Wordfence Research and News

Blog icon
Category: WordPress Security

Wordfence Announces Password Auditing

Today we are very excited to announce a new feature in Wordfence: Password Auditing.

WordPress Security: Hacked Images, Themes, Redirects and A Gem In The Sand

Editor’s note: This is a guest blog post by Jim Walker [bio] who runs HackRepair and has been cleaning hacked websites for well over a decade.

WooCommerce SQL injection vulnerability

Yesterday Matt Barry, one of our researchers at Wordfence discovered a SQL injection vulnerability in WooCommerce version 2.3.5 and older during a code audit of the plugin repository.  

Vulnerability in WordPress SEO by Yoast – Upgrade Immediately

A vulnerability has been discovered in WordPress SEO by Yoast. A fix was released yesterday and so was a ton of press coverage – everything from SearchEngineLand to TheHackerNews to Graham Cluley’s website to SERoundTable to ComputerWorld.

Zero Day SQL Injection Vulnerability in WordPress Video Gallery

Update 2 on Feb 24th: A new version of this plugin has been released.

The Forbes Hack and How Your Visitors are Targets Too

I spent a few days last week in Washington DC chatting to new and old friends in aerospace, many well known cybersecurity vendors and folks in the intelligence community.

Vulnerability in FancyBox Plugin for WordPress – Update immediately

A serious vulnerability has been discovered in the FancyBox plugin for WordPress.

Wordfence 2015 Update and Three Plugin Vulnerabilities You Should Know About

2015 is going to be an exciting year for WordPress publishers.

WordPress Security: Multiple Vulnerabilities in InfiniteWP Admin Panel. Upgrade immediately.

About an hour ago researcher Walter Hop from Slik BV in the Netherlands disclosed multiple serious vulnerabilities in the InfiniteWP Admin Panel on the Full Disclosure and Bugtraq mailing lists. 

WordPress Security: Serious Vulnerability in WordPress Download Manager

There is a serious vulnerability in the WordPress Download Manager plugin that allows a remote attacker to upload malicious scripts to your website, gain administrative access and modify passwords.
  • Ask Wordfence
  • General Security
  • Holiday
  • Learning
  • Long Read
  • Miscellaneous
  • Monthly Attack Activity Report
  • Podcasts
  • PSA
  • Research
  • SEO
  • Threat Research
  • Uncategorized
  • Videos
  • Vulnerabilities
  • Wordfence
  • Wordfence CLI
  • Wordfence Intelligence
  • WordPress Security

    • Breaking WordPress Security Research in your inbox as it happens.

    Example of a news story

    This site uses cookies in accordance with our Privacy Policy.