Vulnerabilities Archives - Page 17 of 42

PSA: Unpatched Critical Privilege Escalation Vulnerability in Ultimate Member Plugin Being Actively Exploited

Today, on June 29, 2023, the Wordfence Threat Intelligence Team became aware of an unpatched privilege escalation vulnerability being actively exploited in Ultimate Member, a WordPress plugin installed on over 200,000 sites, through our vulnerability changelog monitoring we do to ensure the Wordfence Intelligence Vulnerability Database has the most up to date and accurate information.

Wordfence Intelligence Weekly WordPress Vulnerability Report (June 19, 2023 to June 25, 2023)

Last week, there were 84 vulnerabilities disclosed in 76 WordPress Plugins and 2 WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 42 Vulnerability Researchers that contributed to WordPress Security last week.

miniOrange Addresses Authentication Bypass Vulnerability in WordPress Social Login and Register WordPress Plugin

On May 28, 2023, our Wordfence Threat Intelligence team identified and began the responsible disclosure process for an Authentication Bypass vulnerability in miniOrange’s WordPress Social Login and Register plugin, which is actively installed on more than 30,000 WordPress websites.

Arbitrary User Password Change Vulnerability in LearnDash LMS WordPress Plugin

On June 5, 2023, our Wordfence Threat Intelligence team identified, and began the responsible disclosure process, for an Arbitrary User Password Change vulnerability in LearnDash LMS plugin, a WordPress plugin that is actively installed on more than 100,000 WordPress websites according to our estimates.

Wordfence Intelligence Weekly WordPress Vulnerability Report (June 12, 2023 to June 18, 2023)

Last week, there were 60 vulnerabilities disclosed in 52 WordPress Plugins and no WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 25 Vulnerability Researchers that contributed to WordPress Security last week.

StylemixThemes Addresses Authentication Bypass Vulnerability in BookIt WordPress Plugin

On May 22, 2023, our Wordfence Threat Intelligence team identified and began the responsible disclosure process for an Authentication Bypass vulnerability in StylemixThemes’s BookIt plugin, which is actively installed on more than 10,000 WordPress websites.

Tyche Softwares Addresses Authentication Bypass Vulnerability in Abandoned Cart Lite for WooCommerce WordPress Plugin

On May 29, 2023, our Wordfence Threat Intelligence team identified and began the responsible disclosure process for an Authentication Bypass vulnerability in Tyche Softwares’s Abandoned Cart Lite for WooCommerce plugin, which is actively installed on more than 30,000 WordPress websites.

Wordfence Intelligence Weekly WordPress Vulnerability Report (June 5, 2023 to June 11, 2023)

Last week, there were 45 vulnerabilities disclosed in 30 WordPress Plugins and no WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 17 Vulnerability Researchers that contributed to WordPress Security last week.

Wordfence Intelligence Weekly WordPress Vulnerability Report (May 29, 2023 to June 4, 2023)

Last week, there were 116 vulnerabilities disclosed in 88 WordPress Plugins and 3 WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 35 Vulnerability Researchers that contributed to WordPress Security last week.

Critical Security Update: Directorist WordPress Plugin Patches Two High-risk Vulnerabilities

Alongside our usual work to discover, report, and remediate vulnerabilities in the WordPress ecosystem, the WordPress Threat Intelligence team has been conducting a deep-dive into WordPress plugin code with the objective of finding methods to bypass authentication and gain elevated privileges in WordPress plugins so we can help developers patch these vulnerabilities before threat actors ...

Wordfence Research and News