Lucene search
K
WordfenceMost viewed

522 matches found

Wordfence Blog
Wordfence Blog
added 2026/01/08 6:20 p.m.28 views

Wordfence Intelligence Weekly WordPress Vulnerability Report (December 15, 2025 to January 4, 2026)

Did you know Wordfence runs aBug Bounty Program for all WordPress plugin and themes at no cost to vendors? Researchers can earn up to $31,200 per vulnerability , for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find a vulnerability, submit the details directly to us, and we...

9.9CVSS8.4AI score0.05821EPSS
Exploits12
Wordfence Blog
Wordfence Blog
added 2025/05/12 6:24 p.m.28 views

82,000 WordPress Sites Affected by Arbitrary File Upload Vulnerability in TheGem WordPress Theme

📢In case you missed it, Wordfence just published itsannual WordPress security report for 2024. Read it now to learn more about the evolving risk landscape of WordPress so you can keep your sites protected in 2025 and beyond. On May 4th, 2025, we received a submission for an Arbitrary File Upload...

8.8CVSS7.9AI score0.01055EPSS
Exploits1
Wordfence Blog
Wordfence Blog
added 2024/12/09 4:58 p.m.28 views

6,000,000 WordPress Sites Protected Against Payment Refund and Subscription Cancellation Vulnerability in WPForms WordPress Plugin

💥 Time to wrap up this year and kick-off the new year with a bang! We’re wrapping up the year with ourEnd of Year Holiday Extravaganza , High-Risk Bonus Blitz Challenge , and Superhero Challenge for the Wordfence Bug Bounty Program. Through January 6th, 2025: All in-scope vulnerability types for...

8.5CVSS6.7AI score0.00738EPSS
Exploits0
Wordfence Blog
Wordfence Blog
added 2024/05/15 3:0 p.m.28 views

30,000 WordPress Sites affected by Arbitrary SQL Execution Vulnerability Patched in Visualizer WordPress Plugin

🎉 Did you know were running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! On April 10th, 2024, during our second Bug Bounty Extravaganza, w...

8.8CVSS8AI score0.00614EPSS
Exploits0
Wordfence Blog
Wordfence Blog
added 2024/04/17 3:3 p.m.28 views

$400 Bounty Awarded for SQL Injection Vulnerability Patched in WP Activity Log Premium WordPress Plugin

🎉 Did you know were running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! On February 24th, 2024, during our second Bug Bounty Extravaganza...

6.5CVSS8AI score0.00876EPSS
Exploits0
Wordfence Blog
Wordfence Blog
added 2024/02/21 8:11 p.m.28 views

$1,313 Bounty Awarded for Privilege Escalation Vulnerability Patched in Academy LMS WordPress Plugin

Did you know were running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through February 29th, 2024 when you opt to have Wordfence handle responsible disclosure! On February 14th, 2024, during our second Bug Bounty...

6.5CVSS7.2AI score0.00756EPSS
Exploits0
Wordfence Blog
Wordfence Blog
added 2023/01/12 7:5 p.m.28 views

Holiday Attack Spikes Target Ancient Vulnerabilities and Hidden Webshells

Winter brings a number of holidays in a short period of time, and many organizations shut down or run a skeleton crew for a week or more at the end of the year and beginning of the new year. This makes it easier for would-be attackers to find success as systems are not as closely monitored. This...

0.4AI score
Exploits0
Wordfence Blog
Wordfence Blog
added 2022/02/10 1:53 p.m.28 views

Unauthenticated SQL Injection Vulnerability Patched in WordPress Statistics Plugin

On February 7, 2022, Security Researcher Cyku Hong from DEVCORE reported a vulnerability to us that they discovered in WP Statistics, a WordPress plugin installed on over 600,000 sites. This vulnerability made it possible for unauthenticated attackers to execute arbitrary SQL queries by appending...

4.3CVSS8.1AI score0.5346EPSS
Exploits3
Wordfence Blog
Wordfence Blog
added 2021/10/28 11:23 p.m.28 views

XSS Vulnerability in NextScripts: Social Networks Auto-Poster Plugin Impacts 100,000 Sites

Note: To receive disclosures like this in your inbox the moment they’re published, you can subscribe to our WordPress Security Mailing List. On August 19, 2021, the Wordfence Threat Intelligence team began the disclosure process for a reflected Cross-Site ScriptingXSS vulnerability we found in...

