CVE-2022-3144

The Wordfence Security – Firewall & Malware Scan plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 7.6.0 via a setting on the options page due to insufficient escaping on the stored value. This makes it possible for authenticated users, with...

Wordfence WooCommerce 2FA: Set Up This New Feature To Protect Your Customers

On February 15, we made the exciting announcement that the latest release of Wordfence, version 7.9.0, includes a new feature: WooCommerce 2FA two-factor authentication for customer level users. What does this mean for you as an e-commerce store operator? And how can you start using this feature?...

CVE-2022-3144

The Wordfence Security – Firewall & Malware Scan plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 7.6.0 via a setting on the options page due to insufficient escaping on the stored value. This makes it possible for authenticated users, with...

CVE-2022-3144

The Wordfence Security – Firewall & Malware Scan plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 7.6.0 via a setting on the options page due to insufficient escaping on the stored value. This makes it possible for authenticated users, with...

PT-2022-20738 · WordPress · Wordfence Security – Firewall & Malware Scan

Name of the Vulnerable Software and Affected Versions: Wordfence Security – Firewall & Malware Scan plugin for WordPress versions up to and including 7.6.0 Description: The issue allows authenticated users with administrative privileges to inject malicious web scripts into a setting on the option...

Wordpress plugin wordfence local file leak vulnerability

WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. A local file disclosure vulnerability exists in Wordpress plugin wordfence. An attacker can exploit the vulnerability to obta...

WordPress Plugin Wordfence.7.4.5 - Local File Disclosure

Tile: Wordpress Plugin wordfence.7.4.5 - Local File Disclosure Author: mehran feizi Category: webapps Date: 2020-02-12 vendor home page: https://wordpress.org/plugins/wordfence/ ============================================================================== Vulnerable Source: 5662: readfile...

WordPress Wordfence 7.4.5 Local File Disclosure

Tile: Wordpress Plugin wordfence.7.4.5 - Local File Disclosure - Author: mehran feizi - Category: webapps - Date: 2020.02.12 - vendor home page: https://wordpress.org/plugins/wordfence/ ============================================================================== Vulnerable Source: 5662:...

CVE-2019-9669

The Wordfence plugin 7.2.3 for WordPress allows XSS via a unique attack vector. NOTE: It has been asserted that this is not a valid vulnerability in the context of the Wordfence WordPress plugin as the firewall rules are not maintained as part of the Wordfence software but rather it is a set of...

CVE-2019-9669

The Wordfence plugin 7.2.3 for WordPress allows XSS via a unique attack vector. NOTE: It has been asserted that this is not a valid vulnerability in the context of the Wordfence WordPress plugin as the firewall rules are not maintained as part of the Wordfence software but rather it is a set of...

PT-2019-19788 · Wordfence · Wordfence

Name of the Vulnerable Software and Affected Versions: Wordfence plugin version 7.2.3 Description: The issue concerns a potential XSS attack vector in the Wordfence plugin for WordPress. However, it has been noted that this may not be considered a valid vulnerability within the context of the...

Wordpress plugin Wordfence 403.php page cross-site scripting vulnerability

WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in the Wordpress plugin Wordfence 403.php page, which can be exploited by an...

Wordpress plugin Wordfence 503.php page cross-site scripting vulnerability

WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in the Wordpress plugin Wordfence 503.php page, which can be exploited by an...

Wordpress plugin Wordfence username bypass vulnerability

WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. A username bypass vulnerability exists in Wordpress plugin Wordfence, which can be exploited by an attacker to obtain usernam...

WordPress Wordfence Plugin <= 5.2.3 - Bypass

This plugin is prone to banned IP functionality bypass vulnerability. Unlogged requests won't trigger automatic throttling and banning. Solution Update plugin...

WordPress Wordfence Plugin <= 3.8.6 - Stored XSS

This plugin is prone to lib/IPTraf.php User-Agent header stored cross site scripting vulnerability. Solution Update plugin...