Lucene search
K
WordfenceMost viewed

522 matches found

Wordfence Blog
Wordfence Blog
•added 2023/12/14 9:44 p.m.•20 views

Wordfence CLI 2.1.0 Adds Email Capability and Unattended Configuration

Note: This post refers to Wordfence CLI, the command line tool for operations teams to rapidly scan large numbers of WordPress websites for vulnerabilities and malware, not the Wordfence plugin which is deeply integrated into WordPress and provides additional functionality, like a firewall,...

7.4AI score
Exploits0
Wordfence Blog
Wordfence Blog
•added 2023/11/01 4:13 p.m.•20 views

Know Your Malware Part Two – Hacky Obfuscation Techniques

In the first post in this series, we covered common PHP encoding techniques and how they’re used by malware to hide from security analysts and scanners. In today’s post, we’re going to dive a little bit deeper into other obfuscation techniques that make use of other features available in PHP...

7.8AI score
Exploits0
Wordfence Blog
Wordfence Blog
•added 2023/04/11 4:29 p.m.•20 views

Update Now! Severe Vulnerability Impacting 600,000 Sites Patched in Limit Login Attempts

On January 26, 2023, the Wordfence team responsibly disclosed an unauthenticated stored Cross-Site Scripting vulnerability in Limit Login Attempts, a WordPress plugin installed on over 600,000 sites that provides site owners with the ability to block IP addresses that have made repeated failed...

6.8AI score0.00789EPSS
Exploits3
Wordfence Blog
Wordfence Blog
•added 2023/03/23 6:19 p.m.•20 views

PSA: Update Now! Critical Authentication Bypass in WooCommerce Payments Allows Site Takeover

This post has been updated with additional information that has become available since its publication The Wordfence Threat Intelligence team regularly monitors plugin updates and reviews any indicating that a potential security issue may have been addressed. Today, March 23, 2023, we noticed tha...

7.1AI score
Exploits0
Wordfence Blog
Wordfence Blog
•added 2022/06/07 3:35 p.m.•20 views

Cross-Site Scripting Vulnerability In Download Manager Plugin

On May 30, 2022, Security Researcher Rafie Muhammad reported a reflected Cross-Site Scripting XSS vulnerability to us that they discovered in Download Manager, a WordPress plugin installed on over 100,000 sites. On request, we assigned a vulnerability identifier of CVE-2022-1985. All Wordfence...

4.3CVSS6.5AI score0.01138EPSS
Exploits3
Wordfence Blog
Wordfence Blog
•added 2021/08/11 3:37 p.m.•20 views

2021 Mid-Year WordPress Security Report: A Collaboration Between Wordfence and WPScan

Wordfence has collaborated with WPScan to conduct a 2021 mid-year review on the state of WordPress security. Using attack data from Wordfence’s internal threat intelligence platform, and vulnerability data from WPScan’s vulnerability database, we were able to analyze the current trend of attacks ...

7AI score
Exploits0
Wordfence Blog
Wordfence Blog
•added 2026/06/01 3:51 p.m.•19 views

Unauthenticated Privilege Escalation Vulnerability Patched in Kirki WordPress Plugin

On May 4th, 2026, we received a submission for an Unauthenticated Privilege Escalation vulnerability in the Kirki WordPress plugin. Although the plugin has more than 500,000 active installations, we estimate that only around 150,000 sites are using a vulnerable version, as the issue was introduce...

9.8CVSS5.7AI score0.0126EPSS
Exploits5
Wordfence Blog
Wordfence Blog
•added 2026/04/13 6:2 p.m.•19 views

Attackers Actively Exploiting Critical Vulnerability in Kali Forms Plugin

On March 2nd, 2026, we received a submission through our Bug Bounty Program for a Remote Code Execution vulnerability in Kali Forms, a WordPress plugin with more than 10,000 active installations. This vulnerability makes it possible for an unauthenticated attacker to execute code on the server. T...

9.8CVSS6AI score0.07239EPSS
Exploits2
Wordfence Blog
Wordfence Blog
•added 2026/03/19 4:12 p.m.•19 views

Wordfence Intelligence Weekly WordPress Vulnerability Report (March 9, 2026 to March 15, 2026)

Last week, there were 116 vulnerabilities disclosed in 78 WordPress Plugins and 19 WordPress Themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 66 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities...

