Wordfence Research and News

Blog icon
Category: WordPress Security

Common WordPress Vulnerabilities and Prevention Through Secure Coding Best Practices

WordPress has experienced exponential growth in the past several years and now holds over 42% of the CMS market share for all major sites.

Easily Exploitable Critical Vulnerabilities Patched in ProfilePress Plugin

On May 27, 2021, the Wordfence Threat Intelligence team initiated the responsible disclosure process for several vulnerabilities that were discovered in ProfilePress, formerly WP User Avatar, a WordPress plugin installed on over 400,000 sites.

Service Vulnerabilities: Shared Hosting Symlink Security Issue Still Widely Exploited on Unpatched Servers

The Wordfence site cleaning team helps numerous customers recover from malware infections and site intrusions.
Featured Image: Title on background showing a mouse pointer clicking a URL bar

Cross-Site Request Forgery Patched in WP Fluent Forms

On March 2, 2021, the Wordfence Threat Intelligence team responsibly disclosed a Cross-Site Request Forgery(CSRF) vulnerability in WP Fluent Forms, a WordPress plugin installed on over 80,000 sites.

High Severity Vulnerability Patched in WooCommerce Stock Manager Plugin

On May 21, 2021, the Wordfence Threat Intelligence team initiated the responsible disclosure process for a vulnerability that we discovered in WooCommerce Stock Manager, a WordPress plugin installed on over 30,000 sites.
Featured image - Header text on background of padlock images on a screen

Malicious Attack Campaign Targeting Jetpack Users Reusing Passwords

The Wordfence Threat Intelligence and Site Cleaning teams have been tracking a malware campaign that redirects all site visitors to malvertising domains, while attempting to keep site administrators unaware of the infection.

Wordfence is now a CVE Numbering Authority (CNA)

Today, we are excited to announce that Wordfence is authorized by the Common Vulnerabilities and Exposures (CVE®) Program as a CNA, or CVE Numbering Authority.
Critical 0-day in Fancy Product Designer Under Active Attack Featerud Image (Text on rippled background)

Critical 0-day in Fancy Product Designer Under Active Attack

Update: A patched version of Fancy Product Designer, 4.6.9, is now available as of June 2, 2021.

Severe Vulnerabilities Patched in Simple 301 Redirects by BetterLinks Plugin

On April 8, 2021, the Wordfence Threat Intelligence team initiated the responsible disclosure process for several vulnerabilities discovered in Simple 301 Redirects by BetterLinks, a WordPress plugin installed on over 300,000 sites.
Featured image with text Over 600000 Sites Impacted by WP Statistics Patch

Over 600,000 Sites Impacted by WP Statistics Patch

On March 13, 2021, the Wordfence Threat Intelligence team initiated responsible disclosure for a vulnerability in WP Statistics, a plugin installed on over 600,000 WordPress sites.
  • Ask Wordfence
  • General Security
  • Holiday
  • Learning
  • Long Read
  • Miscellaneous
  • Monthly Attack Activity Report
  • Podcasts
  • PSA
  • Research
  • SEO
  • Threat Research
  • Uncategorized
  • Videos
  • Vulnerabilities
  • Wordfence
  • Wordfence CLI
  • Wordfence Intelligence
  • WordPress Security

    • Breaking WordPress Security Research in your inbox as it happens.

    Example of a news story

    This site uses cookies in accordance with our Privacy Policy.