This site uses cookies in accordance with our Privacy Policy.
Wordfence Research and News
Category: WordPress Security
Vulnerability in EWWW Image Optimizer plugin. Severity 9.6 (Critical)
We disclosed a critical remote code execution vulnerability in the EWWW Image Optimizer plugin to the author yesterday morning.
Wordfence Forensic Team and Site Cleaning Officially Launches
Today we are proud to officially announce the formation of the Wordfence Forensic Team and the launch of our site cleaning services.
Vulnerability fixed in Jetpack 4.0.3. Severity: 6.1 (Medium)
An XSS vulnerability has been fixed in Jetpack version 4.0.3 which was released yesterday.
3 Plugin Vulnerabilities Disclosed Yesterday
We disclosed three plugin vulnerabilities yesterday that we’d like to bring to your attention to.
XSS Vulnerability in Wordfence 6.1.1 to 6.1.6. Severity: 6.1 (Medium)
An hour ago a security researcher, Kacper Szurek, reported a reflected XSS vulnerability in the current version of Wordfence.
Vulnerability in Yoast SEO 3.2.4 for WordPress. Severity 5.3 (Medium)
Update on May 11th: As per Joost’s (Yoast founder) request (see comments below), we have gone ahead and modified the title of this post to reflect the CVSS score of the vulnerability.
Ninja Forms Shell Upload Vulnerability – Very High Risk
A few times a year we see very bad vulnerabilities come along.
What Hackers Do With Compromised WordPress Sites
We often talk to site owners who are surprised that their sites are targeted by attackers.
Announcing a new Firewall, a Threat Defense Feed and a New Approach
This morning at 9am Pacific time we rolled out a new kind of firewall to over 1 Million active WordPress websites.
Panama Papers: Email Hackable via WordPress, Docs Hackable via Drupal
The Mossack Fonseca (MF) data breach, aka Panama Papers, is the largest data breach to journalists in history and includes over 4.8 million emails.
Breaking WordPress Security Research in your inbox as it happens.