9.8CVSS7AI score0.04279EPSS
Exploits10
Wordfence Blog
Wordfence Blog
•added 2025/11/20 4:10 p.m.•19 views

Wordfence Intelligence Weekly WordPress Vulnerability Report (November 10, 2025 to November 16, 2025)

Calling all Vulnerability Researchers and Bug Bounty Hunters! The LFInder Challenge:Refine your LFI hunting skills with an expanded scope. Now through November 24, 2025, all LFI vulnerabilities in software with at least 25 active installs are considered in-scope for all researchers, regardless of...

10CVSS10AI score0.01041EPSS
Exploits5
Wordfence Blog
Wordfence Blog
•added 2025/09/19 4:7 p.m.•19 views

Wordfence Bug Bounty Program Monthly Report – August 2025

Last month in August 2025, the Wordfence Bug Bounty Program received 438 vulnerability submissions from our growing community of security researchers working to improve the overall security posture of the WordPress ecosystem. These submissions are reviewed, triaged, and processed by the Wordfence...

7.8AI score
Exploits0
Wordfence Blog
Wordfence Blog
•added 2025/09/04 3:25 p.m.•19 views

Wordfence Intelligence Weekly WordPress Vulnerability Report (August 25, 2025 to August 31, 2025)

Calling all Vulnerability Researchers and Bug Bounty Hunters! Spring into Summer with Wordfence! Now through September 4, 2025, earn 2X bounty rewards forall in-scope submissions from our 'High Threat' list in software with fewer than 5 million active installs. Bounties up to $31,200 per...

10CVSS8.9AI score0.01425EPSS
Exploits6
Wordfence Blog
Wordfence Blog
•added 2025/08/14 2:33 p.m.•19 views

Wordfence Intelligence Weekly WordPress Vulnerability Report (August 4, 2025 to August 10, 2025)

Calling all Vulnerability Researchers and Bug Bounty Hunters! Spring into Summer with Wordfence! Now through September 4, 2025, earn 2X bounty rewards forall in-scope submissions from our 'High Threat' list in software with fewer than 5 million active installs. Bounties up to $31,200 per...

9.9CVSS6.7AI score0.03338EPSS
Exploits3
Wordfence Blog
Wordfence Blog
•added 2025/07/17 3:42 p.m.•19 views

Wordfence Intelligence Weekly WordPress Vulnerability Report (July 7, 2025 to July 13, 2025)

Calling all Vulnerability Researchers and Bug Bounty Hunters! Spring into Summer with Wordfence! Now through August 4, 2025, earn 2X bounty rewards forall in-scope submissions from our 'High Threat' list in software with fewer than 5 million active installs. Bounties up to $31,200 per...

9.8CVSS10AI score0.55683EPSS
Exploits8
Wordfence Blog
Wordfence Blog
•added 2025/05/19 5:32 p.m.•19 views

22,000 WordPress Sites Affected by Privilege Escalation Vulnerability in Motors WordPress Theme

📢In case you missed it, Wordfence just published itsannual WordPress security report for 2024. Read it now to learn more about the evolving risk landscape of WordPress so you can keep your sites protected in 2025 and beyond. On May 2nd, 2025, we received a submission for a Privilege Escalation...

9.8CVSS7.7AI score0.18241EPSS
Exploits3
Wordfence Blog
Wordfence Blog
•added 2024/11/07 10:24 p.m.•19 views

Wordfence Price Increases Coming December 5th, 2024

We haven't raised our prices in a relatively high inflation environment in 2 years, and in the case of Wordfence Care and Response, for 2.5 years. So that time has come, and we want to let our free and paid user community know ahead of time. We’re giving you almost a month forewarning before we...

7.4AI score
Exploits0
Wordfence Blog
Wordfence Blog
•added 2024/09/04 6:57 p.m.•19 views

20,000 WordPress Sites Affected by Remote Code Execution Vulnerability in Bit File Manager WordPress Plugin

📢 Did you know Wordfence runs a Bug Bounty Program for all WordPress plugin and themes at no cost to vendors? Through October 14th, researchers can earn up to $31,200, for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find a vulnerability, submit the details directly to us, an...

