This site uses cookies in accordance with our Privacy Policy.
Wordfence Research and News
Two Vulnerabilities Patched in Facebook for WordPress Plugin
On December 22, 2020, our Threat Intelligence team responsibly disclosed a vulnerability in Facebook for WordPress, formerly known as Official Facebook Pixel, a WordPress plugin installed on over 500,000 sites.
Recently Patched Vulnerability in Thrive Themes Actively Exploited in the Wild
On March 23, 2021, the Wordfence Threat Intelligence Team discovered two recently patched vulnerabilities being actively exploited in Thrive Theme’s “Legacy” Themes and Thrive Theme plugins that were chained together to allow unauthenticated attackers to upload arbitrary files on vulnerable WordPress sites.
Several Vulnerabilities Patched in Tutor LMS Plugin
On December 15, 2020, our Threat Intelligence team responsibly disclosed several vulnerabilities in Tutor LMS, a WordPress plugin installed on over 20,000 sites.
Critical 0-day in The Plus Addons for Elementor Allows Site Takeover
UPDATE 2: As of late March 9th, 2021, the vulnerabilities have been fully patched in version 4.1.7.
Medium Severity Vulnerability Patched in User Profile Picture Plugin
On February 15, 2021, our Threat Intelligence team initiated the responsible disclosure process for a vulnerability that we discovered in User Profile Picture, a WordPress plugin installed on over 60,000 sites.
One Million Sites Affected: Four Severe Vulnerabilities Patched in Ninja Forms
On January 20, 2021, our Threat Intelligence team responsibly disclosed four vulnerabilities in Ninja Forms, a WordPress plugin used by over one million sites.
Multiple Vulnerabilities Patched in Responsive Menu Plugin
On December 17, 2020, our Threat Intelligence team responsibly disclosed three vulnerabilities in Responsive Menu, a WordPress plugin installed on over 100,000 sites.
Unpatched Vulnerability: 50,000 WP Sites Must Find Alternative for Contact Form 7 Style
On December 9, 2020, the Wordfence Threat Intelligence team discovered a Cross-Site Request Forgery (CSRF) to Stored Cross Site Scripting (XSS) vulnerability in Contact Form 7 Style, a WordPress plugin installed on over 50,000 sites.
Multiple Vulnerabilities Patched in Orbit Fox by ThemeIsle Plugin
On November 19, 2020, our Threat Intelligence team responsibly disclosed two vulnerabilities in Orbit Fox by ThemeIsle, a WordPress plugin used by over 400,000 sites.
Who Attacked SolarWinds and Why WordPress Users Need to Know
Chloe Chamberland is a threat analyst and member of the Wordfence Threat Intelligence Team.
Breaking WordPress Security Research in your inbox as it happens.