4.3CVSS6.1AI score0.00845EPSS
Exploits3
Wordfence Blog
Wordfence Blog
added 2025/08/07 4:7 p.m.27 views

Wordfence Intelligence Weekly WordPress Vulnerability Report (July 28, 2025 to August 3, 2025)

Calling all Vulnerability Researchers and Bug Bounty Hunters! Spring into Summer with Wordfence! Now through September 4, 2025, earn 2X bounty rewards forall in-scope submissions from our 'High Threat' list in software with fewer than 5 million active installs. Bounties up to $31,200 per...

10CVSS8.7AI score0.1492EPSS
Exploits13
Wordfence Blog
Wordfence Blog
added 2024/06/26 9:52 p.m.27 views

Developer Accounts Compromised Due to Credential Reuse in WordPress.org Supply Chain Attack

On June 24th, 2024, the Wordfence Threat Intelligence Team became aware of a WordPress plugin, Social Warfare, that was infected with malware through the WordPress repository. Upon further investigation, our team quickly identified 4 additional affected plugins through our internal Threat...

8.4AI score
Exploits0
Wordfence Blog
Wordfence Blog
added 2024/02/05 3:0 p.m.27 views

Local File Inclusion Vulnerability Patched in Shield Security WordPress Plugin

On December 18, 2023, right before the end of Holiday Bug Extravaganza, we received a submission for a Local File Inclusion vulnerability in Shield Security, a WordPress plugin with more than 50,000+ active installations. It’s important to note that this vulnerability is limited to just the...

7.5CVSS8.3AI score0.56567EPSS
Exploits0
Wordfence Blog
Wordfence Blog
added 2023/12/06 9:13 p.m.27 views

PSA: Critical POP Chain Allowing Remote Code Execution Patched in WordPress 6.4.2

WordPress 6.4.2 was released today, on December 6, 2023. It includes a patch for a POP chain introduced in version 6.4 that, combined with a separate Object Injection vulnerability, could result in a Critical-Severity vulnerability allowing attackers to execute arbitrary PHP code on the site. We...

9.1AI score
Exploits0
Wordfence Blog
Wordfence Blog
added 2023/05/31 12:27 p.m.27 views

WPDeveloper Addresses Privilege Escalation Vulnerability in ReviewX WordPress Plugin

On May 20, 2023, our Wordfence Threat Intelligence team identified and began the responsible disclosure process for a Privilege Escalation vulnerability in WPDeveloper’s ReviewX plugin, which is actively installed on more than 10,000 WordPress websites. This vulnerability makes it possible for an...

6.5CVSS6.9AI score0.1748EPSS
Exploits4
Wordfence Blog
Wordfence Blog
added 2023/01/10 4:41 p.m.27 views

Eleven Vulnerabilities Patched in Royal Elementor Addons

On December 23, 2022, the Wordfence Threat Intelligence team initiated the responsible disclosure process for a set of 11 vulnerabilities in Royal Elementor Addons, a WordPress plugin with over 100,000 installations. The plugin developers responded on December 26, and we sent over the full...

0.7AI score0.00945EPSS
Exploits2
Wordfence Blog
Wordfence Blog
added 2022/08/04 8:17 p.m.27 views

Wordfence Intelligence Launching at Black Hat 2022 in Las Vegas Next Week

Wordfence protects over 4 million websites around the world on 12,000 unique networks, and we block over 1.8 billion attacks targeting those websites every month. For years we have had a relationship with our customers that is a virtuous cycle: We receive attack reports from our customers at a ra...

2.1AI score
Exploits0
Wordfence Blog
Wordfence Blog
added 2022/08/04 2:53 p.m.27 views

Cross-Site Request Forgery Vulnerability Patched in Ecwid Ecommerce Shopping Cart Plugin

On June 24, 2022, the Wordfence Threat Intelligence team initiated the responsible disclosure process for a Cross-Site Request Forgery vulnerability we discovered in Ecwid Ecommerce Shopping Cart, a WordPress plugin installed on over 30,000 sites. This vulnerability made it possible for attackers...

