Wordfence Research and News

Blog icon
Category: Vulnerabilities
Limit Login Attempts Post Image

Update Now! Severe Vulnerability Impacting 600,000 Sites Patched in Limit Login Attempts

On January 26, 2023, the Wordfence team responsibly disclosed an unauthenticated stored Cross-Site Scripting vulnerability in Limit Login Attempts, a WordPress plugin installed on over 600,000 sites that provides site owners with the ability to block IP addresses that have made repeated failed login attempts.

Wordfence Intelligence Weekly WordPress Vulnerability Report (Mar 27, 2023 to Apr 2, 2023)

Last week, there were 82 vulnerabilities disclosed in 70 WordPress Plugins and 1 WordPress theme that have been added to the Wordfence Intelligence Vulnerability Database, and there were 34 Vulnerability Researchers that contributed to WordPress Security last week.

Wordfence Intelligence Weekly WordPress Vulnerability Report (Mar 20, 2023 to Mar 26, 2023)

Last week, there were 80 vulnerabilities disclosed in 69 WordPress Plugins and 1 WordPress theme that have been added to the Wordfence Intelligence Vulnerability Database, and there were 31 Vulnerability Researchers that contributed to WordPress Security last week.

PSA: Update Now! Critical Authentication Bypass in WooCommerce Payments Allows Site Takeover

This post has been updated with additional information that has become available since its publication The Wordfence Threat Intelligence team regularly monitors plugin updates and reviews any indicating that a potential security issue may have been addressed.

Wordfence Intelligence Weekly WordPress Vulnerability Report (Mar 13, 2023 to Mar 19, 2023)

Last week, there were 92 vulnerabilities disclosed in 76 WordPress Plugins and 7 WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 34 Vulnerability Researchers that contributed to WordPress Security last week.

Multiple Reflected Cross-Site Scripting Vulnerabilities in Three WordPress Plugins Patched

The Wordfence Threat Intelligence Team recently disclosed several Reflected Cross-Site Scripting vulnerabilities that we discovered in three different plugins – Watu Quiz (installed on 5,000 sites), GN-Publisher (installed on 40,000 sites), and Japanized For WooCommerce (installed on 10,000 sites).

Wordfence Intelligence Weekly WordPress Vulnerability Report (Mar 6, 2023 to Mar 12, 2023)

Last week, there were 60 vulnerabilities disclosed in 40 WordPress Plugins and 1 WordPress theme that have been added to the Wordfence Intelligence Vulnerability Database, and there were 16 Vulnerability Researchers that contributed to WordPress Security last week.
Leading Image - Vulnerability Patched in Cozmolabs Profile Builder Plugin - Information Disclosure Leads to Account Takevoer

Vulnerability Patched in Cozmolabs Profile Builder Plugin – Information Disclosure Leads to Account Takeover

Hundreds, if not thousands of WordPress plugins are conceived with the idea of making site building and maintenance easier for site owners.

Wordfence Intelligence Weekly WordPress Vulnerability Report (Feb 27, 2023 to Mar 5, 2023)

Wordfence has curated an industry leading vulnerability database with all known WordPress core, theme, and plugin vulnerabilities known as Wordfence Intelligence.

Wordfence Intelligence Weekly WordPress Vulnerability Report (Feb 20, 2023 to Feb 26, 2023)

Wordfence has curated an industry leading vulnerability database with all known WordPress core, theme, and plugin vulnerabilities known as Wordfence Intelligence Community Edition.