This site uses cookies in accordance with our Privacy Policy.
Wordfence Research and News
Category: Vulnerabilities
Unpatched Zero-Day Vulnerability in Social Warfare Plugin Exploited In The Wild
Earlier today, an unnamed security researcher published a full disclosure of a stored Cross-Site Scripting (XSS) vulnerability present in the most recent version of popular WordPress plugin Social Warfare.
Hackers Abusing Recently Patched Vulnerability In Easy WP SMTP Plugin
Over the weekend, a vulnerability was disclosed and patched in the popular WordPress plugin Easy WP SMTP.
XSS Vulnerability in Abandoned Cart Plugin Leads To WordPress Site Takeovers
Last month, a stored cross-site scripting (XSS) flaw was patched in version 5.2.0 of the popular WordPress plugin Abandoned Cart Lite For WooCommerce.
Vulnerabilities Patched in WP Cost Estimation Plugin
At the end of January, Wordfence security analysts identified attackers exploiting vulnerabilities in outdated versions of the commercial plugin WP Cost Estimation & Payment Forms Builder, or WP Cost Estimation for short.
WordPress Sites Compromised via Zero-Day Vulnerabilities in Total Donations Plugin
The Wordfence Threat Intelligence team recently identified multiple critical vulnerabilities in the commercial Total Donations plugin for WordPress.
A Tale of Two Vulnerabilities: Using Commercial Plugins Responsibly
As the most popular CMS on the market, one of the major draws of WordPress is a rich ecosystem of plugins made available by the community.
XSS Injection Campaign Exploits WordPress AMP Plugin
News broke last week disclosing a number of vulnerabilities in the AMP For WP plugin, installed on over 100,000 WordPress sites.
Trends Emerging Following Vulnerability In WP GDPR Compliance Plugin
Earlier this week the WP GDPR Compliance plugin was briefly removed from the WordPress.org repository after the discovery of critical security issues impacting its users.
Privilege Escalation Flaw In WP GDPR Compliance Plugin Exploited In The Wild
After its removal from the WordPress plugin repository yesterday, the popular plugin WP GDPR Compliance released version 1.4.3, an update which patched multiple critical vulnerabilities.
PSA: Multiple Vulnerabilities Present In Firefox 61
In an advisory published yesterday, Mozilla disclosed the presence of nine security flaws in Firefox 61 which have been patched in the latest release of the browser.
Breaking WordPress Security Research in your inbox as it happens.
