WordPress Security – Page 2

$937 Bounty Awarded for Privilege Escalation and Local File Inclusion Vulnerabilities Patched in MasterStudy LMS WordPress Plugin

Posted on 9 April 2024 by

🎉 Did you know we’re running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! On February Continue reading $937 Bounty Awarded for Privilege Escalation and Local File Inclusion Vulnerabilities Patched in MasterStudy LMS WordPress Plugin→

$657 Bounty Awarded for Arbitrary File Upload Patched in WEmanage App Worker WordPress Plugin

Posted on 5 April 2024 by

On February 1st, 2024, during our Bug Bounty Extravaganza, we received a submission for an Arbitrary File Upload vulnerability in Management App for WooCommerce, a WordPress plugin with 1,000+ active installations. This vulnerability makes it possible for authenticated users such Continue reading $657 Bounty Awarded for Arbitrary File Upload Patched in WEmanage App Worker WordPress Plugin→

Wordfence Intelligence Weekly WordPress Vulnerability Report (March 25, 2024 to March 31, 2024)

Posted on 4 April 2024 by

Did you know we’re running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there were Continue reading Wordfence Intelligence Weekly WordPress Vulnerability Report (March 25, 2024 to March 31, 2024)→

Announcing WPBeginner Pro Services: Custom WordPress Site Design, Maintenance & More at Affordable Prices

Posted on 4 April 2024 by

Have you ever built a WordPress site on your own, only to find it lacks a professional touch? Ever wished there was a way to hire real WordPress experts for custom WordPress tasks without breaking the bank? If you’re like Continue reading Announcing WPBeginner Pro Services: Custom WordPress Site Design, Maintenance & More at Affordable Prices→

WordPress Vulnerability Report — April 3, 2024

Posted on 3 April 2024 by

In this report, 255 vulnerabilities have been publicly disclosed. Security patches for 178 of these plugins and themes are available now, so run those updates as soon as possible. If you’re a Solid Security Pro user, the version management tool Continue reading WordPress Vulnerability Report — April 3, 2024→

Magento Shoplift: Ecommerce Malware Targets Both WordPress & Magento CMS

Posted on 2 April 2024 by

We often write about malware that steals payment information from sites built with Magento and other types of e-commerce CMS. However, WordPress has become a massive player in ecommerce as well, thanks to the adoption of Woocommerce and other plugins Continue reading Magento Shoplift: Ecommerce Malware Targets Both WordPress & Magento CMS→

$5,500 Bounty Awarded for Unauthenticated SQL Injection Vulnerability Patched in LayerSlider WordPress Plugin

Posted on 2 April 2024 by

On March 25th, 2024, during our second Bug Bounty Extravaganza, we received a submission for an unauthenticated SQL Injection vulnerability in LayerSlider, a WordPress plugin with more than 1,000,000 estimated active installations. This vulnerability can be leveraged to extract sensitive Continue reading $5,500 Bounty Awarded for Unauthenticated SQL Injection Vulnerability Patched in LayerSlider WordPress Plugin→

Unauthenticated Stored Cross-Site Scripting Vulnerability Patched in WP-Members Membership Plugin – $500 Bounty Awarded

Posted on 1 April 2024 by

Did you know we’re running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! On February 21st, Continue reading Unauthenticated Stored Cross-Site Scripting Vulnerability Patched in WP-Members Membership Plugin – $500 Bounty Awarded→

Wordfence Intelligence Weekly WordPress Vulnerability Report (March 18, 2024 to March 24, 2024)

Posted on 28 March 2024 by

WordPress Vulnerability Report — March 27, 2024

Posted on 27 March 2024 by

In this report, 209 vulnerabilities have been publicly disclosed. Security patches for 190 of these plugins and themes are available now, so run those updates as soon as possible. If you’re a Solid Security Pro user, the version management tool Continue reading WordPress Vulnerability Report — March 27, 2024→

WordPress Vulnerability & Patch Roundup March 2024

Posted on 25 March 2024 by

Vulnerability reports and responsible disclosures are essential for website security awareness and education. Automated attacks targeting known software vulnerabilities are one of the leading causes of website compromises. To help educate website owners about potential threats to their environments, we’ve Continue reading WordPress Vulnerability & Patch Roundup March 2024→

Solid Security Improves Users’ Ability to Protect Sites from Malicious Activities

Posted on 22 March 2024 by

NEW update to Solid Security – Basic 9.3.2 and Pro 8.4.1 This release takes a much more forceful approach to helping users understand and avoid insecure configurations of the IP detection method used by Solid Security to protect sites from Continue reading Solid Security Improves Users’ Ability to Protect Sites from Malicious Activities→

Wordfence Intelligence Weekly WordPress Vulnerability Report (March 11, 2024 to March 17, 2024)

Posted on 21 March 2024 by

Sign1 Malware: Analysis, Campaign History & Indicators of Compromise

Posted on 20 March 2024 by

A new client recently came to us reporting seemingly random pop ups occurring on their website. While it was clear that there was something amiss with the website it was difficult to reproduce the issue. However, by inspecting our server Continue reading Sign1 Malware: Analysis, Campaign History & Indicators of Compromise→

WordPress Vulnerability Report — March 20, 2024

Posted on 20 March 2024 by

In this report, 201 vulnerabilities have been publicly disclosed. Security patches for 185 of these plugins and themes are available now, so run those updates as soon as possible. If you’re a Solid Security Pro user, the version management tool Continue reading WordPress Vulnerability Report — March 20, 2024→

$601 Bounty Awarded for Interesting Cross-Site Request Forgery to Local JS File Inclusion Vulnerability Patched in File Manager WordPress Plugin

Posted on 20 March 2024 by

🎉 Did you know we’re running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! On February Continue reading $601 Bounty Awarded for Interesting Cross-Site Request Forgery to Local JS File Inclusion Vulnerability Patched in File Manager WordPress Plugin→

SQL Injection Vulnerability Patched in Tutor LMS WordPress Plugin

Posted on 19 March 2024 by

Did you know we’re running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! On February 15th, Continue reading SQL Injection Vulnerability Patched in Tutor LMS WordPress Plugin→

Too Much Escaping Backfires, Allows Shortcode-Based XSS Vulnerability in Contact Form Entries WordPress Plugin

Posted on 18 March 2024 by

🎉 Did you know we’re running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! On February Continue reading Too Much Escaping Backfires, Allows Shortcode-Based XSS Vulnerability in Contact Form Entries WordPress Plugin→

Record Breaking $153,000+ Already Invested into the Security of the WordPress Ecosystem by Wordfence – More to Come!

Posted on 15 March 2024 by

Did you know we’re running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! In just a Continue reading Record Breaking $153,000+ Already Invested into the Security of the WordPress Ecosystem by Wordfence – More to Come!→

$1,313 Bounty Awarded for Privilege Escalation Vulnerability Patched in RegistrationMagic WordPress Plugin

Posted on 14 March 2024 by

🎉 Did you know we’re running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! On February Continue reading $1,313 Bounty Awarded for Privilege Escalation Vulnerability Patched in RegistrationMagic WordPress Plugin→