8.1CVSS8.6AI score0.02802EPSS
Exploits3
Wordfence Blog
Wordfence Blog
•added 2024/07/08 7:2 p.m.•19 views

$3,094 Bounty Awarded and 150,000 WordPress Sites Protected Against Arbitrary File Upload Vulnerability Patched in Modern Events Calendar WordPress Plugin

📢 Did you know Wordfence runs a Bug Bounty Program for all WordPress plugin and themes at no cost to vendors? Researchers can earn up to $10,400, for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find a vulnerability, submit the details directly to us, and we handle all the...

8.8CVSS8.1AI score0.01117EPSS
Exploits0
Wordfence Blog
Wordfence Blog
•added 2023/07/06 4:37 p.m.•19 views

Open-Source Projects Use the Wordfence Vulnerability Data Feed API and You Can Too!

Prior to joining the Wordfence Threat Intelligence team, I spent several years as a vulnerability analyst, responsible for collecting, analyzing, and curating every publicly disclosed vulnerability. This meant collecting vulnerability information from almost a hundred different, disparate sources...

7AI score
Exploits0
Wordfence Blog
Wordfence Blog
•added 2023/06/20 1:38 p.m.•19 views

StylemixThemes Addresses Authentication Bypass Vulnerability in BookIt WordPress Plugin

On May 22, 2023, our Wordfence Threat Intelligence team identified and began the responsible disclosure process for an Authentication Bypass vulnerability in StylemixThemes’s BookIt plugin, which is actively installed on more than 10,000 WordPress websites. The vulnerability makes it possible for...

10AI score0.01914EPSS
Exploits3
Wordfence Blog
Wordfence Blog
•added 2023/03/08 4:59 p.m.•19 views

PSA: Intentionally Leaving Backdoors in Your Code Can Lead to Fines and Jail Time

In the cybersecurity field, we talk a lot about threat actors and vulnerable code, but what doesn’t get discussed enough is intentional vulnerabilities and becoming your own threat actor. Even when making decisions with the best of intentions, it is possible to work against your own best interest...

6.9AI score
Exploits0
Wordfence Blog
Wordfence Blog
•added 2022/10/04 1:46 p.m.•19 views

Wordfence 7.7.0 Is Out! Here Are The Changes

Wordfence 7.7.0 has just been released and as usual, it includes several awesome enhancements and updates for our security conscious WordPress publishers and e-commerce websites. This post goes into a little more detail on each change weve included. We dont usually post additional detail like thi...

7.3AI score
Exploits0
Wordfence Blog
Wordfence Blog
•added 2021/10/15 6:13 p.m.•19 views

It’s Not You. It’s Them. On Hacking and Responsible Disclosure.

A story was recently posted to Hacker News celebrating a hack of IoT devices at a school that let a student and their friends rickroll the school via a video system. On the one hand, this guy is my personal hero and I want to be them. But Im a cybersecurity professional, I run a team that has the...

6.8AI score
Exploits0
Wordfence Blog
Wordfence Blog
•added 2026/04/16 5:50 p.m.•18 views

Attackers Actively Exploiting Critical Vulnerability in Ninja Forms – File Upload Plugin

On April 6th, 2026, we publicly disclosed a critical Arbitrary File Upload vulnerability in Ninja Forms – File Upload, a WordPress plugin with an estimated 50,000 active installations. This vulnerability can be leveraged by unauthenticated attackers to upload arbitrary files, including PHP...

9.8CVSS8AI score0.54254EPSS
Exploits7
Wordfence Blog
Wordfence Blog
•added 2026/02/10 5:32 p.m.•18 views

800,000 WordPress Sites Affected by Arbitrary File Upload Vulnerability in WPvivid Backup WordPress Plugin

On January 12th, 2026, we received a submission for an Arbitrary File Upload vulnerability in WPvivid Backup, a WordPress plugin with more than 800,000 active installations. This vulnerability can be used by unauthenticated attackers to upload arbitrary files to a vulnerable site and achieve remo...