5.4AI score0.00482EPSS
Exploits2
Wordfence Blog
Wordfence Blog
added 2022/04/27 4:45 p.m.27 views

PHP Object Injection Vulnerability in Booking Calendar Plugin

On April 18, 2022, the Wordfence Threat Intelligence team initiated the responsible disclosure process for an Object Injection vulnerability in the Booking Calendar plugin for WordPress, which has over 60,000 installations. We received a response the same day and sent over our full disclosure ear...

6.5CVSS9.4AI score0.0171EPSS
Exploits2
Wordfence Blog
Wordfence Blog
added 2022/01/13 2:54 p.m.27 views

84,000 WordPress Sites Affected by Three Plugins With The Same Vulnerability

On November 5, 2021 the Wordfence Threat Intelligence team initiated the responsible disclosure process for a vulnerability we discovered in “Login/Signup Popup”, a WordPress plugin that is installed on over 20,000 sites. A few days later we discovered the same vulnerability present in two...

6.8CVSS9.2AI score0.0082EPSS
Exploits2
Wordfence Blog
Wordfence Blog
added 2026/06/04 3:3 p.m.26 views

Wordfence Intelligence Weekly WordPress Vulnerability Report (May 25, 2026 to May 31, 2026)

Last week, there were 277 vulnerabilities disclosed in 184 WordPress Plugins and 70 WordPress Themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 93 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilitie...

6.1AI score
Exploits0
Wordfence Blog
Wordfence Blog
added 2025/02/24 5:52 p.m.26 views

100,000 WordPress Sites Affected by Arbitrary File Upload, Read and Deletion Vulnerability in Everest Forms WordPress Plugin

📢Did you know Wordfence runs aBug Bounty Program for all WordPress plugins and themes at no cost to vendors? Researchers can earn up to $31,200 per vulnerability , for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find a vulnerability, submit the details directly to us, and we...

9.8CVSS8.2AI score0.25991EPSS
Exploits0
Wordfence Blog
Wordfence Blog
added 2024/09/25 4:29 p.m.26 views

90,000 WordPress Sites Affected by Arbitrary File Upload and Authentication Bypass Vulnerabilities in Jupiter X Core WordPress Plugin

📢 Did you know Wordfence runs aBug Bounty Program for all WordPress plugins and themes at no cost to vendors? Through October 7th, 2024, XSS vulnerabilities in all plugins and themes with =1,000 Active Installs are in scope for all researchers. In addition, through October 14th, 2024 , r esearche...

9.8CVSS9.8AI score0.01506EPSS
Exploits0
Wordfence Blog
Wordfence Blog
added 2024/09/10 4:19 p.m.26 views

Over 40,000 WordPress Sites Affected by Privilege Escalation Vulnerability Patched in Post Grid and Gutenberg Blocks Plugin

📢 Did you know Wordfence runs aBug Bounty Program for all WordPress plugins and themes at no cost to vendors? Through October 7th, 2024, XSS vulnerabilities in all plugins and themes with =1,000 Active Installs are in scope for all researchers. In addition, through October 14th, 2024 , r esearche...

8.8CVSS8.7AI score0.0957EPSS
Exploits0
Wordfence Blog
Wordfence Blog
added 2024/02/06 3:36 p.m.26 views

$1,900 Bounty Awarded for Arbitrary Options Update Vulnerability Patched in Cookie Information | Free GDPR Consent Solution WordPress Plugin

On December 11th, 2023, during our Holiday Bug Extravaganza, we received a submission for an Arbitrary Options Update vulnerability in Cookie Information | Free GDPR Consent Solution, a WordPress plugin with more than 100,000+ active installations. This vulnerability could be used by authenticate...

6.5CVSS7.3AI score0.0147EPSS
Exploits2
Wordfence Blog
Wordfence Blog
added 2022/12/21 5:2 p.m.26 views

Exploiting WordPress Plugin Vulnerabilities to Steal AWS Metadata

In an ideal world, vulnerabilities would not exist. A request would be sent to a server, properly validated, and only the intended information would be provided by the server. Of course, this is not a perfect world, and vulnerabilities can be introduced unintentionally, or even found due to...

