This site uses cookies in accordance with our Privacy Policy.
Wordfence Research and News
Category: Vulnerabilities
A Challenging Exploit: The Contact Form 7 File Upload Vulnerability
Contact Form 7, arguably the most widely used WordPress plugin, released a security patch for an unrestricted file upload vulnerability in all versions 5.3.1 and lower.
Reflected XSS in PageLayer Plugin Affects Over 200,000 WordPress Sites
On November 4, 2020, the Wordfence Threat Intelligence team found two reflected Cross-Site Scripting (XSS) vulnerabilities in PageLayer, a WordPress plugin installed on over 200,000 sites.
Large-Scale Attacks Target Epsilon Framework Themes
On November 17, 2020, our Threat Intelligence team noticed a large-scale wave of attacks against recently reported Function Injection vulnerabilities in themes using the Epsilon Framework, which we estimate are installed on over 150,000 sites.
Critical Privilege Escalation Vulnerabilities Affect 100K Sites Using Ultimate Member Plugin
On October 23, 2020, our Threat Intelligence team responsibly disclosed several vulnerabilities in Ultimate Member, a WordPress plugin installed on over 100,000 sites.
Object Injection Vulnerability in Welcart e-Commerce Plugin
On October 6, 2020, our Threat Intelligence team discovered a High-Severity Object Injection vulnerability in Welcart e-Commerce, a WordPress plugin with over 20,000 installations that claims top market share in Japan.
High Severity Vulnerability Patched in Child Theme Creator by Orbisius
On September 9, 2020, our Threat Intelligence team discovered a vulnerability in Child Theme Creator by Orbisius, a WordPress plugin installed on over 30,000 sites.
Vulnerability Exposes Over 4 Million Sites Using WPBakery
On July 27th, our Threat Intelligence team discovered a vulnerability in WPBakery, a WordPress plugin installed on over 4.3 million sites.
High Severity Vulnerabilities in Post Grid and Team Showcase Plugins
On September 14, 2020, our Threat Intelligence team discovered two high severity vulnerabilities in Post Grid, a WordPress plugin with over 60,000 installations.
Critical Vulnerabilities Patched in XCloner Backup and Restore Plugin
On August 14, our Threat Intelligence team discovered several vulnerabilities present in XCloner Backup and Restore, a WordPress plugin installed on over 30,000 sites.
High-Severity Vulnerabilities Patched in Discount Rules for WooCommerce
On August 20, 2020, the Wordfence Threat Intelligence team was made aware of several vulnerabilities that had been patched in Discount Rules for WooCommerce, a WordPress plugin installed on over 40,000 sites.
Breaking WordPress Security Research in your inbox as it happens.
