This site uses cookies in accordance with our Privacy Policy.
Wordfence Research and News
Category: WordPress Security
An Inside Look at The Malware and Techniques Used in the WordPress.org Supply Chain Attack
On Monday June 24th, 2024 the Wordfence Threat Intelligence team was made aware of the presence of malware in the Social Warfare repository plugin (see post Supply Chain Attack on WordPress.org Plugins Leads to 5 Maliciously Compromised WordPress Plugins).
Wordfence Intelligence Weekly WordPress Vulnerability Report (June 17, 2024 to June 23, 2024)
📢 Did you know Wordfence runs a Bug Bounty Program for all WordPress plugin and themes at no cost to vendors?
Developer Accounts Compromised Due to Credential Reuse in WordPress.org Supply Chain Attack
On June 24th, 2024, the Wordfence Threat Intelligence Team became aware of a WordPress plugin, Social Warfare, that was infected with malware through the WordPress repository.
WordPress 6.5.5 Security Release – What You Need to Know
📢 Did you know Wordfence runs a Bug Bounty Program for all WordPress plugin and themes at no cost to vendors?
Supply Chain Attack on WordPress.org Plugins Leads to 5 Maliciously Compromised WordPress Plugins
On Monday June 24th, 2024 the Wordfence Threat Intelligence team became aware of a plugin, Social Warfare, that was injected with malicious code on June 22, 2024 based on a forum post by the WordPress.org Plugin Review team.
Wordfence Intelligence Weekly WordPress Vulnerability Report (June 10, 2024 to June 16, 2024)
📢 Did you know Wordfence runs a Bug Bounty Program for all WordPress plugin and themes at no cost to vendors?
Wordfence Intelligence Weekly WordPress Vulnerability Report (June 3, 2024 to June 9, 2024)
📢 Did you know Wordfence runs a Bug Bounty Program for all WordPress plugin and themes at no cost to vendors?
Introducing the 0-day Threat Hunt Bug Bounty Promo Through July 11th, 2024!
Update: As of July 12, 2024, we decided to make the vulnerabilities that were in-scope for the 0-day Threat Hunt indefinitely in-scope of our program.
Wordfence Intelligence Weekly WordPress Vulnerability Report (May 27, 2024 to June 2, 2024)
📢 Did you know Wordfence runs a Bug Bounty Program for all WordPress plugin and themes at no cost to vendors?
40,000 WordPress Sites affected by Vulnerability That Leads to Privilege Escalation in Login/Signup Popup WordPress Plugin
On May 17th, 2024 we received a submission for an Arbitrary Options Update vulnerability in Login/Signup Popup, a WordPress plugin with more than 40,000 active installations.
Breaking WordPress Security Research in your inbox as it happens.
