Wordfence Research and News

Blog icon

WooCommerce Extension – Reflected XSS Vulnerability

Note: To receive disclosures like this in your inbox the moment they’re published, you can subscribe to our WordPress Security Mailing List.

1,000,000 Sites Affected by OptinMonster Vulnerabilities

Note: To receive disclosures like this in your inbox the moment they’re published, you can subscribe to our WordPress Security Mailing List.

Vulnerability Patched in Sassy Social Share Plugin

Update: This article has been updated for accuracy: while we initially did create a rule to block this vulnerability we later found that the vulnerability was already blocked by an existing rule. 

High Severity Vulnerability Patched in Access Demo Importer Plugin

Note: To receive disclosures like this in your inbox the moment they’re published, you can subscribe to our WordPress Security Mailing List.

Recently Patched Vulnerabilities in Ninja Forms Plugin Affect Over 1 Million Site Owners

On August 3, 2021 the Wordfence Threat Intelligence team initiated the responsible disclosure process for two vulnerabilities that were discovered in Ninja Forms, a WordPress plugin installed on over 1,000,000 sites.

Critical Authentication Bypass Vulnerability Patched in Booster for WooCommerce

On July 30, 2021 the Wordfence Threat Intelligence team initiated the responsible disclosure process for a vulnerability that we discovered in Booster for WooCommerce, a WordPress plugin installed on over 80,000 sites.

XSS Vulnerability Patched in SEOPress Affects 100,000 sites

On July 29, 2021 the Wordfence Threat Intelligence team initiated the responsible disclosure process for a vulnerability that we discovered in SEOPress, a WordPress plugin installed on over 100,000 sites.

2021 Mid-Year WordPress Security Report: A Collaboration Between Wordfence and WPScan

Wordfence has collaborated with WPScan to conduct a 2021 mid-year review on the state of WordPress security.

You’ve Found a Vulnerability! Now What? A Guide to Responsible Disclosure.

Information security researchers make a valuable contribution to our online security by finding vulnerabilities and facilitating getting them fixed.

Common WordPress Vulnerabilities and Prevention Through Secure Coding Best Practices

WordPress has experienced exponential growth in the past several years and now holds over 42% of the CMS market share for all major sites.