9.8CVSS7.2AI score0.32714EPSS
Exploits13
Wordfence Blog
Wordfence Blog
•added 2025/05/27 4:38 p.m.•18 views

15,000 WordPress Sites Affected by Arbitrary File Upload Vulnerability in MasterStudy LMS Pro WordPress Plugin

📢In case you missed it, Wordfence just published itsannual WordPress security report for 2024. Read it now to learn more about the evolving risk landscape of WordPress so you can keep your sites protected in 2025 and beyond. On May 15th, 2025, we received a submission for an Arbitrary File Upload...

8.8CVSS7.8AI score0.00959EPSS
Exploits0
Wordfence Blog
Wordfence Blog
•added 2024/10/01 4:19 p.m.•18 views

8,000 WordPress Sites affected by Arbitrary File Upload Vulnerability in WP Hotel Booking WordPress Plugin

📢 Did you know Wordfence runs aBug Bounty Program for all WordPress plugins and themes at no cost to vendors? Through October 7th, 2024, XSS vulnerabilities in all plugins and themes with =1,000 Active Installs are in scope for all researchers. In addition, through October 14th, 2024 , r esearche...

8.8CVSS8.9AI score0.17128EPSS
Exploits0
Wordfence Blog
Wordfence Blog
•added 2024/06/25 3:38 p.m.•18 views

WordPress 6.5.5 Security Release – What You Need to Know

Did you know Wordfence runs a Bug Bounty Program for all WordPress plugin and themes at no cost to vendors? Researchers can earn up to $10,400, for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find a vulnerability, submit the details directly to us, and we handle all the rest...

5.4AI score
Exploits0
Wordfence Blog
Wordfence Blog
•added 2024/01/25 7:57 p.m.•18 views

Wordfence Researcher Featured on Critical Thinking Podcast: Sharing Advanced WordPress Bug Bounty Tips and Tricks

Did you know were running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through February 29th, 2024 when you opt to have Wordfence handle responsible disclosure! Today was another huge step forward in our continuing mission ...

7.7AI score
Exploits0
Wordfence Blog
Wordfence Blog
•added 2023/02/15 5:22 p.m.•18 views

Wordfence Adds Two Factor Auth for WooCommerce Customers

Wordfence 7.9.0 has been released and it includes a very exciting feature for WooCommerce sites and other WordPress sites wanting to make two factor authentication 2fa available to their site users or members. Wordfence 7.9.0 now lets you give your users the ability to configure 2fa on their...

7.2AI score
Exploits0
Wordfence Blog
Wordfence Blog
•added 2022/08/10 5:54 p.m.•18 views

Wordfence Launches Wordfence Intelligence for Hosts and Network Defenders

This morning the Wordfence team is launching Wordfence Intelligence live at Black Hat 2022 in Las Vegas. Our entire team is here in Las Vegas, including our international team members. Id like to tell you more about what were launching and how Wordfence Intelligence will help us go even further t...

Exploits0
Wordfence Blog
Wordfence Blog
•added 2022/06/15 12:0 p.m.•18 views

Top Five Attacking IPs This Month: Their Locations May Not Be Where You Think

At Wordfence, we see large amounts of threat actor data, and often that data tells unexpected stories. Taking a look at just the top five attacking IP addresses over a 30 day period, you might be surprised to find out where these attacks are originating, and what they are doing. When most people...

Exploits0
Wordfence Blog
Wordfence Blog
•added 2022/03/16 12:45 a.m.•18 views

Increase In Malware Sightings on GoDaddy Managed Hosting

Today, March 15, 2022, The Wordfence Incident Response team alerted our Threat Intelligence team to an increase in infected websites hosted on GoDaddy’s Managed WordPress service, which includes MediaTemple, tsoHost, 123Reg, Domain Factory, Heart Internet, and Host Europe Managed WordPress sites...

7.2AI score
Exploits0
Wordfence Blog
Wordfence Blog
•added 2021/07/28 3:44 p.m.•18 views

You’ve Found a Vulnerability! Now What? A Guide to Responsible Disclosure.

Information security researchers make a valuable contribution to our online security by finding vulnerabilities and facilitating getting them fixed. Wordfence has been finding and disclosing vulnerabilities in WordPress core, WordPress plugins, and WordPress themes since 2011. Our research has...

