Lucene search
K
WordfenceMost viewed

522 matches found

Wordfence Blog
Wordfence Blog
added 2023/10/12 9:58 p.m.48 views

WordPress 6.3.2 Security Release – What You Need to Know

WordPress Core 6.3.2 was released today, on October 12, 2023. It includes a number of security fixes and additional hardening against commonly exploited vulnerabilities. While all of the vulnerabilities are of Medium severity, several of them are impactful enough to potentially allow site takeove...

8.1AI score
Exploits0
Wordfence Blog
Wordfence Blog
added 2025/03/03 6:13 p.m.47 views

Enhancing the Wordfence Bug Bounty Program: New Incentives & a Stronger Focus on High-Impact Research

Last year was a year of growth and refinement for the Wordfence Threat Intelligence team. In December of 2023, we launched our Bug Bounty Program, rewarding security researchers for identifying and reporting in-scope vulnerabilities to further our mission of Securing the Web while contributing to...

7.3AI score
Exploits0
Wordfence Blog
Wordfence Blog
added 2024/08/12 2:43 p.m.47 views

5,000 WordPress Sites Affected by Unauthenticated Remote Code Execution Vulnerability in JS Help Desk WordPress Plugin

📢 Did you know Wordfence runs a Bug Bounty Program for all WordPress plugin and themes at no cost to vendors? Researchers can earn up to $10,400, for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find a vulnerability, submit the details directly to us, and we handle all the...

9.8CVSS9.4AI score0.37899EPSS
Exploits0
Wordfence Blog
Wordfence Blog
added 2022/02/22 2:1 p.m.47 views

Reflected XSS in Header Footer Code Manager

On February 15, 2022, the Wordfence Threat Intelligence team responsibly disclosed a reflected Cross-Site Scripting XSS vulnerability in Header Footer Code Manager, a WordPress plugin with over 300,000 installations. The plugin publisher quickly acknowledged our initial contact and we sent the fu...

4.3CVSS6.1AI score0.02379EPSS
Exploits2
Wordfence Blog
Wordfence Blog
added 2024/04/10 5:2 p.m.46 views

Unauthenticated Stored Cross-Site Scripting Vulnerability Patched in WordPress Core

WordPress 6.5.2 was released yesterday, on April 9, 2024. It included a single security patch, along with a handful of bug fixes. The security patch was for a Stored Cross-Site Scripting vulnerability that could be exploited by both unauthenticated users, when a comment block is present on a page...

6.4CVSS5.8AI score0.70822EPSS
Exploits4
Wordfence Blog
Wordfence Blog
added 2024/02/28 3:38 p.m.45 views

$2,751 Bounty Awarded for Arbitrary File Upload Vulnerability Patched in Avada WordPress Theme

🎉 Did you know were running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through February 29th, 2024 when you opt to have Wordfence handle responsible disclosure! On February 6th, 2024, during our second Bug Bounty...

6.5CVSS8AI score0.01161EPSS
Exploits0
Wordfence Blog
Wordfence Blog
added 2023/04/19 6:21 p.m.45 views

Blubrry Addresses Authenticated Stored XSS Vulnerability in PowerPress WordPress Plugin

On April 5, 2023, our Wordfence Threat Intelligence team identified and began the responsible disclosure process for a stored Cross-Site Scripting XSS vulnerability in Blubrry’s PowerPress plugin, which is actively installed on more than 50,000 WordPress websites. The vulnerability enables threat...

8.9AI score0.00529EPSS
Exploits1
Wordfence Blog
Wordfence Blog
added 2022/02/24 4:4 p.m.45 views

Stored Cross-Site Scripting Vulnerability Patched in a WordPress Photo Gallery Plugin

On November 11, 2021 the Wordfence Threat Intelligence team initiated the responsible disclosure process for a vulnerability we discovered in “Photoswipe Masonry Gallery”, a WordPress plugin that is installed on over 10,000 sites. This flaw makes it possible for an authenticated attacker to injec...

