This site uses cookies in accordance with our Privacy Policy.
Wordfence Research and News
Category: WordPress Security
Easily Exploitable Vulnerabilities Patched in WP Database Reset Plugin
On January 7th, our Threat Intelligence team discovered vulnerabilities in WP Database Reset, a WordPress plugin installed on over 80,000 websites.
Critical Authentication Bypass Vulnerability in InfiniteWP Client Plugin
Description: Authentication Bypass Affected Plugin: InfiniteWP Client Affected Versions: < 1.9.4.5 CVSS Score: 9.8 (Critical) CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Patched Version: 1.9.4.5 A vulnerability has been discovered in the InfiniteWP Client plugin versions 1.9.4.4 or earlier.
Multiple Vulnerabilities Patched in Minimal Coming Soon & Maintenance Mode – Coming Soon Page Plugin
A few weeks ago, our threat intelligence team discovered several vulnerabilities present in Minimal Coming Soon & Maintenance Mode – Coming Soon Page, a WordPress plugin installed on over 80,000 websites.
Critical Vulnerability Patched in 301 Redirects – Easy Redirect Manager
Description: Authenticated Arbitrary Redirect Injection and Modification Affected Plugin: 301 Redirects – Easy Redirect Manager CVSS Score: 9.0 (Critical) CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H CVE ID: CVE-2019-19915 Affected Versions: <= 2.40 Patched Version: 2.45 On Friday December 13th, our Threat Intelligence team discovered vulnerabilities present in 301 Redirects – Easy Redirect Manager, a WordPress plugin installed on ...
WP-VCD Evolves To Remain Most Prevalent WordPress Infection
Early last month we released a comprehensive paper covering WP-VCD, the most prevalent malware campaign affecting the WordPress ecosystem in recent memory.
High Severity Vulnerability Patched in WP Maintenance Plugin
Description: Cross-Site Request Forgery to Stored Cross-Site Scripting CVE ID: CVE-2019-19979 CVSS v3.0 Score: 8.8 (High) CVSS Vector String: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:H Affected Plugin: WP Maintenance Plugin Slug: wp-maintenance Affected Versions: <= 5.0.5 Patched Version: 5.0.6 On November 15th, 2019, our Threat Intelligence team identified a vulnerability present in WP Maintenance, a WordPress plugin with approximately 30,000+ active installs.
Multiple Vulnerabilities Patched in Email Subscribers & Newsletters Plugin
A few weeks ago, our Threat Intelligence team identified several vulnerabilities present in Email Subscribers & Newsletters, a WordPress plugin with approximately 100,000+ active installs.
WP-VCD: The Malware You Installed On Your Own Site
One of the most prevalent malware infections facing the WordPress ecosystem in recent weeks is a campaign known as WP-VCD.
Stored XSS Patched in SyntaxHighlighter Evolved Plugin
Description: Stored XSS CVSS Severity Score: 6.1 (Medium) CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Affected Software: SyntaxHighlighter Evolved Plugin Slug: syntaxhighlighter Affected Version: 3.5.0 Patched Version: 3.5.1 While doing a security audit of the plugins and themes we run on wordfence.com, I discovered a stored XSS vulnerability in SyntaxHighlighter Evolved.
Open Redirect Vulnerability Patched In Bridge Theme
Description: Open Redirect CVSS v3.0 Score: 7.1 (High) CVSS Vector String: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L Affected Software: Two built-in plugins packaged with the Bridge theme – Qode Instagram Widget and Qode Twitter Feed Plugin Slugs: qode-instagram-widget, qode-twitter-feed Affected Versions: Bridge Theme: 18.2 / Plugins: 2.0 (Twitter plugin) 2.0.1 (Instagram plugin) Patched Version: Bridge Theme: 18.2.1 / Plugins: 2.0.1 (Twitter ...
Breaking WordPress Security Research in your inbox as it happens.
