Wordfence Research and News

Blog icon
Category: Vulnerabilities

3 Vulnerabilities in WP Maintenance Mode plugin 2.0.6 and older

This morning an update to the WP Maintenance Mode plugin, version 2.0.7, was released which included fixes for 3 security vulnerabilities.

A Big Week for Security: Upgrade Jetpack to 4.0.4, Upgrade WordPress Core to 4.5.3.

It’s been a busy week for WordPress security. Jetpack has released a major security update with version 4.0.4 this week that fixes three vulnerabilities: a vulnerability that allowed an attacker to perform unauthorized changes to the “post by email” settings a cross site scripting (XSS) vulnerability in the Jetpack ‘Likes’ module a vulnerability that made submitted ...

Vulnerability in WordPress Core: Bypass any password protected post. CVSS Score: 7.5 (High)

The WordPress Core team have just released WordPress version 4.5.3 which is a maintenance and security release.

Vulnerability in EWWW Image Optimizer plugin. Severity 9.6 (Critical)

We disclosed a critical remote code execution vulnerability in the EWWW Image Optimizer plugin to the author yesterday morning.

Vulnerability fixed in Jetpack 4.0.3. Severity: 6.1 (Medium)

An XSS vulnerability has been fixed in Jetpack version 4.0.3 which was released yesterday.

3 Plugin Vulnerabilities Disclosed Yesterday

We disclosed three plugin vulnerabilities yesterday that we’d like to bring to your attention to.

XSS Vulnerability in Wordfence 6.1.1 to 6.1.6. Severity: 6.1 (Medium)

An hour ago a security researcher, Kacper Szurek, reported a reflected XSS vulnerability in the current version of Wordfence.

Vulnerability in Yoast SEO 3.2.4 for WordPress. Severity 5.3 (Medium)

Update on May 11th: As per Joost’s (Yoast founder) request (see comments below), we have gone ahead and modified the title of this post to reflect the CVSS score of the vulnerability.

Ninja Forms Shell Upload Vulnerability – Very High Risk

A few times a year we see very bad vulnerabilities come along.
  • Ask Wordfence
  • General Security
  • Holiday
  • Learning
  • Long Read
  • Miscellaneous
  • Monthly Attack Activity Report
  • Podcasts
  • PSA
  • Research
  • SEO
  • Threat Research
  • Uncategorized
  • Videos
  • Vulnerabilities
  • Wordfence
  • Wordfence CLI
  • Wordfence Intelligence
  • WordPress Security

    • Breaking WordPress Security Research in your inbox as it happens.

    Example of a news story

    This site uses cookies in accordance with our Privacy Policy.