3.5CVSS5.3AI score0.04336EPSS
Exploits3
Wordfence Blog
Wordfence Blog
added 2024/08/01 2:18 p.m.44 views

Wordfence Intelligence Weekly WordPress Vulnerability Report (July 22, 2024 to July 28, 2024)

Did you know Wordfence runs a Bug Bounty Program for all WordPress plugin and themes at no cost to vendors? Researchers can earn up to $10,400, for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find a vulnerability, submit the details directly to us, and we handle all the rest...

9.8CVSS8.7AI score0.04826EPSS
Exploits6
Wordfence Blog
Wordfence Blog
added 2023/11/21 7:26 p.m.44 views

Several Critical Vulnerabilities including Privilege Escalation, Authentication Bypass, and More Patched in UserPro WordPress Plugin

On May 1, 2023, the Wordfence Threat Intelligence team began the responsible disclosure process for multiple high and critical severity vulnerabilities we discovered in Kirotech’s UserPro plugin, which is actively installed on more than 20,000 WordPress websites. Wordfence Premium, Wordfence Care...

7.5CVSS9.3AI score0.06801EPSS
Exploits4
Wordfence Blog
Wordfence Blog
added 2025/03/13 2:48 p.m.43 views

Wordfence Intelligence Weekly WordPress Vulnerability Report (March 3, 2025 to March 9, 2025)

Did you know Wordfence runs aBug Bounty Program for all WordPress plugins and themes at no cost to vendors? Researchers can earn up to $31,200 per vulnerability , for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find a vulnerability, submit the details directly to us, and we...

5.1CVSS9.7AI score0.31127EPSS
Exploits16
Wordfence Blog
Wordfence Blog
added 2024/01/30 4:7 p.m.43 views

$1,275 Bounty Awarded For Arbitrary File Deletion Vulnerability Patched in MW WP Form WordPress Plugin

Did you know were running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through February 29th, 2024 when you opt to have Wordfence handle responsible disclosure! On December 5th, 2023, shortly after the launch of our Holiday...

7.5CVSS7.9AI score0.01313EPSS
Exploits0
Wordfence Blog
Wordfence Blog
added 2023/08/01 2:50 p.m.43 views

WebToffee Addresses Authentication Bypass Vulnerability in Stripe Payment Plugin for WooCommerce WordPress Plugin

On June 8, 2023, our Wordfence Threat Intelligence team identified and began the responsible disclosure process for an Authentication Bypass vulnerability in WebToffee’s Stripe Payment Plugin for WooCommerce plugin, which is actively installed on more than 10,000 WordPress websites. This...

7.6AI score0.00966EPSS
Exploits2
Wordfence Blog
Wordfence Blog
added 2021/11/17 3:4 p.m.43 views

WooCommerce Extension – Reflected XSS Vulnerability

Note: To receive disclosures like this in your inbox the moment they’re published, you can subscribe to our WordPress Security Mailing List. On November 1, 2021 the Wordfence Threat Intelligence team initiated the responsible disclosure process for a vulnerability we discovered in “Preview E-mail...

4.3CVSS6.1AI score0.01131EPSS
Exploits3
Wordfence Blog
Wordfence Blog
added 2024/02/29 5:9 p.m.42 views

Wordfence Intelligence Weekly WordPress Vulnerability Report (February 19, 2024 to February 25, 2024)

Did you know were running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there were 83 vulnerabilities disclosed in 57 WordPress...

7.5CVSS9.6AI score0.89431EPSS
Exploits25
Wordfence Blog
Wordfence Blog
added 2024/01/10 4:1 p.m.42 views

Type Juggling Leads to Two Vulnerabilities in POST SMTP Mailer WordPress Plugin

On December 14th, 2023, during our Bug Bounty Program Holiday Bug Extravaganza, we received a submission for an Authorization Bypass vulnerability in POST SMTP Mailer, a WordPress plugin with over 300,000+ active installations. This vulnerability makes it possible for unauthenticated threat actor...

7.5CVSS7.3AI score0.90339EPSS
Exploits7
Wordfence Blog
Wordfence Blog
added 2023/05/17 4:33 p.m.42 views

PSA: Attackers Actively Exploiting Critical Vulnerability in Essential Addons for Elementor

On May 11 2023, Essential Addons for Elementor, a WordPress plugin with over one million active installations, released a patch for a critical vulnerability that made it possible for any unauthenticated user to reset arbitrary user passwords, including user accounts with administrative-level...

