Wordfence just launched its bug bounty program. For the first 6 months, all awarded bounties receive a 10% bonus. View the announcement to learn more now! Last week, there were 16 vulnerabilities disclosed in 16 WordPress Plugins and no WordPress Continue reading Wordfence Intelligence Weekly WordPress Vulnerability Report (December 11, 2023 to December 17, 2023)
Note: This post refers to Wordfence CLI, the command line tool for operations teams to rapidly scan large numbers of WordPress websites for vulnerabilities and malware, not the Wordfence plugin which is deeply integrated into WordPress and provides additional functionality, Continue reading Wordfence CLI 2.1.0 Adds Email Capability and Unattended Configuration
Wordfence just launched its bug bounty program. Through December 20th 2023, all researchers will earn 6.25x our normal bounty rates when Wordfence handles responsible disclosure for our Holiday Bug Extravaganza! Register as a researcher and submit your vulnerabilities today! Last week, there were 109 vulnerabilities disclosed in Continue reading Wordfence Intelligence Weekly WordPress Vulnerability Report (December 4, 2023 to December 10, 2023)
On August 14, 2023, the Wordfence Threat Intelligence team began a research project to find Stored Cross-Site Scripting (XSS) via Shortcode vulnerabilities in WordPress repository plugins. This type of vulnerability enables threat actors with contributor-level permissions or higher to inject Continue reading Over 100 WordPress Repository Plugins Affected by Shortcode-based Stored Cross-Site Scripting
Wordfence just launched its bug bounty program. Through December 20th 2023, all researchers will earn 6.25x our normal bounty rates when Wordfence handles responsible disclosure for our Holiday Bug Extravaganza! The researcher who reported this vulnerability was awarded $2,751.00! Register Continue reading Critical Unauthenticated Remote Code Execution Found in Backup Migration Plugin
On December 6, 2023, the Wordfence team noticed a changelog entry for version 3.18.1 of Elementor, a WordPress plugin installed on nearly 9 million sites. We did not discover the original vulnerability and only became aware of it after reviewing Continue reading PSA: High Severity File Upload Vulnerability in Elementor Patched
Today, The Wordfence Bug Bounty Program was featured on an episode of the Critical Thinking Podcast, a top resource and community for bug bounty researchers. Critical Thinking is a podcast focused on ethical hacking and security analysis and is described Continue reading Vulnerability Researchers: Check out The Critical Thinking Podcast
Wordfence just launched its bug bounty program. Through December 20th 2023, all researchers will earn 6.25x our normal bounty rates when Wordfence handles responsible disclosure for our Holiday Bug Extravaganza! Register as a researcher and submit your vulnerabilities today! Last Continue reading Wordfence Intelligence Weekly WordPress Vulnerability Report (November 27, 2023 to December 3, 2023)
WordPress 6.4.2 was released today, on December 6, 2023. It includes a patch for a POP chain introduced in version 6.4 that, combined with a separate Object Injection vulnerability, could result in a Critical-Severity vulnerability allowing attackers to execute arbitrary Continue reading PSA: Critical POP Chain Allowing Remote Code Execution Patched in WordPress 6.4.2
Wordfence just launched its bug bounty program. Through December 20th 2023, all researchers will earn 6.25x our normal bounty rates when Wordfence handles responsible disclosure for our Holiday Bug Extravaganza! Register as a researcher and submit your vulnerabilities today! On Continue reading Update ASAP! Critical Unauthenticated Arbitrary File Upload in MW WP Form Allows Malicious Code Execution
The Wordfence Threat Intelligence Team has recently been informed of a phishing campaign targeting WordPress users. The Phishing email claims to be from the WordPress team and warns of a Remote Code Execution vulnerability on the user’s site with an Continue reading PSA: Fake CVE-2023-45124 Phishing Scam Tricks Users Into Installing Backdoor Plugin
At Wordfence our mission is to Secure The Web. WordPress powers over 40% of the Web, and Wordfence secures over 4 million WordPress websites. Today we are announcing that for the next 20 days, Wordfence will be paying out some Continue reading Earn up to $10,000 for Vulnerabilities in WordPress Software – 6X Rewards in the Wordfence Holiday Bug Extravaganza!
Wordfence just launched its bug bounty program. For the first 6 months, all awarded bounties receive a 10% bonus. View the announcement to learn more now! Last week, there were 115 vulnerabilities disclosed in 87 WordPress Plugins and 1 WordPress Continue reading Wordfence Intelligence Weekly WordPress Vulnerability Report (November 20, 2023 to November 26, 2023)
Wordfence just launched its bug bounty program. For the first 6 months, all awarded bounties receive a 10% bonus. View the announcement to learn more now! Last week, there were 126 vulnerabilities disclosed in 102 WordPress Plugins and 2 WordPress Continue reading Wordfence Intelligence Weekly WordPress Vulnerability Report (November 13, 2023 to November 19, 2023)
On May 1, 2023, the Wordfence Threat Intelligence team began the responsible disclosure process for multiple high and critical severity vulnerabilities we discovered in Kirotech’s UserPro plugin, which is actively installed on more than 20,000 WordPress websites. Wordfence Premium, Wordfence Care, Continue reading Several Critical Vulnerabilities including Privilege Escalation, Authentication Bypass, and More Patched in UserPro WordPress Plugin
Wordfence just launched its bug bounty program. Over the next 6 months, all awarded bounties receive a 10% bonus. View the announcement to learn more now! Please note there was a minor error in the heading of the email, and this Continue reading Wordfence Intelligence Weekly WordPress Vulnerability Report (November 6, 2023 to November 12, 2023)
I’ve always created growth by focusing on free. It started back in 2003 when I launched WorkZoo in London. WorkZoo was a job search engine that ended up being one of Time Magazine’s top 50 websites of 2005. These days Continue reading Fostering Innovation in Web Security
Wordfence just launched its bug bounty program. Over the next 6 months, all awarded bounties receive a 10% bonus. View the announcement to learn more now! Last week, there were 79 vulnerabilities disclosed in 64 WordPress Plugins and no WordPress themes Continue reading Wordfence Intelligence Weekly WordPress Vulnerability Report (October 30, 2023 to November 5, 2023)
At Defiant Inc and Wordfence, our mission is to Secure the Web. A critical component of creating and maintaining a secure online community is the research that reveals vulnerabilities in software. Without this research, only malicious hackers would find vulnerabilities, Continue reading Wordfence Launches Bug Bounty Program to Fund WordPress Security Research and Showcase Researchers
Last week, there were 109 vulnerabilities disclosed in 102 WordPress Plugins and no WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 37 Vulnerability Researchers that contributed to WordPress Security last week. Review those Continue reading Wordfence Intelligence Weekly WordPress Vulnerability Report (October 23, 2023 to October 29, 2023)