Wordfence Research and News

Blog icon
Category: WordPress Security

Unauthenticated Stored XSS Vulnerability Patched in Ultimate Member WordPress Plugin

On February 28th, 2024, during our second Bug Bounty Extravaganza, we received a submission for an unauthenticated stored Cross-Site Scripting (XSS) vulnerability in Ultimate Member, a WordPress plugin with more than 200,000+ active installations.

Wordfence Intelligence Weekly WordPress Vulnerability Report (February 26, 2024 to March 3, 2024)

🎉 Did you know we’re running a Bug Bounty Extravaganza again?

Wordfence Intelligence Weekly WordPress Vulnerability Report (February 19, 2024 to February 25, 2024)

🎉 Did you know we’re running a Bug Bounty Extravaganza again?

Spring into Action! Earn up to $10,000 with our Extended Bug Bounty Program Extravaganza through Memorial Day!

Spring into action and kick-start your spring cleaning with a tech twist!

$2,751 Bounty Awarded for Arbitrary File Upload Vulnerability Patched in Avada WordPress Theme

🎉 Did you know we’re running a Bug Bounty Extravaganza again?

$2,063 Bounty Awarded for Unauthenticated SQL Injection Vulnerability Patched in Ultimate Member WordPress Plugin

🎉 Did you know we’re running a Bug Bounty Extravaganza again?

Wordfence Intelligence Weekly WordPress Vulnerability Report (February 12, 2024 to February 18, 2024)

🎉 Did you know we’re running a Bug Bounty Extravaganza again?

$1,313 Bounty Awarded for Privilege Escalation Vulnerability Patched in Academy LMS WordPress Plugin

🎉 Did you know we’re running a Bug Bounty Extravaganza again?

SQL Injection Vulnerability Patched in RSS Aggregator by Feedzy WordPress Plugin

🎉 Did you know we’re running a Bug Bounty Extravaganza again?

Wordfence Intelligence Weekly WordPress Vulnerability Report (February 5, 2024 to February 11, 2024)

🎉 Did you know we’re running a Bug Bounty Extravaganza again?