On January 26, 2023, the Wordfence team responsibly disclosed an unauthenticated stored Cross-Site Scripting vulnerability in Limit Login Attempts, a WordPress plugin installed on over 600,000 sites that provides site owners with the ability to block IP addresses that have made repeated failed login attempts.
Last week, there were 82 vulnerabilities disclosed in 70 WordPress Plugins and 1 WordPress theme that have been added to the Wordfence Intelligence Vulnerability Database, and there were 34 Vulnerability Researchers that contributed to WordPress Security last week.
Last week, there were 80 vulnerabilities disclosed in 69 WordPress Plugins and 1 WordPress theme that have been added to the Wordfence Intelligence Vulnerability Database, and there were 31 Vulnerability Researchers that contributed to WordPress Security last week.
This post has been updated with additional information that has become available since its publication The Wordfence Threat Intelligence team regularly monitors plugin updates and reviews any indicating that a potential security issue may have been addressed.
Last week, there were 92 vulnerabilities disclosed in 76 WordPress Plugins and 7 WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 34 Vulnerability Researchers that contributed to WordPress Security last week.
The Wordfence Threat Intelligence Team recently disclosed several Reflected Cross-Site Scripting vulnerabilities that we discovered in three different plugins – Watu Quiz (installed on 5,000 sites), GN-Publisher (installed on 40,000 sites), and Japanized For WooCommerce (installed on 10,000 sites).
Last week, there were 60 vulnerabilities disclosed in 40 WordPress Plugins and 1 WordPress theme that have been added to the Wordfence Intelligence Vulnerability Database, and there were 16 Vulnerability Researchers that contributed to WordPress Security last week.
Wordfence has curated an industry leading vulnerability database with all known WordPress core, theme, and plugin vulnerabilities known as Wordfence Intelligence.
Wordfence has curated an industry leading vulnerability database with all known WordPress core, theme, and plugin vulnerabilities known as Wordfence Intelligence Community Edition.
Breaking WordPress Security Research in your inbox as it happens.
This site uses cookies in accordance with our Privacy Policy.
Cookie Options
For additional information on how this site uses cookies, please review our Privacy Policy. The cookies used by this site are classified into the following categories and can be configured below.
Strictly Necessary
These Cookies are necessary for the Sites and Services to work properly. They include any essential authentication and authorization cookies for the Services.
* Cookies of this category are necessary for the site to function and cannot be disabled.
Performance/Analytical
These Cookies allow us to collect certain information about how you navigate the Sites or utilize the Services running on your device. They help us understand which areas you use and what we can do to improve them.
Targeting
These Cookies are used to deliver relevant information related to the Services to an identified machine or other device (not a named or otherwise identifiable person) which has previously been used to visit our Sites. Some of these types of Cookies on our Sites are operated by third parties with our permission and are used to identify advertising sources that are effectively driving customers to our Sites.