At Wordfence our mission is to Secure The Web. WordPress powers over 40% of the Web, and Wordfence secures over 4 million WordPress websites. Our last extravaganza, the Holiday Bug Extravaganza, was so successful we decided to do it again…
Tag: Blog – Wordfence
Introducing Wordfence CLI 3.0.1: Now With Automatic Remediation!
Note: This post refers to Wordfence CLI, the command line tool for operations teams to rapidly scan large numbers of WordPress websites for vulnerabilities and malware, not the Wordfence plugin which is deeply integrated into WordPress and provides additional functionality,…
Wordfence Intelligence Weekly WordPress Vulnerability Report (January 8, 2024 to January 14, 2024)
🎉Wordfence just launched its bug bounty program. For the first 6 months, all awarded bounties receive a 10% bonus. View the announcement to learn more now! Last week, there were 67 vulnerabilities disclosed in 60 WordPress Plugins and no WordPress…
Website Takeover Campaign Takes Advantage of Unauthenticated Stored Cross-Site Scripting Vulnerability in Popup Builder Plugin
On January 10th, 2024 we received an interesting malware submission demonstrating how a Cross-Site Scripting (XSS) vulnerability in single plugin can allow an unauthenticated attacker to inject an arbitrary administrative account that can be used to take over a website.…
Wordfence Intelligence Weekly WordPress Vulnerability Report (January 1, 2024 to January 7, 2024)
🎉Wordfence just launched its bug bounty program. For the first 6 months, all awarded bounties receive a 10% bonus. View the announcement to learn more now! Last week, there were 85 vulnerabilities disclosed in 74 WordPress Plugins and 2 WordPress…
Wordfence Intelligence Weekly WordPress Vulnerability Report (January 1, 2023 to January 7, 2023)
🎉Wordfence just launched its bug bounty program. For the first 6 months, all awarded bounties receive a 10% bonus. View the announcement to learn more now! Last week, there were 85 vulnerabilities disclosed in 74 WordPress Plugins and 2 WordPress…
Type Juggling Leads to Two Vulnerabilities in POST SMTP Mailer WordPress Plugin
On December 14th, 2023, during our Bug Bounty Program Holiday Bug Extravaganza, we received a submission for an Authorization Bypass vulnerability in POST SMTP Mailer, a WordPress plugin with over 300,000+ active installations. This vulnerability makes it possible for unauthenticated…
Wordfence Intelligence Weekly WordPress Vulnerability Report (December 18, 2023 to December 31, 2023)
🎉Wordfence just launched its bug bounty program. For the first 6 months, all awarded bounties receive a 10% bonus. View the announcement to learn more now! Over the last two weeks, there were 263 vulnerabilities disclosed in 217 WordPress Plugins…
The 2023 Wordfence Holiday Bug Extravaganza Reaches An Exciting Conclusion!
After an incredibly successful few weeks, the Wordfence Holiday Bug Extravaganza came to a close yesterday. We’d like to sincerely thank everyone who spent time researching, finding, and submitting vulnerabilities. Your efforts have helped to make the WordPress community and…
Wordfence Intelligence Weekly WordPress Vulnerability Report (December 11, 2023 to December 17, 2023)
🎉Wordfence just launched its bug bounty program. For the first 6 months, all awarded bounties receive a 10% bonus. View the announcement to learn more now! Last week, there were 16 vulnerabilities disclosed in 16 WordPress Plugins and no WordPress…
Wordfence CLI 2.1.0 Adds Email Capability and Unattended Configuration
Note: This post refers to Wordfence CLI, the command line tool for operations teams to rapidly scan large numbers of WordPress websites for vulnerabilities and malware, not the Wordfence plugin which is deeply integrated into WordPress and provides additional functionality,…
Wordfence Intelligence Weekly WordPress Vulnerability Report (December 4, 2023 to December 10, 2023)
🎁 Wordfence just launched its bug bounty program. Through December 20th 2023, all researchers will earn 6.25x our normal bounty rates when Wordfence handles responsible disclosure for our Holiday Bug Extravaganza! Register as a researcher and submit your vulnerabilities today!🎁 Last week, there were 109 vulnerabilities disclosed…
Over 100 WordPress Repository Plugins Affected by Shortcode-based Stored Cross-Site Scripting
On August 14, 2023, the Wordfence Threat Intelligence team began a research project to find Stored Cross-Site Scripting (XSS) via Shortcode vulnerabilities in WordPress repository plugins. This type of vulnerability enables threat actors with contributor-level permissions or higher to inject…
Critical Unauthenticated Remote Code Execution Found in Backup Migration Plugin
🎁 Wordfence just launched its bug bounty program. Through December 20th 2023, all researchers will earn 6.25x our normal bounty rates when Wordfence handles responsible disclosure for our Holiday Bug Extravaganza! The researcher who reported this vulnerability was awarded $2,751.00!…