7.4AI score
Exploits0
Wordfence Blog
Wordfence Blog
added 2022/07/13 5:52 p.m.26 views

PSA: Sudden Increase In Attacks On Modern WPBakery Page Builder Addons Vulnerability

The Wordfence Threat Intelligence team has been monitoring a sudden increase in attack attempts targeting Kaswara Modern WPBakery Page Builder Addons. This ongoing campaign is attempting to take advantage of an arbitrary file upload vulnerability, tracked as CVE-2021-24284, which has been...

7.5CVSS9.8AI score0.4214EPSS
Exploits3
Wordfence Blog
Wordfence Blog
added 2021/11/23 10:15 p.m.26 views

GoDaddy Breach Widens to tsoHost, Media Temple, 123Reg, Domain Factory, Heart Internet, and Host Europe

Yesterday GoDaddy disclosed a massive data breach impacting over 1.2 Million customers. Today, we received confirmation from GoDaddy that multiple brands that resell GoDaddy Managed WordPress were impacted. The brands impacted include: tsoHost Media Temple 123Reg Domain Factory Heart Internet Hos...

6.8AI score
Exploits0
Wordfence Blog
Wordfence Blog
added 2026/01/22 2:50 p.m.25 views

Wordfence Intelligence Weekly WordPress Vulnerability Report (January 12, 2026 to January 18, 2026)

Did you know Wordfence runs aBug Bounty Program for all WordPress plugin and themes at no cost to vendors? Researchers can earn up to $31,200 per vulnerability , for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find a vulnerability, submit the details directly to us, and we...

10CVSS8.6AI score0.20631EPSS
Exploits16
Wordfence Blog
Wordfence Blog
added 2025/11/03 5:24 p.m.25 views

400,000 WordPress Sites Affected by Account Takeover Vulnerability in Post SMTP WordPress Plugin

On October 11th, 2025, we received a submission for an Account Takeover via Email Log Disclosure vulnerability in Post SMTP, a WordPress plugin with more than 400,000 active installations. This vulnerability makes it possible for an unauthenticated attacker to view email logs, including password...

9.8CVSS6.4AI score0.51507EPSS
Exploits1
Wordfence Blog
Wordfence Blog
added 2025/09/25 2:54 p.m.25 views

Wordfence Intelligence Weekly WordPress Vulnerability Report (September 15, 2025 to September 21, 2025)

Calling all Vulnerability Researchers and Bug Bounty Hunters! Operation: Maximum Impact Challenge ! Now through November 10, 2025, earn 2X bounty rewards forall in-scope submissions in software with at least 5,000 active installs and fewer than 5 million active installs. Bounties up to $31,200 pe...

9.8CVSS8.7AI score0.03632EPSS
Exploits11
Wordfence Blog
Wordfence Blog
added 2025/07/24 2:26 p.m.25 views

Wordfence Intelligence Weekly WordPress Vulnerability Report (July 14, 2025 to July 20, 2025)

Calling all Vulnerability Researchers and Bug Bounty Hunters! Spring into Summer with Wordfence! Now through August 4, 2025, earn 2X bounty rewards forall in-scope submissions from our 'High Threat' list in software with fewer than 5 million active installs. Bounties up to $31,200 per...

9.8CVSS9.5AI score0.47529EPSS
Exploits5
Wordfence Blog
Wordfence Blog
added 2024/07/22 5:6 p.m.25 views

10,000 WordPress Sites Affected by High Severity Vulnerabilities in BookingPress WordPress Plugin

On July 2nd, 2024, during the 0-day Threat Hunt Promo of our Bug Bounty Program, we received a submission for an Arbitrary File Read to Arbitrary File Creation vulnerability in BookingPress, a WordPress plugin with over 10,000 active installations. This vulnerability makes it possible for...

8.8CVSS8AI score0.00856EPSS
Exploits0
Wordfence Blog
Wordfence Blog
added 2024/03/15 3:15 p.m.25 views

Record Breaking $153,000+ Already Invested into the Security of the WordPress Ecosystem by Wordfence – More to Come!

Did you know were running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! In just a few short months since our launch in November of last yea...