6.9AI score
Exploits0
Wordfence Blog
Wordfence Blog
•added 2021/07/21 7:31 p.m.•18 views

Nulled WordPress Plugins – Dangers and Downsides

In our 2020 Threat Report, the Wordfence Threat Intelligence Team identified malware distributed via nulled, pirated, or counterfeit plugins and themes as one of the largest threats facing the WordPress ecosystem. Many site owners are unaware of the risks associated with using nulled plugins, and...

7.1AI score
Exploits0
Wordfence Blog
Wordfence Blog
•added 2026/06/18 5:31 p.m.•17 views

Wordfence Intelligence Weekly WordPress Vulnerability Report (June 8, 2026 to June 14, 2026)

Last week, there were 102 vulnerabilities disclosed in 90 WordPress Plugins and 5 WordPress Themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 68 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities ...

6.1AI score
Exploits0
Wordfence Blog
Wordfence Blog
•added 2026/03/05 7:30 p.m.•17 views

Wordfence Intelligence Weekly WordPress Vulnerability Report (February 23, 2026 to March 1, 2026)

Triple Threat Bug Bounty Challenge Hunt High Threat vulnerabilities and earn triple the incentives! Now through April 6, 2026 , earn three stacked bonuses on all valid submissions from our 'High Threat Vulnerabilities' list: 2x all high threat vulnerability bounties excluding 5,000,000+ installs...

10CVSS7.2AI score0.01722EPSS
Exploits3
Wordfence Blog
Wordfence Blog
•added 2025/10/16 4:22 p.m.•17 views

Wordfence Intelligence Weekly WordPress Vulnerability Report (October 6, 2025 to October 12, 2025)

Calling all Vulnerability Researchers and Bug Bounty Hunters! Operation: Maximum Impact Challenge ! Now through November 10, 2025, earn 2X bounty rewards forall in-scope submissions in software with at least 5,000 active installs and fewer than 5 million active installs. Bounties up to $31,200 pe...

9.8CVSS8.4AI score0.01273EPSS
Exploits5
Wordfence Blog
Wordfence Blog
•added 2025/05/13 4:1 p.m.•17 views

50,000 WordPress Sites Affected by PHP Object Injection Vulnerability in Uncanny Automator WordPress Plugin

In case you missed it, Wordfence just published itsannual WordPress security report for 2024. Read it now to learn more about the evolving risk landscape of WordPress so you can keep your sites protected in 2025 and beyond. On April 26th, 2024, we received a submission for an authenticated PHP...

8.1CVSS7.8AI score0.00806EPSS
Exploits0
Wordfence Blog
Wordfence Blog
•added 2025/05/07 4:38 p.m.•17 views

10,000 WordPress Sites Affected by Arbitrary File Read Vulnerability in Eventin WordPress Plugin

📢In case you missed it, Wordfence just published itsannual WordPress security report for 2024. Read it now to learn more about the evolving risk landscape of WordPress so you can keep your sites protected in 2025 and beyond. On April 6th, 2025, we received a submission for an Arbitrary File Read...

7.5CVSS7.6AI score0.00609EPSS
Exploits1
Wordfence Blog
Wordfence Blog
•added 2024/10/30 4:54 p.m.•17 views

10,000 WordPress Sites Affected by Arbitrary File Upload Vulnerability in AI Power: Complete AI Pack WordPress Plugin

🦸 👻 Calling all superheroes and haunters! Introducing theCybersecurity Month Spooktacular Haunt and the WordPress Superhero Challenge for the Wordfence Bug Bounty Program! Through November 11th, 2024: All in-scope vulnerability types for WordPress plugins/themes with = 1,000 active installations...

9.8CVSS8.7AI score0.1313EPSS
Exploits0
Wordfence Blog
Wordfence Blog
•added 2024/10/07 8:8 p.m.•17 views

7,000 WordPress Sites Affected by Unauthenticated Critical Vulnerabilities in LatePoint WordPress Plugin

🦸 👻 Calling all superheroes and haunters! Introducing theCybersecurity Month Spooktacular Haunt and the WordPress Superhero Challenge for the Wordfence Bug Bounty Program! Through November 11th, 2024: All in-scope vulnerability types for WordPress plugins/themes with = 1,000 active installations...

