Lucene search
K

11 matches found

Wordfence Blog
Wordfence Blog
added 2026/06/04 9:5 p.m.45 views

Quarterly WordPress Threat Intelligence Report – Q1 2026

As the leader in WordPress security, Wordfence provides unparalleled security coverage that fully encompasses protection, active monitoring, detection, and response all built around our threat intelligence, demonstrating a strong commitment to security. Our mission is to ensure comprehensive...

5.8AI score
Exploits0
Wordfence Blog
Wordfence Blog
added 2025/10/20 4:41 p.m.9 views

Malware Using Variable Functions and Cookies For Obfuscation

📢 Calling all Vulnerability Researchers and Bug Bounty Hunters!📢 🚀 Operation: Maximum Impact Challenge ! Now through November 10, 2025, earn 2X bounty rewards forall in-scope submissions in software with at least 5,000 active installs and fewer than 5 million active installs. Bounties up to $31,2...

8AI score
Exploits0
Wordfence Blog
Wordfence Blog
added 2023/07/12 1:7 p.m.34 views

Interesting Arbitrary File Upload Vulnerability Patched in User Registration WordPress Plugin

On June 19, 2023, the Wordfence Threat Intelligence team identified and began the responsible disclosure process for an Arbitrary File Upload vulnerability in WPEverest’s User Registration plugin, which is actively installed on more than 60,000 WordPress websites. This vulnerability makes it...

6.5CVSS7.6AI score0.01454EPSS
Exploits2
Wordfence Blog
Wordfence Blog
added 2023/07/06 4:37 p.m.19 views

Open-Source Projects Use the Wordfence Vulnerability Data Feed API and You Can Too!

Prior to joining the Wordfence Threat Intelligence team, I spent several years as a vulnerability analyst, responsible for collecting, analyzing, and curating every publicly disclosed vulnerability. This meant collecting vulnerability information from almost a hundred different, disparate sources...

7AI score
Exploits0
Wordfence Blog
Wordfence Blog
added 2023/04/12 1:54 p.m.31 views

Privilege Escalation Vulnerability Patched Promptly in WP Data Access WordPress Plugin

On April 5, 2023 the Wordfence Threat Intelligence team initiated the responsible disclosure process for a vulnerability we discovered in WP Data Access, a WordPress plugin that is installed on over 10,000 sites. This flaw makes it possible for an authenticated attacker to grant themselves...

8.6AI score0.02726EPSS
Exploits3
0day.today
0day.today
added 2023/02/03 12:0 a.m.311 views

WordPress Quick Restaurant 2.0.2 XSS / CSRF / IDOR / Missing Authorization Vulnerabilities

On January 16, 2023, the Wordfence Threat Intelligence team responsibly disclosed several vulnerabilities in Quick Restaurant Menu, a WordPress plugin that allows users to set up restaurant menus on their sites. This plugin is vulnerable to missing authorization, insecure direct object reference,...

7.6CVSS5.5AI score0.0065EPSS
Exploits1
Wordfence Blog
Wordfence Blog
added 2022/10/19 4:1 p.m.366 views

Two Weeks of Monitoring ProxyNotShell (CVE-2022-41040 & CVE-2022-41082) Threat Activity

The Wordfence Threat Intelligence team has been monitoring exploit attempts targeting two zero-day vulnerabilities in Microsoft Exchange Server tracked as CVE-2022-41040 and CVE-2022-41082, collectively known as ProxyNotShell. These vulnerabilities are actively being exploited in the wild. At the...

8.6AI score0.99964EPSS
Exploits16
0day.today
0day.today
added 2022/03/15 12:0 a.m.1064 views

WordPress Core 5.9.0 / 5.9.1 Cross Site Scripting Vulnerability

Contributor+ Stored Cross Site Scripting Vulnerability Description: Contributor+ Stored XSS Affected Versions: WordPress Core 5.9.0-5.9.1 CVE ID: Pending CVSS Score: 8.0 High CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H Fully Patched Version: 5.9.2 Researcher/s: Ben Bidner WordPress...

8.8CVSS8.8AI score0.04186EPSS
Exploits2
0day.today
0day.today
added 2022/01/19 12:0 a.m.334 views

WordPress Email Template Designer – WP HTML Mail 3.0.9 Cross Site Scripting Vulnerability

WordPress Email Template Designer – WP HTML Mail plugin versions 3.0.9 and below suffer from a cross site scripting vulnerability. Exploit makes it possible for unauthenticated attackers to achieve complete site takeover. On December 23, 2021 the Wordfence Threat Intelligence team initiated the...

8.3CVSS6.4AI score0.70511EPSS
Exploits3
Wordfence Blog
Wordfence Blog
added 2022/01/09 12:37 a.m.165 views

WordPress 5.8.3 Security Release

On January 6, 2022, the WordPress core team released WordPress version 5.8.3, which contains security patches for 4 high-severity vulnerabilities. These patches were backported to every version of WordPress since 3.7. WordPress has supported automatic core updates for security releases since...

6.5CVSS0.3AI score0.97795EPSS
Exploits15
Patchstack
Patchstack
added 2021/02/04 12:0 a.m.8 views

WordPress Contact Form 7 Style plugin <= 3.1.9 - Cross-Site Request Forgery (CSRF) leading to Stored Cross-Site Scripting (XSS) vulnerability

Cross-Site Request Forgery CSRF leading to Stored Cross-Site Scripting XSS vulnerability found by Wordfence Threat Intelligence team in WordPress Contact Form 7 Style plugin versions = 3.1.9. Solution 2021-02-05 - We were unable to find a fixed version of this plugin. WordPress.org notice: "This...

1.7AI score
Exploits0References2Affected Software1
Rows per page
Query Builder