign Takes Advantage of Unauthenticated Stored Cross-Site Scripting Vulnerability in Popup Builder Plugin
On December 11, 2023, we added an Unauthenticated Stored XSS vulnerability in the Popup Builder WordPress plugin to our Wordfence…
Read Story
Wordfence Intelligence Weekly WordPress Vulnerability Report (January 1, 2023 to January 7, 2023)
Wordfence just launched its bug bounty program. For the first 6 months, all awarded bounties receive a 10% bonus. View…
Read Story
Type Juggling Leads to Two Vulnerabilities in POST SMTP Mailer WordPress Plugin
On December 14th, 2023, during our Bug Bounty Program Holiday Bug Extravaganza, we received a submission for an Authorization Bypass…
Read Story
Wordfence Intelligence Weekly WordPress Vulnerability Report (December 18, 2023 to December 31, 2023)
Wordfence just launched its bug bounty program. For the first 6 months, all awarded bounties receive a 10% bonus. View…
Read Story
WordPress Vulnerability & Patch Roundup October 2023
Vulnerability reports and responsible disclosures are essential for website security awareness and education. Automated attacks targeting known software vulnerabilities are…
Read Story
The 2023 Wordfence Holiday Bug Extravaganza Reaches An Exciting Conclusion!
After an incredibly successful few weeks, the Wordfence Holiday Bug Extravaganza came to a close yesterday. We’d like to sincerely…
Read Story
Wordfence Intelligence Weekly WordPress Vulnerability Report (December 11, 2023 to December 17, 2023)
Wordfence just launched its bug bounty program. For the first 6 months, all awarded bounties receive a 10% bonus. View…
Read Story
Wordfence Intelligence Weekly WordPress Vulnerability Report (December 4, 2023 to December 10, 2023)
Wordfence just launched its bug bounty program. Through December 20th 2023, all researchers will earn 6.25x our normal bounty rates when Wordfence handles…
Read Story
Over 100 WordPress Repository Plugins Affected by Shortcode-based Stored Cross-Site Scripting
On August 14, 2023, the Wordfence Threat Intelligence team began a research project to find Stored Cross-Site Scripting (XSS) via…
Read Story
Critical Unauthenticated Remote Code Execution Found in Backup Migration Plugin
Wordfence just launched its bug bounty program. Through December 20th 2023, all researchers will earn 6.25x our normal bounty rates…
Read Story