Lucene search
+L

7 matches found

wordfence
wordfence
•added 2026/05/12 9:19 p.m.•12 views

1,000,000 WordPress Sites Affected by Arbitrary File Read and SQL Injection Vulnerabilities in Avada Builder WordPress Plugin

On March 21st, 2026, we received a submission for an Arbitrary File Read and an SQL Injection vulnerability in Avada Builder, a WordPress plugin with an estimated 1,000,000 active installations. The arbitrary file read vulnerability can be used by authenticated attackers, with subscriber-level...

7.5CVSS6.5AI score0.00511EPSS
Exploits1
wordfence
wordfence
•added 2025/06/18 9:1 p.m.•11 views

100,000 WordPress Sites Affected by Privilege Escalation via MCP in AI Engine WordPress Plugin

🌞Spring Into Summer Challenge: Critical Threats = Critical Rewards. 🌞 🔥 Now through August 4, 2025, earn 2X bounty rewards for all in-scope submissions from our ‘High Threat’ list in software with fewer than 5 million active installs. Submit bold. Earn big! 🔥 On May 21st, 2025, our Wordfence Thre...

8.8CVSS7.7AI score0.00617EPSS
Exploits0
wordfence
wordfence
•added 2025/06/04 5:5 p.m.•20 views

9,000 WordPress Sites Affected by Arbitrary File Upload and Deletion Vulnerabilities in WP User Frontend Pro WordPress Plugin

📢In case you missed it, Wordfence just published itsannual WordPress security report for 2024. Read it now to learn more about the evolving risk landscape of WordPress so you can keep your sites protected in 2025 and beyond. On March 24th, 2025, we received a submission for an Arbitrary File Uplo...

8.8CVSS7.8AI score0.00797EPSS
Exploits1
wordfence
wordfence
•added 2023/07/17 5:27 p.m.•34 views

Massive Targeted Exploit Campaign Against WooCommerce Payments Underway

The Wordfence Threat Intelligence team has been monitoring an ongoing exploit campaign targeting a recently disclosed vulnerability in WooCommerce Payments, a plugin installed on over 600,000 sites. Large-scale attacks against the vulnerability, assigned CVE-2023-28121, began on Thursday, July 14...

7.5CVSS7.3AI score0.86919EPSS
Exploits9
wordfence
wordfence
•added 2023/03/23 6:19 p.m.•20 views

PSA: Update Now! Critical Authentication Bypass in WooCommerce Payments Allows Site Takeover

This post has been updated with additional information that has become available since its publication The Wordfence Threat Intelligence team regularly monitors plugin updates and reviews any indicating that a potential security issue may have been addressed. Today, March 23, 2023, we noticed tha...

7.1AI score
Exploits0
wordfence
wordfence
•added 2022/07/13 5:52 p.m.•26 views

PSA: Sudden Increase In Attacks On Modern WPBakery Page Builder Addons Vulnerability

The Wordfence Threat Intelligence team has been monitoring a sudden increase in attack attempts targeting Kaswara Modern WPBakery Page Builder Addons. This ongoing campaign is attempting to take advantage of an arbitrary file upload vulnerability, tracked as CVE-2021-24284, which has been...

7.5CVSS9.8AI score0.4214EPSS
Exploits3
wordfence
wordfence
•added 2022/02/10 1:53 p.m.•37 views

Unauthenticated SQL Injection Vulnerability Patched in WordPress Statistics Plugin

On February 7, 2022, Security Researcher Cyku Hong from DEVCORE reported a vulnerability to us that they discovered in WP Statistics, a WordPress plugin installed on over 600,000 sites. This vulnerability made it possible for unauthenticated attackers to execute arbitrary SQL queries by appending...

4.3CVSS8.1AI score0.5346EPSS
Exploits3
Rows per page
Query Builder