7.5CVSS6.6AI score0.75531EPSS
Exploits8
Wordfence Blog
Wordfence Blog
added 2023/02/06 4:20 p.m.42 views

High-Severity XSS Vulnerability in Metform Elementor Contact Form Builder

On January 4, 2023, independent security researcher Mohammed Chemouri reached out to the Wordfence Vulnerability Disclosure program to responsibly disclose and request a CVE ID for a vulnerability in Metform Elementor Contact Form Builder, a WordPress plugin with over 100,000 installations. The...

6.9AI score0.28565EPSS
Exploits5
Wordfence Blog
Wordfence Blog
added 2022/05/16 8:7 p.m.42 views

Millions of Attacks Target Tatsu Builder Plugin

The Wordfence Threat Intelligence team has been tracking a large-scale attack against a Remote Code Execution vulnerability in Tatsu Builder, which is tracked by CVE-2021-25094 and was publicly disclosed on March 24, 2022 by an independent security researcher. The issue is present in vulnerable...

6.8CVSS0.6AI score0.83535EPSS
Exploits9
Wordfence Blog
Wordfence Blog
added 2021/08/24 4:5 p.m.42 views

Critical Authentication Bypass Vulnerability Patched in Booster for WooCommerce

On July 30, 2021 the Wordfence Threat Intelligence team initiated the responsible disclosure process for a vulnerability that we discovered in Booster for WooCommerce, a WordPress plugin installed on over 80,000 sites. This flaw made it possible for an attacker to log in as any user, as long as...

7.5CVSS9.8AI score0.50869EPSS
Exploits8
Wordfence Blog
Wordfence Blog
added 2024/03/14 7:1 p.m.41 views

$1,313 Bounty Awarded for Privilege Escalation Vulnerability Patched in RegistrationMagic WordPress Plugin

🎉 Did you know were running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! On February 26th, 2024, during our second Bug Bounty Extravaganza...

7.3AI score0.00891EPSS
Exploits0
Wordfence Blog
Wordfence Blog
added 2021/10/06 4:43 p.m.41 views

High Severity Vulnerability Patched in Access Demo Importer Plugin

Note: To receive disclosures like this in your inbox the moment they’re published, you can subscribe to our WordPress Security Mailing List. On August 9, 2021, the Wordfence Threat Intelligence team attempted to initiate the responsible disclosure process for a vulnerability that we discovered in...

6.5CVSS8.9AI score0.01652EPSS
Exploits2
Wordfence Blog
Wordfence Blog
added 2021/07/16 5:17 p.m.41 views

Episode 125: Critical SQL Injection Vulnerability Patched in WooCommerce

A critical SQL injection vulnerability was discovered in WooCommerce, the most popular e-Commerce plugin used by over 5 million WordPress sites. The WordPress.org team pushed a forced security update ensuring that over 90 versions of WooCommerce were patched. The REvil ransomware gang targeted a...

8.8AI score
Exploits0
Wordfence Blog
Wordfence Blog
added 2026/04/02 5:20 p.m.40 views

Wordfence Intelligence Weekly WordPress Vulnerability Report (March 23, 2026 to March 29, 2026)

Last week, there were 122 vulnerabilities disclosed in 90 WordPress Plugins and 22 WordPress Themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 46 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities...

6AI score
Exploits0
Wordfence Blog
Wordfence Blog
added 2024/07/30 6:22 p.m.40 views

Empowering WordPress Bug Bounty Hunters: Meet the New Wordfence Bug Bounty Program Researcher Dashboard

Today, we are very excited to announce the launch of our brand-new researcher dashboard for the Wordfence Bug Bounty Program! One frequent request we received from our researchers was to have a way to manage and track all their vulnerability submissions in a single location, and we’re delivering...

7.2AI score
Exploits0
Wordfence Blog
Wordfence Blog
added 2024/03/18 3:1 p.m.40 views

Too Much Escaping Backfires, Allows Shortcode-Based XSS Vulnerability in Contact Form Entries WordPress Plugin

🎉 Did you know were running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! On February 24th, 2024, during our second Bug Bounty Extravaganza...

