Mark Maunder, Author at Wordfence

Vulnerability Roundup for Thursday July 28th

This is a roundup of recent vulnerabilities in WordPress plugins that you should be aware of.

Serious Vulnerability in All in One SEO Pack Plugin 2.3.6.1 and earlier

There is a serious stored cross site scripting (XSS) vulnerability in All in One SEO Pack Plugin versions 2.3.6.1 and older.

An Interview with a Wordfence Senior Security Analyst

Colette Chamberland is one of our two Senior Security Analysts who mentor and guide the rest of our team of analysts.

A Big Week for Security: Upgrade Jetpack to 4.0.4, Upgrade WordPress Core to 4.5.3.

It’s been a busy week for WordPress security. Jetpack has released a major security update with version 4.0.4 this week that fixes three vulnerabilities: a vulnerability that allowed an attacker to perform unauthorized changes to the “post by email” settings a cross site scripting (XSS) vulnerability in the Jetpack ‘Likes’ module a vulnerability that made submitted ...

8 Reasons Why You Should Choose Wordfence to Clean Your Hacked Site

At Wordfence we know you have a choice between site cleaning vendors.

Vulnerability in WordPress Core: Bypass any password protected post. CVSS Score: 7.5 (High)

The WordPress Core team have just released WordPress version 4.5.3 which is a maintenance and security release.

Wordfence Forensic Team and Site Cleaning Officially Launches

Today we are proud to officially announce the formation of the Wordfence Forensic Team and the launch of our site cleaning services.

Vulnerability fixed in Jetpack 4.0.3. Severity: 6.1 (Medium)

An XSS vulnerability has been fixed in Jetpack version 4.0.3 which was released yesterday.

XSS Vulnerability in Wordfence 6.1.1 to 6.1.6. Severity: 6.1 (Medium)

An hour ago a security researcher, Kacper Szurek, reported a reflected XSS vulnerability in the current version of Wordfence.

Vulnerability in Yoast SEO 3.2.4 for WordPress. Severity 5.3 (Medium)

Update on May 11th: As per Joost’s (Yoast founder) request (see comments below), we have gone ahead and modified the title of this post to reflect the CVSS score of the vulnerability.

Wordfence Research and News