Lucene search
K

7 matches found

Wordfence Blog
Wordfence Blog
added 2024/08/12 2:43 p.m.45 views

5,000 WordPress Sites Affected by Unauthenticated Remote Code Execution Vulnerability in JS Help Desk WordPress Plugin

📢 Did you know Wordfence runs a Bug Bounty Program for all WordPress plugin and themes at no cost to vendors? Researchers can earn up to $10,400, for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find a vulnerability, submit the details directly to us, and we handle all the...

9.8CVSS9.4AI score0.37899EPSS
Exploits0
Wordfence Blog
Wordfence Blog
added 2024/04/01 3:3 p.m.24 views

Unauthenticated Stored Cross-Site Scripting Vulnerability Patched in WP-Members Membership Plugin – $500 Bounty Awarded

Did you know were running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! On February 21st, 2024, during our second Bug Bounty Extravaganza, ...

6.4CVSS6.2AI score0.00675EPSS
Exploits0
Wordfence Blog
Wordfence Blog
added 2024/02/28 3:38 p.m.45 views

$2,751 Bounty Awarded for Arbitrary File Upload Vulnerability Patched in Avada WordPress Theme

🎉 Did you know were running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through February 29th, 2024 when you opt to have Wordfence handle responsible disclosure! On February 6th, 2024, during our second Bug Bounty...

6.5CVSS8AI score0.01161EPSS
Exploits0
0day.today
0day.today
added 2023/09/11 12:0 a.m.317 views

WordPress Slimstat Analytics 5.0.9 Cross Site Scripting / SQL Injection Vulnerabilities

Vulnerability Summary from Wordfence Intelligence Description: Slimstat Analytics = 5.0.9 – Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Affected Plugin: Slimstat Analytics Plugin Slug: wp-slimstat Affected Versions: = 5.0.9 CVE ID: CVE-2023-4597 CVSS Score: 6.4 Medium CVS...

8.8CVSS6.7AI score0.00916EPSS
Exploits4
0day.today
0day.today
added 2023/02/03 12:0 a.m.311 views

WordPress Quick Restaurant 2.0.2 XSS / CSRF / IDOR / Missing Authorization Vulnerabilities

On January 16, 2023, the Wordfence Threat Intelligence team responsibly disclosed several vulnerabilities in Quick Restaurant Menu, a WordPress plugin that allows users to set up restaurant menus on their sites. This plugin is vulnerable to missing authorization, insecure direct object reference,...

7.6CVSS5.5AI score0.0065EPSS
Exploits1
Packet Storm
Packet Storm
added 2022/08/31 12:0 a.m.828 views

WordPress Core Cross Site Scripting / SQL Injection

Description: SQL Injection via Links LIMIT clause Affected Versions: WordPress Core 6.0.2 Researcher: FVD CVE ID: Pending CVSS Score: 8.0 High CVSS Vector:CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H Fully Patched Version: 6.0.2 The WordPress Link functionality, previously known as “Bookmarks”, i...

0.3AI score
Exploits0
Wordfence Blog
Wordfence Blog
added 2022/03/11 4:0 p.m.72 views

WordPress 5.9.2 Security Update Fixes XSS and Prototype Pollution Vulnerabilities

Last night, just after 6pm Pacific time, on Thursday March 10, 2022, the WordPress core team released WordPress version 5.9.2, which contains security patches for a high-severity vulnerability as well as two medium-severity issues. The high-severity issue affects version 5.9.0 and 5.9.1 and allow...

6.5CVSS0.3AI score0.04186EPSS
Exploits2
Rows per page
Query Builder