Did you know we’re running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there were Continue reading Wordfence Intelligence Weekly WordPress Vulnerability Report (March 4, 2024 to March 10, 2024)
In this report, 70 vulnerabilities have been publicly disclosed. Security patches for 57 of these plugins and themes are available now, so run those updates as soon as possible. If you’re a Solid Security Pro user, the version management tool Continue reading WordPress Vulnerability Report — March 13, 2024
🎉 Did you know we’re running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! On March Continue reading Critical Vulnerability Remains Unpatched in Two Permanently Closed MiniOrange WordPress Plugins – $1,250 Bounty Awarded
On February 28th, 2024, during our second Bug Bounty Extravaganza, we received a submission for an unauthenticated stored Cross-Site Scripting (XSS) vulnerability in Ultimate Member, a WordPress plugin with more than 200,000+ active installations. This vulnerability can be leveraged to Continue reading Unauthenticated Stored XSS Vulnerability Patched in Ultimate Member WordPress Plugin
In January, my colleague reported about a new Balada Injector campaign found exploiting a recent vulnerability in the widely-used Popup Builder WordPress plugin which was initially disclosed back in November, 2023 by Marc Montpas. In the past three weeks, we’ve Continue reading New Malware Campaign Found Exploiting Stored XSS in Popup Builder < 4.2.3
window[“a50e9594_6e2b_4554_b43f_45326e2514b2”] = {“blockId”:”a50e9594-6e2b-4554-b43f-45326e2514b2″,”className”:””,”isOpen”:true}; ShareTweetSharePostSharePin It!
Did you know we’re running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there Continue reading Wordfence Intelligence Weekly WordPress Vulnerability Report (February 26, 2024 to March 3, 2024)
In this report, 126 vulnerabilities have been publicly disclosed. Security patches for 77 of these plugins and themes are available now, so run those updates as soon as possible. If you’re a Solid Security Pro user, the version management tool Continue reading WordPress Vulnerability Report — March 6, 2024
Two weeks ago we discussed a new development in website hacks: Web3 crypto wallet drainers. We’ve been closely following the most significant variant which injects drainers using the external cachingjs/turboturbo.js script. Our SiteCheck website scanner has already detected this version Continue reading From Web3 Drainer to Distributed WordPress Brute Force Attack
SocGholish malware, otherwise known as “fake browser updates”, is one of the most common types of malware infections that we see on hacked websites. This long-standing malware campaign leverages a JavaScript malware framework that has been in use since at Continue reading New Wave of SocGholish Infections Impersonates WordPress Plugins
Did you know we’re running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there Continue reading Wordfence Intelligence Weekly WordPress Vulnerability Report (February 19, 2024 to February 25, 2024)
In this report, 73 vulnerabilities have been publicly disclosed. Security patches for 48 of these plugins and themes are available now, so run those updates as soon as possible. If you’re a Solid Security Pro user, the version management tool Continue reading WordPress Vulnerability Report — February 28, 2024
Spring into action and kick-start your spring cleaning with a tech twist! We’re excited to announce the extension of our Bug Bounty Extravaganza through Memorial Day, May 27th, 2024. Now, you have a golden opportunity to earn up to $10,000 Continue reading Spring into Action! Earn up to $10,000 with our Extended Bug Bounty Program Extravaganza through Memorial Day!
🎉 Did you know we’re running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through February 29th, 2024 when you opt to have Wordfence handle responsible disclosure! On February Continue reading $2,751 Bounty Awarded for Arbitrary File Upload Vulnerability Patched in Avada WordPress Theme
🎉 Did you know we’re running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through February 29th, 2024 when you opt to have Wordfence handle responsible disclosure! On January Continue reading $2,063 Bounty Awarded for Unauthenticated SQL Injection Vulnerability Patched in Ultimate Member WordPress Plugin
Did you know we’re running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through February 29th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there Continue reading Wordfence Intelligence Weekly WordPress Vulnerability Report (February 12, 2024 to February 18, 2024)
Did you know we’re running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through February 29th, 2024 when you opt to have Wordfence handle responsible disclosure! On February 14th, Continue reading $1,313 Bounty Awarded for Privilege Escalation Vulnerability Patched in Academy LMS WordPress Plugin
In this report, 96 vulnerabilities have been publicly disclosed. Security patches for 76 of these plugins and themes are available now, so run those updates as soon as possible. If you’re a Solid Security Pro user, the version management tool Continue reading WordPress Vulnerability Report — February 21, 2024
🎉 Did you know we’re running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through February 29th, 2024 when you opt to have Wordfence handle responsible disclosure! On February Continue reading SQL Injection Vulnerability Patched in RSS Aggregator by Feedzy WordPress Plugin
Did you know we’re running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through February 29th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there Continue reading Wordfence Intelligence Weekly WordPress Vulnerability Report (February 5, 2024 to February 11, 2024)