Wordfence Research and News

Blog icon
Category: WordPress Security

Multiple Vulnerabilities Patched in Responsive Menu Plugin

On December 17, 2020, our Threat Intelligence team responsibly disclosed three vulnerabilities in Responsive Menu, a WordPress plugin installed on over 100,000 sites.
Severe Vulnerabilities Patched in Nextgen Gallery Feature Image

Severe Vulnerabilities Patched in NextGen Gallery Affect over 800,000 WordPress Sites

On December 14, 2020, the Wordfence Threat Intelligence team finished researching two Cross-Site Request Forgery (CSRF) vulnerabilities in NextGen Gallery, a WordPress plugin with over 800,000 installations, including a critical severity vulnerability that could lead to Remote Code Execution(RCE) and Stored Cross-Site Scripting(XSS).

Unpatched Vulnerability: 50,000 WP Sites Must Find Alternative for Contact Form 7 Style

On December 9, 2020, the Wordfence Threat Intelligence team discovered a Cross-Site Request Forgery (CSRF) to Stored Cross Site Scripting (XSS) vulnerability in Contact Form 7 Style, a WordPress plugin installed on over 50,000 sites.
Wordfence Machine Learning Malware Identification

Machine Learning Gives Wordfence an Advantage

Wordfence is the leader in WordPress security, protecting over 4 million WordPress sites from malicious attacks.
Wordfence 2020 threat report feature image

The Wordfence 2020 WordPress Threat Report

Over the course of 2020, and in the process of protecting over 4 million WordPress customers, the Wordfence Threat Intelligence team gathered a massive amount of raw data from attacks targeting WordPress and infection trends, in addition to the malware samples gathered by our Site Cleaning team.
Uncovering Potential Issues with the Contact Form 7 Vulnerability: More Data Needed Feature Image

Uncovering Potential Issues with the Contact Form 7 Vulnerability: More Data Needed

Update: The Proof of Concept posted on exploit-db has been removed since the publication of this article.

Multiple Vulnerabilities Patched in Orbit Fox by ThemeIsle Plugin

On November 19, 2020, our Threat Intelligence team responsibly disclosed two vulnerabilities in Orbit Fox by ThemeIsle, a WordPress plugin used by over 400,000 sites.

Who Attacked SolarWinds and Why WordPress Users Need to Know

Chloe Chamberland is a threat analyst and member of the Wordfence Threat Intelligence Team.
SolarWinds and Supply Chain Attacks: Could it happen to WordPress?

SolarWinds and Supply Chain Attacks: Could it happen to WordPress?

The SolarWinds supply chain attack is all over the news, impacting government agencies, telecommunications firms, and other large organizations.
A Challenging Exploit: The Contact Form 7 Vulnerability

A Challenging Exploit: The Contact Form 7 File Upload Vulnerability

Contact Form 7, arguably the most widely used WordPress plugin, released a security patch for an unrestricted file upload vulnerability in all versions 5.3.1 and lower.
  • Ask Wordfence
  • General Security
  • Holiday
  • Learning
  • Long Read
  • Miscellaneous
  • Monthly Attack Activity Report
  • Podcasts
  • PSA
  • Research
  • SEO
  • Threat Research
  • Uncategorized
  • Videos
  • Vulnerabilities
  • Wordfence
  • Wordfence CLI
  • Wordfence Intelligence
  • WordPress Security

    • Breaking WordPress Security Research in your inbox as it happens.

    Example of a news story

    This site uses cookies in accordance with our Privacy Policy.