Wordfence Research and News

Blog icon
Category: Research

1.6 Million WordPress Sites Hit With 13.7 Million Attacks In 36 Hours From 16,000 IPs

Today, on December 9, 2021, our Threat Intelligence team noticed a drastic uptick in attacks targeting vulnerabilities that make it possible for attackers to update arbitrary options on vulnerable sites.

Authentication Bypass Vulnerability Patched in User Registration Plugin

Note: To receive disclosures like this in your inbox the moment they’re published, you can subscribe to our WordPress Security Mailing List.

XSS Vulnerability Patched in Plugin Designed to Enhance WooCommerce

Note: To receive disclosures like this in your inbox the moment they’re published, you can subscribe to our WordPress Security Mailing List.
Post Title on background showing scary cloud

AWS Attacks Targeting WordPress Increase 5X

The Wordfence Threat Intelligence team has been tracking a huge increase in malicious login attempts against WordPress sites in our network.

WooCommerce Extension – Reflected XSS Vulnerability

Note: To receive disclosures like this in your inbox the moment they’re published, you can subscribe to our WordPress Security Mailing List.
Post title on background showing stacked blocks with hand pulling out red block

Over 1 Million Sites Impacted by Vulnerability in Starter Templates Plugin

On October 4, 2021, the Wordfence Threat Intelligence team initiated the responsible disclosure process for the Starter Templates plugin, which is installed on over 1 Million WordPress websites.
Post Title on background showing paper being shredded

Vulnerability in WP DSGVO Tools (GDPR) Plugin Allows Unauthenticated Page Deletion

Note: To receive disclosures like this in your inbox the moment they’re published, you can subscribe to our WordPress Security Mailing List.
Post Title teaser on background showing ripped black and red posterboard

XSS Vulnerability in NextScripts: Social Networks Auto-Poster Plugin Impacts 100,000 Sites

Note: To receive disclosures like this in your inbox the moment they’re published, you can subscribe to our WordPress Security Mailing List.

1,000,000 Sites Affected by OptinMonster Vulnerabilities

Note: To receive disclosures like this in your inbox the moment they’re published, you can subscribe to our WordPress Security Mailing List.
Post title on background showing flames

Site Deletion Vulnerability in Hashthemes Plugin

Update: a previous version of this article incorrectly indicated that this vulnerability could be used for site takeover, we have updated this for accuracy, as the impact is instead complete loss of site content.
  • Ask Wordfence
  • General Security
  • Holiday
  • Learning
  • Long Read
  • Miscellaneous
  • Monthly Attack Activity Report
  • Podcasts
  • PSA
  • Research
  • SEO
  • Threat Research
  • Uncategorized
  • Videos
  • Vulnerabilities
  • Wordfence
  • Wordfence CLI
  • Wordfence Intelligence
  • WordPress Security

    • Breaking WordPress Security Research in your inbox as it happens.

    Example of a news story

    This site uses cookies in accordance with our Privacy Policy.