Wordfence Intelligence Weekly WordPress Vulnerability Report (March 9, 2026 to March 15, 2026)

Last week, there were 116 vulnerabilities disclosed in 78 WordPress Plugins and 19 WordPress Themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 66 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities...

Gaming Clans Become Growth Engine for Playnance Ecosystem

Playnance partners with KGeN, connecting its Web3 gaming ecosystem to 53M gamers and 30K clans through community-driven platforms...

30,000 WordPress Sites Affected by Authentication Bypass Vulnerability in Tutor LMS Pro WordPress Plugin

On December 30th, 2025, we received a submission for an Authentication Bypass vulnerability in Tutor LMS Pro, a WordPress plugin estimated to have more than 30,000 active installations. The vulnerability makes it possible for an unauthenticated attacker to gain access to any account on a site...

GHSA-7RGV-GQHR-FXG3 xgrammar vulnerable to DoS via multi-layer nesting

Summary The multi-level nested syntax caused a segmentation fault core dump. Details A trigger stack overflow or memory exhaustion was caused by constructing a malicious grammar rule containing 30,000 layers of nested parentheses. PoC !/usr/bin/env python3 """ XGrammar - Math Expression Generatio...

Efficient Jailbreak Mitigation Using Semantic Linear Classification in a Multi-Staged Pipeline

Prompt injection and jailbreaking attacks pose persistent security challenges to large language model LLM-based systems. We present an efficient and systematically evaluated defense architecture that mitigates these threats through a lightweight, multi-stage pipeline. Its core component is a...

Deepfake Geography: Detecting AI-Generated Satellite Images

The rapid advancement of generative models such as StyleGAN2 and Stable Diffusion poses a growing threat to the authenticity of satellite imagery, which is increasingly vital for reliable analysis and decision-making across scientific and security domains. While deepfake detection has been...

Detour Dog’s DNS Hijacking Infects 30,000 Websites with Strela Stealer

Infoblox reveals how the Detour Dog group used server-side DNS to compromise 30,000+ sites across 89 countries, installing the stealthy Strela Stealer malware...

CVE-2025-30011

creationtimestamp| type| source ---|---|--- 2025-05-13 03:12:12+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lozjaavm7s2w 2025-05-13 05:30:32+00:00| seen| https://t.me/cvedetector/25157...

X-Teaming: Multi-Turn Jailbreaks and Defenses with Adaptive Multi-Agents

Multi-turn interactions with language models LMs pose critical safety risks, as harmful intent can be strategically spread across exchanges. Yet, the vast majority of prior work has focused on single-turn safety, while adaptability and diversity remain among the key challenges of multi-turn...

CVE-2022-30153

creationtimestamp| type| source ---|---|--- 2022-06-16 02:26:58+00:00| seen| https://t.me/cibsecurity/44592...