8.5AI score
Exploits0
Wordfence Blog
Wordfence Blog
added 2023/10/31 4:34 p.m.25 views

Announcing Vulnerability Scanning in Wordfence CLI 2.0.1 “Voodoo Child”

Note: If youre a WordPress user, we recommend the Wordfence Security Plugin which provides a robust and complete set of security controls for WordPress websites. If you host WordPress servers and need high performance malware and vulnerability scanning on the command line, read on! Our mission at...

7.2AI score
Exploits0
Wordfence Blog
Wordfence Blog
added 2022/06/16 4:21 p.m.25 views

PSA: Critical Vulnerability Patched in Ninja Forms WordPress Plugin

On June 16, 2022, the Wordfence Threat Intelligence team noticed a back-ported security update in Ninja Forms, a WordPress plugin with over one million active installations. As with all security updates in WordPress plugins and themes, our team analyzed the plugin to determine the exploitability...

0.4AI score
Exploits0
Wordfence Blog
Wordfence Blog
added 2022/04/07 3:9 p.m.25 views

Critical Authentication Bypass Vulnerability Patched in SiteGround Security Plugin

On March 10, 2022 the Wordfence Threat Intelligence team initiated the responsible disclosure process for a vulnerability we discovered in “SiteGround Security”, a WordPress plugin that is installed on over 400,000 sites. This flaw makes it possible for attackers to gain administrative user acces...

7.5CVSS9.4AI score0.07285EPSS
Exploits3
Wordfence Blog
Wordfence Blog
added 2026/04/02 7:6 p.m.24 views

200,000 WordPress Sites Affected by Arbitrary File Deletion Vulnerability in Perfmatters WordPress Plugin

On March 1st, 2026, we received a submission for an Arbitrary File Deletion vulnerability in Perfmatters, a WordPress plugin with more than 200,000 active installations. This vulnerability makes it possible for unauthenticated threat actors to delete arbitrary files, including the wp-config.php...

8.1CVSS8AI score0.00658EPSS
Exploits1
Wordfence Blog
Wordfence Blog
added 2025/11/06 4:18 p.m.24 views

Wordfence Intelligence Weekly WordPress Vulnerability Report (October 27, 2025 to November 2, 2025)

Calling all Vulnerability Researchers and Bug Bounty Hunters! Operation: Maximum Impact Challenge ! Now through November 10, 2025, earn 2X bounty rewards forall in-scope submissions in software with at least 5,000 active installs and fewer than 5 million active installs. Bounties up to $31,200 pe...

9.8CVSS10AI score0.51507EPSS
Exploits10
Wordfence Blog
Wordfence Blog
added 2025/02/17 5:22 p.m.24 views

Creative SVG File Upload to Local File Inclusion Vulnerability Affecting 90,000 Sites Patched in Jupiter X Core WordPress Plugin

📢Did you know Wordfence runs aBug Bounty Program for all WordPress plugins and themes at no cost to vendors? Researchers can earn up to $31,200 per vulnerability , for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find a vulnerability, submit the details directly to us, and we...

8.8CVSS8.5AI score0.01617EPSS
Exploits0
Wordfence Blog
Wordfence Blog
added 2024/06/05 3:1 p.m.24 views

40,000 WordPress Sites affected by Vulnerability That Leads to Privilege Escalation in Login/Signup Popup WordPress Plugin

📢 Did you know Wordfence runs a Bug Bounty Program for all WordPress plugin and themes at no cost to vendors? Researchers can earn up to $10,400, for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find a vulnerability, submit the details directly to us, and we handle all the...

8.8CVSS8.5AI score0.01507EPSS
Exploits0
Wordfence Blog
Wordfence Blog
added 2024/04/29 3:4 p.m.24 views

$197 Bounty Awarded for Unauthenticated Arbitrary Post Deletion Vulnerability Patched in LeadConnector WordPress Plugin

🎉 Did you know were running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! On February 8th, 2024, during our Bug Bounty Extravaganza, we...

6.4CVSS7.3AI score0.00587EPSS
Exploits0
Wordfence Blog
Wordfence Blog
added 2024/04/01 3:3 p.m.24 views

Unauthenticated Stored Cross-Site Scripting Vulnerability Patched in WP-Members Membership Plugin – $500 Bounty Awarded

Did you know were running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! On February 21st, 2024, during our second Bug Bounty Extravaganza, ...