5.5CVSS4.9AI score0.00593EPSS
Exploits0
Wordfence Blog
Wordfence Blog
added 2023/08/09 6:4 p.m.40 views

weDevs Addresses Privilege Escalation Vulnerability in WP Project Manager WordPress Plugin

On July 9, 2023, our Wordfence Threat Intelligence team identified and began the responsible disclosure process for a Privilege Escalation vulnerability in weDevs’s WP Project Manager plugin, which is actively installed on more than 10,000 WordPress websites. This vulnerability makes it possible...

6.5CVSS6.9AI score0.00689EPSS
Exploits1
Wordfence Blog
Wordfence Blog
added 2021/08/25 3:39 p.m.40 views

Nested Pages Patches Post Deletion Vulnerability

On August 13, 2021, the Wordfence Threat Intelligence team responsibly disclosed two vulnerabilities in Nested Pages, a WordPress plugin installed on over 80,000 sites that provides drag and drop functionality to manage your page structure and post ordering. These vulnerabilities included a...

5.8CVSS0.5AI score0.00826EPSS
Exploits1
Wordfence Blog
Wordfence Blog
added 2024/12/05 3:44 p.m.39 views

Wordfence Intelligence Weekly WordPress Vulnerability Report (November 25, 2024 to December 1, 2024)

Time to wrap up this year and kick-off the new year with a bang! We’re wrapping up the year with ourEnd of Year Holiday Extravaganza , High-Risk Bonus Blitz Challenge , and Superhero Challenge for the Wordfence Bug Bounty Program. Through January 6th, 2025: All in-scope vulnerability types for...

9.9CVSS9.9AI score0.43797EPSS
Exploits10
Wordfence Blog
Wordfence Blog
added 2024/11/27 2:10 p.m.39 views

Wordfence Intelligence Weekly WordPress Vulnerability Report (November 18, 2024 to November 24, 2024)

Calling all superheroes and hunters! Introducing the End of Year Holiday Extravaganza and the WordPress Superhero Challenge for the Wordfence Bug Bounty Program! Through December 9th, 2024: All in-scope vulnerability types for WordPress plugins/themes with = 1,000 active installations are in-scop...

10CVSS9.8AI score0.82589EPSS
Exploits16
Wordfence Blog
Wordfence Blog
added 2024/09/26 2:56 p.m.39 views

Wordfence Intelligence Weekly WordPress Vulnerability Report (September 16, 2024 to September 22, 2024)

Did you know Wordfence runs aBug Bounty Program for all WordPress plugins and themes at no cost to vendors? Through October 7th, 2024, XSS vulnerabilities in all plugins and themes with =1,000 Active Installs are in scope for all researchers. In addition, through October 14th, 2024 , r esearchers...

9.8CVSS8.9AI score0.02991EPSS
Exploits12
Wordfence Blog
Wordfence Blog
added 2024/02/23 4:1 p.m.39 views

$2,063 Bounty Awarded for Unauthenticated SQL Injection Vulnerability Patched in Ultimate Member WordPress Plugin

🎉 Did you know were running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through February 29th, 2024 when you opt to have Wordfence handle responsible disclosure! On January 30th, 2024, shortly after the launch of our secon...

7.5CVSS8.7AI score0.89431EPSS
Exploits8
Wordfence Blog
Wordfence Blog
added 2023/06/29 8:43 p.m.39 views

PSA: Unpatched Critical Privilege Escalation Vulnerability in Ultimate Member Plugin Being Actively Exploited

Today, on June 29, 2023, the Wordfence Threat Intelligence Team became aware of an unpatched privilege escalation vulnerability being actively exploited in Ultimate Member, a WordPress plugin installed on over 200,000 sites, through our vulnerability changelog monitoring we do to ensure the...

7.5CVSS7.4AI score0.72306EPSS
Exploits12
Wordfence Blog
Wordfence Blog
added 2022/09/23 2:0 p.m.39 views

Cross-Site Scripting: The Real WordPress Supervillain

Vulnerabilities are a fact of life for anyone managing a website, even when using a well-established content management system like WordPress. Not all vulnerabilities are equal, with some allowing access to sensitive data that would normally be hidden from public view, while others could allow a...

