Last week, there were 92 vulnerabilities disclosed in 88 WordPress Plugins and no WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 37 Vulnerability Researchers that contributed to WordPress Security last week. Review those Continue reading Wordfence Intelligence Weekly WordPress Vulnerability Report (October 2, 2023 to October 8, 2023)
Last week, there were 90 vulnerabilities disclosed in 68 WordPress Plugins and no WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 31 Vulnerability Researchers that contributed to WordPress Security last week. Review those Continue reading Wordfence Intelligence Weekly WordPress Vulnerability Report (September 25, 2023 to October 1, 2023)
Last week, there were 42 vulnerabilities disclosed in 37 WordPress Plugins and no WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 10 Vulnerability Researchers that contributed to WordPress Security last week. Review those Continue reading Wordfence Intelligence Weekly WordPress Vulnerability Report (September 18, 2023 to September 24, 2023)
Last week, there were 55 vulnerabilities disclosed in 46 WordPress Plugins and no WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 15 Vulnerability Researchers that contributed to WordPress Security last week. Review those Continue reading Wordfence Intelligence Weekly WordPress Vulnerability Report (September 11, 2023 to September 17, 2023)
Last week, there were 107 vulnerabilities disclosed in 89 WordPress Plugins and 5 WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 36 Vulnerability Researchers that contributed to WordPress Security last week. Review those Continue reading Wordfence Intelligence Weekly WordPress Vulnerability Report (September 4, 2023 to September 10, 2023)
Last week, there were 64 vulnerabilities disclosed in 61 WordPress Plugins and 2 WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 32 Vulnerability Researchers that contributed to WordPress Security last week. Review those Continue reading Wordfence Intelligence Weekly WordPress Vulnerability Report (August 28, 2023 to September 3, 2023)
Last week, there were 43 vulnerabilities disclosed in 38 WordPress Plugins and no WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 23 Vulnerability Researchers that contributed to WordPress Security last week. Review those Continue reading Wordfence Intelligence Weekly WordPress Vulnerability Report (August 21, 2023 to August 27, 2023)
We’re incredibly excited to announce that we have launched a webhook integration for vulnerabilities as part of Wordfence Intelligence, which enables users to stay on top of the latest vulnerabilities being added to the Wordfence Intelligence WordPress Vulnerability database, all Continue reading Introducing Free Wordfence Intelligence WordPress Vulnerability Webhook Notifications!
Last week, there were 64 vulnerabilities disclosed in 67 WordPress Plugins and 10 WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 37 Vulnerability Researchers that contributed to WordPress Security last week. Review those Continue reading Wordfence Intelligence Weekly WordPress Vulnerability Report (August 14, 2023 to August 20, 2023)
Earlier today, we warned our customers about unfixed vulnerabilities in a WordPress plugin named Posts Like Dislike. We ran across those vulnerabilities as at least one of our customers was using the plugin and the changelog for the latest version Continue reading Wordfence Intelligence (and Possibly WordPress) Mishandled Unfixed Vulnerabilities in WordPress Plugin
Last week, there were 86 vulnerabilities disclosed in 68 WordPress Plugins and 3 WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 36 Vulnerability Researchers that contributed to WordPress Security last week. Review those Continue reading Wordfence Intelligence Weekly WordPress Vulnerability Report (August 7, 2023 to August 13, 2023)
In the first 6 months of 2023, our team has already added 2,471[1] individual vulnerability records to the Wordfence Intelligence WordPress Vulnerability Database. These vulnerabilities affected 1,680[2] WordPress software components. This means we have already surpassed the total number of Continue reading Demystifying the WordPress Vulnerability Landscape: 2023 Mid-Year Wordfence Intelligence WordPress Vulnerability Review Leveraging ChatGPT
Last week, there were 64 vulnerabilities disclosed in 66 WordPress Plugins and 3 WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 32 Vulnerability Researchers that contributed to WordPress Security last week. Review those Continue reading Wordfence Intelligence Weekly WordPress Vulnerability Report (July 24, 2023 to July 30, 2023)
Last week, there were 62 vulnerabilities disclosed in 1035 WordPress Plugins and 90 WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 36 Vulnerability Researchers that contributed to WordPress Security last week. Review those Continue reading Wordfence Intelligence Weekly WordPress Vulnerability Report (July 17, 2023 to July 23, 2023)
Note: We accidentally sent out an email for this report with last weeks subject line. Due to the subject line not being very different week to week for this report, we opted to just leave it as is and not Continue reading Wordfence Intelligence Weekly WordPress Vulnerability Report (July 10, 2023 to July 16, 2023)
“Never Assume Anything” – that is the 4th Guiding Principle written in the Security section of the WordPress Common APIs Handbook for developers. When it comes to WordPress plugin security, assumptions can be dangerous. This became evident when the Wordfence Continue reading “Never Assume Anything” – Unauthenticated Stored Cross-Site Scripting Vulnerability Exposed in 14 Email Logging Plugins
The Wordfence Threat Intelligence team has been monitoring an ongoing exploit campaign targeting a recently disclosed vulnerability in WooCommerce Payments, a plugin installed on over 600,000 sites. Large-scale attacks against the vulnerability, assigned CVE-2023-28121, began on Thursday, July 14, 2023 Continue reading Massive Targeted Exploit Campaign Against WooCommerce Payments Underway
Last week, there were 61 vulnerabilities disclosed in 54 WordPress Plugins and 1 WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 28 Vulnerability Researchers that contributed to WordPress Security last week. Review those Continue reading Wordfence Intelligence Weekly WordPress Vulnerability Report (July 3, 2023 to July 9, 2023)
Prior to joining the Wordfence Threat Intelligence team, I spent several years as a vulnerability analyst, responsible for collecting, analyzing, and curating every publicly disclosed vulnerability. This meant collecting vulnerability information from almost a hundred different, disparate sources. As you Continue reading Open-Source Projects Use the Wordfence Vulnerability Data Feed API and You Can Too!
Last week, there were 66 vulnerabilities disclosed in 56 WordPress Plugins and 1 WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 34 Vulnerability Researchers that contributed to WordPress Security last week. Review those Continue reading Wordfence Intelligence Weekly WordPress Vulnerability Report (June 26, 2023 to July 2, 2023)