Wordfence Research and News

Blog icon
Category: WordPress Security
WP Lead Plus X Plugin Vulnerabilities

Critical Vulnerabilities in the WP Lead Plus X WordPress Plugin

On March 3, 2020, our Threat intelligence team discovered a number of vulnerabilities in WP Lead Plus X, a WordPress plugin with over 70,000 installations designed to allow site owners to create landing and squeeze pages on their sites.
High Severity Vulnerability Leads to Closure of Plugin with Over 100,000 Installations

High Severity Vulnerability Leads to Closure of Plugin with Over 100,000 Installations

On April 1, 2020, the Wordfence Threat Intelligence team discovered a stored Cross Site Scripting (XSS) vulnerability in Contact Form 7 Datepicker, a WordPress plugin installed on over 100,000 sites.
Critical Vulnerabilities Affecting Over 200,000 Sites Patched in Rank Math SEO Plugin

Critical Vulnerabilities Affecting Over 200,000 Sites Patched in Rank Math SEO Plugin

On March 23, 2020, our Threat Intelligence team discovered 2 vulnerabilities in WordPress SEO Plugin – Rank Math, a WordPress plugin with over 200,000 installations.
Vulnerabilities Patched in IMPress for IDX Broker

Vulnerabilities Patched in IMPress for IDX Broker

On February 28, 2020, the Wordfence Threat Intelligence team became aware of a newly patched stored Cross-Site Scripting (XSS) vulnerability in IMPress for IDX Broker, a WordPress plugin with over 10,000 installations.

Vulnerabilities Patched in the Data Tables Generator by Supsystic Plugin

A few weeks ago, we disclosed several flaws that were patched in the Pricing Table by Supsystic plugin.

Severe Flaws Patched in Responsive Ready Sites Importer Plugin

On March 2nd, our Threat Intelligence team discovered several vulnerable endpoints in Responsive Ready Sites Importer, a WordPress plugin installed on over 40,000 sites.
Popup Builder Vulnerabilities

Vulnerabilities Patched in Popup Builder Plugin Affecting over 100,000 Sites

On March 4th, our Threat Intelligence team discovered several vulnerabilities in Popup Builder, a WordPress plugin installed on over 100,000 sites.
Multiple Vulnerabilities Patched in RegistrationMagic Plugin

Zero-Day Vulnerability in ThemeREX Addons Now Patched

On February 18th, we were alerted to a vulnerability present in ThemeREX Addons, a WordPress plugin installed on approximately 44,000 sites.

Active Attack on Zero Day in Custom Searchable Data Entry System Plugin

The Wordfence Threat Intelligence team is tracking a series of attacks against an unpatched vulnerability in the Custom Searchable Data Entry System plugin for WordPress.
Multiple Vulnerabilities Patched in RegistrationMagic Plugin

Multiple Vulnerabilities Patched in RegistrationMagic Plugin

On February 24th, our Threat Intelligence team discovered several critical vulnerabilities in RegistrationMagic, a WordPress plugin installed on over 10,000 sites, including the vendor’s own site.
  • Ask Wordfence
  • General Security
  • Holiday
  • Learning
  • Long Read
  • Miscellaneous
  • Monthly Attack Activity Report
  • Podcasts
  • PSA
  • Research
  • SEO
  • Threat Research
  • Uncategorized
  • Videos
  • Vulnerabilities
  • Wordfence
  • Wordfence CLI
  • Wordfence Intelligence
  • WordPress Security

    • Breaking WordPress Security Research in your inbox as it happens.

    Example of a news story

    This site uses cookies in accordance with our Privacy Policy.