Wordfence Research and News

Blog icon
Category: Research

Vulnerability Patched in Sassy Social Share Plugin

Update: This article has been updated for accuracy: while we initially did create a rule to block this vulnerability we later found that the vulnerability was already blocked by an existing rule. 
Multiple Vulnerabilities in a Page Builder plugin put 90000 sites at risk

Multiple Vulnerabilities in Brizy Page Builder Plugin Allow Site Takeover

Note: To receive disclosures like this in your inbox the moment they’re published, you can subscribe to our WordPress Security Mailing List.

High Severity Vulnerability Patched in Access Demo Importer Plugin

Note: To receive disclosures like this in your inbox the moment they’re published, you can subscribe to our WordPress Security Mailing List.
Feature image - Title on background

PHP_SELFish Part 2 – Reflected XSS in Easy Social Icons

Today’s post is part two of a two part blog post.
Feature image - Title on background

PHP_SELFish Part 1 – Reflected XSS in underConstruction Plugin

Today’s post is part one of a two part blog post.

Recently Patched Vulnerabilities in Ninja Forms Plugin Affect Over 1 Million Site Owners

On August 3, 2021 the Wordfence Threat Intelligence team initiated the responsible disclosure process for two vulnerabilities that were discovered in Ninja Forms, a WordPress plugin installed on over 1,000,000 sites.
Title text on background showing a crowd and a stylized word Redux

Over 1 Million Sites Affected by Gutenberg Template Library & Redux Framework Vulnerabilities

On August 3, 2021, the Wordfence Threat Intelligence team initiated the disclosure process for two vulnerabilities we discovered in the Gutenberg Template Library & Redux Framework plugin, which is installed on over 1 million WordPress sites.
Post Title on background showing wordpress post editor

Nested Pages Patches Post Deletion Vulnerability

On August 13, 2021, the Wordfence Threat Intelligence team responsibly disclosed two vulnerabilities in Nested Pages, a WordPress plugin installed on over 80,000 sites that provides drag and drop functionality to manage your page structure and post ordering.

Critical Authentication Bypass Vulnerability Patched in Booster for WooCommerce

On July 30, 2021 the Wordfence Threat Intelligence team initiated the responsible disclosure process for a vulnerability that we discovered in Booster for WooCommerce, a WordPress plugin installed on over 80,000 sites.

XSS Vulnerability Patched in SEOPress Affects 100,000 sites

On July 29, 2021 the Wordfence Threat Intelligence team initiated the responsible disclosure process for a vulnerability that we discovered in SEOPress, a WordPress plugin installed on over 100,000 sites.