Wordfence Research and News

Blog icon
Category: Vulnerabilities

Wordfence Intelligence Weekly WordPress Vulnerability Report (July 24, 2023 to July 30, 2023)

Last week, there were 64 vulnerabilities disclosed in 66 WordPress Plugins and 3 WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 32 Vulnerability Researchers that contributed to WordPress Security last week.

WebToffee Addresses Authentication Bypass Vulnerability in Stripe Payment Plugin for WooCommerce WordPress Plugin

On June 8, 2023, our Wordfence Threat Intelligence team identified and began the responsible disclosure process for an Authentication Bypass vulnerability in WebToffee’s Stripe Payment Plugin for WooCommerce plugin, which is actively installed on more than 10,000 WordPress websites.

Wordfence Intelligence Weekly WordPress Vulnerability Report (July 17, 2023 to July 23, 2023)

Last week, there were 62 vulnerabilities disclosed in 1035 WordPress Plugins and 90 WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 36 Vulnerability Researchers that contributed to WordPress Security last week.

Wordfence Intelligence Weekly WordPress Vulnerability Report (July 10, 2023 to July 16, 2023)

Note: We accidentally sent out an email for this report with last weeks subject line.

“Never Assume Anything” – Unauthenticated Stored Cross-Site Scripting Vulnerability Exposed in 14 Email Logging Plugins

“Never Assume Anything” – that is the 4th Guiding Principle written in the Security section of the WordPress Common APIs Handbook for developers.
featured image: hacker in a hoodie looking at a red world screen

Massive Targeted Exploit Campaign Against WooCommerce Payments Underway

The Wordfence Threat Intelligence team has been monitoring an ongoing exploit campaign targeting a recently disclosed vulnerability in WooCommerce Payments, a plugin installed on over 600,000 sites.

Wordfence Intelligence Weekly WordPress Vulnerability Report (July 3, 2023 to July 9, 2023)

Last week, there were 61 vulnerabilities disclosed in 54 WordPress Plugins and 1 WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 28 Vulnerability Researchers that contributed to WordPress Security last week.

Interesting Arbitrary File Upload Vulnerability Patched in User Registration WordPress Plugin

On June 19, 2023, the Wordfence Threat Intelligence team identified and began the responsible disclosure process for an Arbitrary File Upload vulnerability in WPEverest’s User Registration plugin, which is actively installed on more than 60,000 WordPress websites.

Open-Source Projects Use the Wordfence Vulnerability Data Feed API and You Can Too!

Prior to joining the Wordfence Threat Intelligence team, I spent several years as a vulnerability analyst, responsible for collecting, analyzing, and curating every publicly disclosed vulnerability.

Wordfence Intelligence Weekly WordPress Vulnerability Report (June 26, 2023 to July 2, 2023)

Last week, there were 66 vulnerabilities disclosed in 56 WordPress Plugins and 1 WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 34 Vulnerability Researchers that contributed to WordPress Security last week.
  • Ask Wordfence
  • General Security
  • Holiday
  • Learning
  • Long Read
  • Miscellaneous
  • Monthly Attack Activity Report
  • Podcasts
  • PSA
  • Research
  • SEO
  • Threat Research
  • Uncategorized
  • Videos
  • Vulnerabilities
  • Wordfence
  • Wordfence CLI
  • Wordfence Intelligence
  • WordPress Security

    • Breaking WordPress Security Research in your inbox as it happens.

    Example of a news story

    This site uses cookies in accordance with our Privacy Policy.