Wordfence Research and News

Blog icon
Category: Vulnerabilities

Wordfence Intelligence Weekly WordPress Vulnerability Report (September 11, 2023 to September 17, 2023)

Last week, there were 55 vulnerabilities disclosed in 46 WordPress Plugins and no WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 15 Vulnerability Researchers that contributed to WordPress Security last week.

Two PHP Object Injection Vulnerabilities Fixed in Essential Blocks

On August 18, 2023, the Wordfence Threat Intelligence team initiated the responsible disclosure process for two PHP Object Injection vulnerabilities in the Essential Blocks plugin for WordPress, a plugin with over 100,000 installations.

Wordfence Intelligence Weekly WordPress Vulnerability Report (September 4, 2023 to September 10, 2023)

Last week, there were 107 vulnerabilities disclosed in 89 WordPress Plugins and 5 WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 36 Vulnerability Researchers that contributed to WordPress Security last week.

Over 100,000 WordPress Websites Affected by XSS and SQLi Vulnerabilities in Slimstat Analytics Plugin

On August 24, 2023, our Wordfence Threat Intelligence team identified and began the responsible disclosure process for a stored Cross-Site Scripting (XSS) and a Blind SQL Injection vulnerability in the Slimstat Analytics plugin, which is actively installed on more than 100,000 WordPress websites.

Wordfence Intelligence Weekly WordPress Vulnerability Report (August 28, 2023 to September 3, 2023)

Last week, there were 64 vulnerabilities disclosed in 61 WordPress Plugins and 2 WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 32 Vulnerability Researchers that contributed to WordPress Security last week.

Stored Cross-Site Scripting Vulnerability Patched in Newsletter WordPress Plugin

On August 16, 2023, our Wordfence Threat Intelligence team identified and began the responsible disclosure process for a stored Cross-Site Scripting (XSS) vulnerability in the Newsletter plugin, which is actively installed on more than 300,000 WordPress websites.

Wordfence Intelligence Weekly WordPress Vulnerability Report (August 21, 2023 to August 27, 2023)

Last week, there were 43 vulnerabilities disclosed in 38 WordPress Plugins and no WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 23 Vulnerability Researchers that contributed to WordPress Security last week.

Introducing Free Wordfence Intelligence WordPress Vulnerability Webhook Notifications!

We’re incredibly excited to announce that we have launched a webhook integration for vulnerabilities as part of Wordfence Intelligence, which enables users to stay on top of the latest vulnerabilities being added to the Wordfence Intelligence WordPress Vulnerability database, all completely for free!

Wordfence Intelligence Weekly WordPress Vulnerability Report (August 14, 2023 to August 20, 2023)

Last week, there were 64 vulnerabilities disclosed in 67 WordPress Plugins and 10 WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 37 Vulnerability Researchers that contributed to WordPress Security last week.

Critical Privilege Escalation Vulnerability in Charitable WordPress Plugin Affects Over 10,000 sites

On August 10, 2023, our Wordfence Threat Intelligence team identified and began the responsible disclosure process for a Privilege Escalation vulnerability in the Donation Forms by Charitable plugin, which is actively installed on more than 10,000 WordPress websites.