3.5CVSS5.9AI score0.00886EPSS
Exploits1
Wordfence Blog
Wordfence Blog
added 2022/09/13 3:50 p.m.39 views

PSA: Zero-Day Vulnerability in WPGateway Actively Exploited in the Wild

On September 8, 2022, the Wordfence Threat Intelligence team became aware of an actively exploited zero-day vulnerability being used to add a malicious administrator user to sites running the WPGateway plugin. We released a firewall rule to Wordfence Premium, Wordfence Care, and Wordfence Respons...

9.4AI score0.08841EPSS
Exploits2
Wordfence Blog
Wordfence Blog
added 2024/08/21 2:11 p.m.38 views

Over 5,000,000 Site Owners Affected by Critical Privilege Escalation Vulnerability Patched in LiteSpeed Cache Plugin

📢 Did you know Wordfence runs a Bug Bounty Program for all WordPress plugin and themes at no cost to vendors? Through October 14th, researchers can earn up to $31,200, for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find a vulnerability, submit the details directly to us, an...

9.8CVSS6.5AI score0.68266EPSS
Exploits8
Wordfence Blog
Wordfence Blog
added 2024/01/23 6:7 p.m.38 views

Our Bug Bounty Program Extravaganza is Back and it’s Longer This Time – Earn up to $10,000 for Vulnerabilities in WordPress Software!

At Wordfence our mission is to Secure The Web. WordPress powers over 40% of the Web, and Wordfence secures over 4 million WordPress websites. Our last extravaganza, the Holiday Bug Extravaganza, was so successful we decided to do it again to kick off the New Year right. Introducing our New Year B...

9AI score
Exploits0
Wordfence Blog
Wordfence Blog
added 2023/02/01 4:7 p.m.38 views

Multiple Vulnerabilities Patched in Quick Restaurant Menu Plugin

On January 16, 2023, the Wordfence Threat Intelligence team responsibly disclosed several vulnerabilities in Quick Restaurant Menu, a WordPress plugin that allows users to set up restaurant menus on their sites. This plugin is vulnerable to Missing Authorization, Insecure Direct Object Reference,...

0.3AI score0.0065EPSS
Exploits1
Wordfence Blog
Wordfence Blog
added 2022/11/29 5:22 p.m.38 views

Configuration Probing: Your Backups Might Be Your Greatest Weakness

Configuration files exist to make life easier for developers and website operators. In a world without configuration files, every instance of code that depended on a database connection could potentially require the connection details to be hard coded or manually entered. Other reusable data woul...

6.5AI score
Exploits0
Wordfence Blog
Wordfence Blog
added 2021/12/08 3:5 p.m.38 views

Authentication Bypass Vulnerability Patched in User Registration Plugin

Note: To receive disclosures like this in your inbox the moment they’re published, you can subscribe to our WordPress Security Mailing List. On September 16, 2021 the Wordfence Threat Intelligence team initiated the responsible disclosure process for a vulnerability we discovered in...

6.8CVSS9.5AI score0.07EPSS
Exploits1
Wordfence Blog
Wordfence Blog
added 2021/09/28 3:8 p.m.38 views

PHP_SELFish Part 1 – Reflected XSS in underConstruction Plugin

Today’s post is part one of a two part blog post. It describes a cross site scripting vulnerability that exploits the PHPSELF variable. Tomorrow we will publish part two, which describes another plugin suffering from a similar vulnerability related to the use of PHPSELF. So be sure to look out fo...

4.3CVSS6.7AI score0.02335EPSS
Exploits1
Wordfence Blog
Wordfence Blog
added 2023/08/22 1:35 p.m.37 views

Critical Privilege Escalation Vulnerability in Charitable WordPress Plugin Affects Over 10,000 sites

On August 10, 2023, our Wordfence Threat Intelligence team identified and began the responsible disclosure process for a Privilege Escalation vulnerability in the Donation Forms by Charitable plugin, which is actively installed on more than 10,000 WordPress websites. This vulnerability makes it...