9.8CVSS10AI score0.02994EPSS
Exploits0
Wordfence Blog
Wordfence Blog
•added 2024/09/24 6:2 p.m.•17 views

20,000 WordPress Sites Affected by Privilege Escalation Vulnerability in WCFM – WooCommerce Frontend Manager WordPress Plugin

📢 Did you know Wordfence runs aBug Bounty Program for all WordPress plugins and themes at no cost to vendors? Through October 7th, 2024, XSS vulnerabilities in all plugins and themes with =1,000 Active Installs are in scope for all researchers. In addition, through October 14th, 2024 , r esearche...

8.8CVSS8.6AI score0.00603EPSS
Exploits0
Wordfence Blog
Wordfence Blog
•added 2024/09/06 4:18 p.m.•17 views

Critical Arbitrary File Deletion Vulnerability in MP3 Audio Player WordPress Plugin Affects Over 20,000 Sites

📢 Did you know Wordfence runs aBug Bounty Program for all WordPress plugin and themes at no cost to vendors? Through October 7th, 2024, XSS vulnerabilities in all plugins and themes with =1,000 Active Installs are in scope for all researchers. In addition, through October 14th, 2024 , r esearcher...

9.1CVSS9.3AI score0.18807EPSS
Exploits1
Wordfence Blog
Wordfence Blog
•added 2024/07/29 3:0 p.m.•17 views

The Aftermath of the WordPress.org Supply Chain Attack: New Malware and Techniques Emerge

On Monday June 24th, 2024 the Wordfence Threat Intelligence team was made aware of the presence of malware in the Social Warfare repository plugin. After adding the malicious code to our Threat Intelligence Database and examining it, we discovered additional affected plugins and continued...

6.9AI score
Exploits0
Wordfence Blog
Wordfence Blog
•added 2024/06/24 3:21 p.m.•17 views

Supply Chain Attack on WordPress.org Plugins Leads to 5 Maliciously Compromised WordPress Plugins

On Monday June 24th, 2024 the Wordfence Threat Intelligence team became aware of a plugin, Social Warfare, that was injected with malicious code on June 22, 2024 based on a forum post by the WordPress.org Plugin Review team. We immediately checked the malicious file and uploaded it to our interna...

7.1AI score
Exploits0
Wordfence Blog
Wordfence Blog
•added 2023/12/21 10:18 p.m.•17 views

The 2023 Wordfence Holiday Bug Extravaganza Reaches An Exciting Conclusion!

After an incredibly successful few weeks, the Wordfence Holiday Bug Extravaganza came to a close yesterday. We’d like to sincerely thank everyone who spent time researching, finding, and submitting vulnerabilities. Your efforts have helped to make the WordPress community and the web safer. Many...

7.7AI score
Exploits0
Wordfence Blog
Wordfence Blog
•added 2023/12/01 2:21 p.m.•17 views

Earn up to $10,000 for Vulnerabilities in WordPress Software – 6X Rewards in the Wordfence Holiday Bug Extravaganza!

At Wordfence our mission is to Secure The Web. WordPress powers over 40% of the Web, and Wordfence secures over 4 million WordPress websites. Today we are announcing that for the next 20 days, Wordfence will be paying out some of the highest bug bounties in the history of WordPress to help find...

9AI score
Exploits0
Wordfence Blog
Wordfence Blog
•added 2023/08/29 1:17 p.m.•17 views

Introducing Free Wordfence Intelligence WordPress Vulnerability Webhook Notifications!

We’re incredibly excited to announce that we have launched a webhook integration for vulnerabilities as part of Wordfence Intelligence, which enables users to stay on top of the latest vulnerabilities being added to the Wordfence Intelligence WordPress Vulnerability database, all completely for...

6.7AI score
Exploits0
Wordfence Blog
Wordfence Blog
•added 2023/06/21 5:15 p.m.•17 views

Wordfence 7.10.0 Released!

Wordfence remains the number one security plugin of choice for website owners serious about protecting their investment and their customers. Our Threat Intelligence team and engineering team stay abreast of the newest threats and ensure that Wordfence is able to protect against them. But keeping ...

6.7AI score
Exploits0
Total number of security vulnerabilities522