6.4CVSS6.2AI score0.00675EPSS
Exploits0
Wordfence Blog
Wordfence Blog
added 2023/05/22 2:49 p.m.24 views

W3 Eden Addresses Authenticated Stored XSS Vulnerability in Download Manager WordPress Plugin

On April 25, 2023, our Wordfence Threat Intelligence team identified and began the responsible disclosure process for a stored Cross-Site Scripting XSS vulnerability in W3 Eden’s Download Manager plugin, which is actively installed on more than 100,000 WordPress websites, making it one of the mos...

4.9CVSS6AI score0.00646EPSS
Exploits2
Wordfence Blog
Wordfence Blog
added 2022/08/30 9:3 p.m.24 views

WordPress Core 6.0.2 Security & Maintenance Release – What You Need to Know

On August 30, 2022, the WordPress core team released WordPress version 6.0.2, which contains patches for 3 vulnerabilities, including a High Severity SQLi vulnerability in the Links functionality as well as two Medium Severity Cross-Site Scripting vulnerabilities. These patches have been backport...

7.1AI score
Exploits0
Wordfence Blog
Wordfence Blog
added 2022/02/24 5:54 a.m.24 views

Entering a Higher State of Vigilance – Ukraine Under Attack

It appears that Russia has just commenced the invasion of Ukraine. Check your preferred international news outlet, but according to the Ukrainian foreign minister "Putin has just launched a full-scale invasion of Ukraine." Ukrainian airspace is closed with flights diverting. The Twitter Safety...

0.5AI score
Exploits0
Wordfence Blog
Wordfence Blog
added 2021/09/29 2:34 p.m.24 views

PHP_SELFish Part 2 – Reflected XSS in Easy Social Icons

Today’s post is part two of a two part blog post. It describes a cross site scripting vulnerability in the Easy Social Icons plugin that exploits the PHPSELF variable. In yesterday’s post, we described another plugin, underConstruction, suffering from a similar vulnerability related to the use of...

4.3CVSS6.7AI score0.0236EPSS
Exploits2
Wordfence Blog
Wordfence Blog
added 2021/08/16 3:28 p.m.24 views

XSS Vulnerability Patched in SEOPress Affects 100,000 sites

On July 29, 2021 the Wordfence Threat Intelligence team initiated the responsible disclosure process for a vulnerability that we discovered in SEOPress, a WordPress plugin installed on over 100,000 sites. This flaw made it possible for an attacker to inject arbitrary web scripts on a vulnerable...

3.5CVSS5.5AI score0.00651EPSS
Exploits2
Wordfence Blog
Wordfence Blog
added 2025/12/11 5:0 p.m.23 views

Wordfence Intelligence Weekly WordPress Vulnerability Report (December 1, 2025 to December 7, 2025)

Last week, there were 190 vulnerabilities disclosed in 173 WordPress Plugins and 2 WordPress Themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 59 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities...

10CVSS8.5AI score0.73557EPSS
Exploits26
Wordfence Blog
Wordfence Blog
added 2024/11/08 5:50 p.m.23 views

28,000 WordPress Sites Affected by Arbitrary File Read and Deletion Vulnerability in WPLMS WordPress Theme

🦸 👻 Calling all superheroes and haunters! Introducing theCybersecurity Month Spooktacular Haunt and the WordPress Superhero Challenge for the Wordfence Bug Bounty Program! Through November 11th, 2024: All in-scope vulnerability types for WordPress plugins/themes with = 1,000 active installations...

9.8CVSS8.3AI score0.33856EPSS
Exploits2
Wordfence Blog
Wordfence Blog
added 2024/11/05 5:6 p.m.23 views

Announcing The Wordfence Audit Log: Off-Site Real-Time Security Event Logging for WordPress

Today the Wordfence team is proud to announce an exciting new feature: The Wordfence Audit Log, included in the Wordfence 8.0 release. The audit log captures and stores security-related events on your website as they happen, and sends them securely to an off-site location to protect them from...

7AI score
Exploits0
Total number of security vulnerabilities522