Wordfence Research and News

Blog icon

Website Takeover Campaign Takes Advantage of Unauthenticated Stored Cross-Site Scripting Vulnerability in Popup Builder Plugin

On December 11, 2023, we added an Unauthenticated Stored XSS vulnerability in the Popup Builder WordPress plugin to our Wordfence Intelligence Vulnerability Database.

Wordfence Intelligence Weekly WordPress Vulnerability Report (January 1, 2024 to January 7, 2024)

🎉Wordfence just launched its bug bounty program. For the first 6 months, all awarded bounties receive a 10% bonus.

Type Juggling Leads to Two Vulnerabilities in POST SMTP Mailer WordPress Plugin

On December 14th, 2023, during our Bug Bounty Program Holiday Bug Extravaganza, we received a submission for an Authorization Bypass vulnerability in POST SMTP Mailer, a WordPress plugin with over 300,000+ active installations.

Wordfence Intelligence Weekly WordPress Vulnerability Report (December 18, 2023 to December 31, 2023)

🎉Wordfence just launched its bug bounty program. For the first 6 months, all awarded bounties receive a 10% bonus.

The 2023 Wordfence Holiday Bug Extravaganza Reaches An Exciting Conclusion!

After an incredibly successful few weeks, the Wordfence Holiday Bug Extravaganza came to a close yesterday.

Wordfence Intelligence Weekly WordPress Vulnerability Report (December 11, 2023 to December 17, 2023)

🎉Wordfence just launched its bug bounty program. For the first 6 months, all awarded bounties receive a 10% bonus.
Wordfence CLI 2.1.0

Wordfence CLI 2.1.0 Adds Email Capability and Unattended Configuration

Note: This post refers to Wordfence CLI, the command line tool for operations teams to rapidly scan large numbers of WordPress websites for vulnerabilities and malware, not the Wordfence plugin which is deeply integrated into WordPress and provides additional functionality, like a firewall, two-factor authentication and more.

Wordfence Intelligence Weekly WordPress Vulnerability Report (December 4, 2023 to December 10, 2023)

🎁 Wordfence just launched its bug bounty program. Through December 20th 2023, all researchers will earn 6.25x our normal bounty rates when Wordfence handles responsible disclosure for our Holiday Bug Extravaganza! 

Over 100 WordPress Repository Plugins Affected by Shortcode-based Stored Cross-Site Scripting

On August 14, 2023, the Wordfence Threat Intelligence team began a research project to find Stored Cross-Site Scripting (XSS) via Shortcode vulnerabilities in WordPress repository plugins.

Critical Unauthenticated Remote Code Execution Found in Backup Migration Plugin

🎁 Wordfence just launched its bug bounty program. Through December 20th 2023, all researchers will earn 6.25x our normal bounty rates when Wordfence handles responsible disclosure for our Holiday Bug Extravaganza!