7.5CVSS7.6AI score0.00765EPSS
Exploits1
Wordfence Blog
Wordfence Blog
added 2023/04/18 1:51 p.m.37 views

Hiding in Plain Sight: Cross-Site Scripting Vulnerabilities Patched in Weaver Products

On March 14, 2023, the Wordfence Threat Intelligence team initiated the responsible disclosure process for 2 nearly identical Cross-Site Scripting vulnerabilities in the Weaver Xtreme theme and the Weaver Show Posts plugin, which each have over 10,000 installations. The plugin developer responded...

8.9AI score0.00531EPSS
Exploits2
Wordfence Blog
Wordfence Blog
added 2022/02/17 6:55 p.m.37 views

Vulnerability in UpdraftPlus Allowed Subscribers to Download Sensitive Backups

Update: a previous version of this article indicated that an attacker would need to begin their attack when a backup was in progress, and would need to guess the appropriate timestamp to download a backup. Since the article was originally published, we have found that it is possible to obtain a...

4CVSS6.2AI score0.0201EPSS
Exploits3
Wordfence Blog
Wordfence Blog
added 2025/07/03 1:2 p.m.36 views

Wordfence Intelligence Weekly WordPress Vulnerability Report (June 23, 2025 to June 29, 2025)

Calling all Vulnerability Researchers and Bug Bounty Hunters! Spring into Summer with Wordfence! Now through August 4, 2025, earn 2X bounty rewards forall in-scope submissions from our 'High Threat' list in software with fewer than 5 million active installs. Bounties up to $31,200 per...

9.8CVSS9.6AI score0.02055EPSS
Exploits8
Wordfence Blog
Wordfence Blog
added 2025/06/12 2:54 p.m.36 views

Wordfence Intelligence Weekly WordPress Vulnerability Report (June 2, 2025 to June 8, 2025)

Calling all Vulnerability Researchers and Bug Bounty Hunters! Spring into Summer with Wordfence! Now through August 4, 2025, earn 2X bounty rewards forall in-scope submissions from our 'High Threat' list in software with fewer than 5 million active installs. Bounties up to $31,200 per...

9.8CVSS10AI score0.01718EPSS
Exploits10
Wordfence Blog
Wordfence Blog
added 2025/04/17 1:57 p.m.36 views

Wordfence Intelligence Weekly WordPress Vulnerability Report (April 7, 2025 to April 13, 2025)

In case you missed it, Wordfence just published itsannual WordPress security report for 2024. Read it now to learn more about the evolving risk landscape of WordPress so you can keep your sites protected in 2025 and beyond. Last week, there were 352 vulnerabilities disclosed in 310 WordPress...

10CVSS10AI score0.76126EPSS
Exploits28
Wordfence Blog
Wordfence Blog
added 2024/03/13 3:1 p.m.36 views

Critical Vulnerability Remains Unpatched in Two Permanently Closed MiniOrange WordPress Plugins – $1,250 Bounty Awarded

🎉 Did you know were running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! On March 1st, 2024, during our second Bug Bounty Extravaganza, we...

7.5CVSS10AI score0.01712EPSS
Exploits1
Wordfence Blog
Wordfence Blog
added 2023/10/23 5:55 p.m.36 views

4 Million WordPress Sites affected by Stored Cross-Site Scripting Vulnerability in LiteSpeed Cache Plugin

On August 14, 2023, our Wordfence Threat Intelligence team identified and began the responsible disclosure process for a stored Cross-Site Scripting XSS vulnerability in LiteSpeed Cache plugin, which is actively installed on more than 4,000,000 WordPress websites, making it the most popular cache...

6.3AI score0.19684EPSS
Exploits2
Wordfence Blog
Wordfence Blog
added 2025/05/22 1:58 p.m.35 views

Wordfence Intelligence Weekly WordPress Vulnerability Report (May 12, 2025 to May 18, 2025)

In case you missed it, Wordfence just published itsannual WordPress security report for 2024. Read it now to learn more about the evolving risk landscape of WordPress so you can keep your sites protected in 2025 and beyond. Last week, there were 143 vulnerabilities disclosed in 120 WordPress...

10CVSS9.9AI score0.05128EPSS
Exploits16
Total number of security vulnerabilities522