This site uses cookies in accordance with our Privacy Policy.
Wordfence Research and News
Category: Vulnerabilities
Several Critical Vulnerabilities including Privilege Escalation, Authentication Bypass, and More Patched in UserPro WordPress Plugin
On May 1, 2023, the Wordfence Threat Intelligence team began the responsible disclosure process for multiple high and critical severity vulnerabilities we discovered in Kirotech’s UserPro plugin, which is actively installed on more than 20,000 WordPress websites.
Wordfence Intelligence Weekly WordPress Vulnerability Report (November 6, 2023 to November 12, 2023)
🎉Wordfence just launched its bug bounty program. Over the next 6 months, all awarded bounties receive a 10% bonus.
Wordfence Intelligence Weekly WordPress Vulnerability Report (October 30, 2023 to November 5, 2023)
🎉Wordfence just launched its bug bounty program. Over the next 6 months, all awarded bounties receive a 10% bonus.
Wordfence Launches Bug Bounty Program to Fund WordPress Security Research and Showcase Researchers
At Defiant Inc and Wordfence, our mission is to Secure the Web.
Wordfence Intelligence Weekly WordPress Vulnerability Report (October 16, 2023 to October 22, 2023)
Last week, there were 109 vulnerabilities disclosed in 95 WordPress Plugins and 1 WordPress theme that have been added to the Wordfence Intelligence Vulnerability Database, and there were 39 Vulnerability Researchers that contributed to WordPress Security last week.
Several Critical Vulnerabilities Patched in AI ChatBot Plugin for WordPress
On September 28, 2023, the Wordfence Threat Intelligence team initiated the responsible disclosure process for multiple vulnerabilities in AI ChatBot, a WordPress plugin with over 4,000 active installations.
4 Million WordPress Sites affected by Stored Cross-Site Scripting Vulnerability in LiteSpeed Cache Plugin
On August 14, 2023, our Wordfence Threat Intelligence team identified and began the responsible disclosure process for a stored Cross-Site Scripting (XSS) vulnerability in LiteSpeed Cache plugin, which is actively installed on more than 4,000,000 WordPress websites, making it the most popular cache plugin.
Wordfence Intelligence Weekly WordPress Vulnerability Report (October 9, 2023 to October 15, 2023)
Last week, there were 103 vulnerabilities disclosed in 85 WordPress Plugins and no WordPress themes, with 7 of those being in WordPress Core, that have been added to the Wordfence Intelligence Vulnerability Database, and there were 46 Vulnerability Researchers that contributed to WordPress Security last week.
PSA: Critical Unauthenticated Arbitrary File Upload Vulnerability in Royal Elementor Addons and Templates Being Actively Exploited
Update: Wordfence has released a malware detection signature for wp.ph$p to Wordfence Premium, Wordfence Care, Wordfence Response, and the paid tiers of Wordfence CLI as of Monday, October 16, 2023.
WordPress 6.3.2 Security Release – What You Need to Know
WordPress Core 6.3.2 was released today, on October 12, 2023. It includes a number of security fixes and additional hardening against commonly exploited vulnerabilities.
Breaking WordPress Security Research in your inbox as it happens.
