🦸 👻 Calling all superheroes and haunters! Introducing the Cybersecurity Month Spooktacular Haunt and the WordPress Superhero Challenge for the Wordfence Bug Bounty Program! Through November 11th, 2024: All in-scope vulnerability types for WordPress plugins/themes with >= 1,000 active installations…
Category: Blog – Wordfence
10,000 WordPress Sites Affected by Arbitrary File Upload Vulnerability in AI Power: Complete AI Pack WordPress Plugin
On October 23rd, 2024, we received a submission for an Arbitrary File Upload vulnerability in AI Power: Complete AI Pack, a WordPress plugin with more than 10,000 active installations. This vulnerability makes it possible for an unauthenticated attacker to upload…
Wordfence Intelligence Weekly WordPress Vulnerability Report (October 14, 2024 to October 20, 2024)
🦸 👻 Calling all superheroes and haunters! Introducing the Cybersecurity Month Spooktacular Haunt and the WordPress Superhero Challenge for the Wordfence Bug Bounty Program! Through November 11th, 2024: All in-scope vulnerability types for WordPress plugins/themes with >= 1,000 active installations…
Wordfence Intelligence Weekly WordPress Vulnerability Report (October 7, 2024 to October 13, 2024)
🦸 👻 Calling all superheroes and haunters! Introducing the Cybersecurity Month Spooktacular Haunt and the WordPress Superhero Challenge for the Wordfence Bug Bounty Program! Through November 11th, 2024: All in-scope vulnerability types for WordPress plugins/themes with >= 1,000 active installations…
Wordfence Intelligence Weekly WordPress Vulnerability Report (September 30, 2024 to October 6, 2024)
🦸 👻 Calling all superheroes and haunters! Introducing the Cybersecurity Month Spooktacular Haunt and the WordPress Superhero Challenge for the Wordfence Bug Bounty Program! Through November 11th, 2024: All in-scope vulnerability types for WordPress plugins/themes with >= 1,000 active installations…
Get Spooked By Huge Scope and Rewards in the Wordfence Bug Bounty Cybersecurity Month Spooktacular Haunt!
In celebration of Cybersecurity Awareness Month and the ‘Secure Our World‘ theme for this year, we’re brewing up some extra-exciting opportunities to propel our mission to Secure the Web. The Cybersecurity Month Spooktacular Haunt gives researchers the chance to earn…
7,000 WordPress Sites Affected by Unauthenticated Critical Vulnerabilities in LatePoint WordPress Plugin
On September 17, 2024, our Wordfence Threat Intelligence team identified and began the responsible disclosure process for two critical vulnerabilities in the LatePoint plugin, which is estimated to be actively installed on more than 7,000 WordPress websites. The post 7,000…
Wordfence Intelligence Weekly WordPress Vulnerability Report (September 23, 2024 to September 29, 2024)
📢 Did you know Wordfence runs a Bug Bounty Program for all WordPress plugins and themes at no cost to vendors? Through October 7th, 2024, XSS vulnerabilities in all plugins and themes with >=1,000 Active Installs are in scope for…
8,000 WordPress Sites affected by Arbitrary File Upload Vulnerability in WP Hotel Booking WordPress Plugin
On August 3rd, 2024, we received a submission for an Arbitrary File Upload vulnerability in WP Hotel Booking, a WordPress plugin with more than 8,000 active installations. This vulnerability can be used by authenticated attackers, with subscriber-level access and above,…
A (Beta) Audio Roundup of September’s WordPress Vulnerabilities
For those of you that want to stay abreast of the newest vulnerabilities in the WP ecosystem, but like to multitask, here’s an audio roundup of the vulnerabilities we published in the month of September. This is something new I’m…
Wordfence Intelligence Weekly WordPress Vulnerability Report (September 16, 2024 to September 22, 2024)
📢 Did you know Wordfence runs a Bug Bounty Program for all WordPress plugins and themes at no cost to vendors? Through October 7th, 2024, XSS vulnerabilities in all plugins and themes with >=1,000 Active Installs are in scope for…
90,000 WordPress Sites Affected by Arbitrary File Upload and Authentication Bypass Vulnerabilities in Jupiter X Core WordPress Plugin
On August 6th, 2024, we received a submission for an Arbitrary File Upload vulnerability in Jupiter X Core, a WordPress plugin with more than 90,000 active installations. This vulnerability makes it possible for an unauthenticated attacker to upload arbitrary files…
20,000 WordPress Sites Affected by Privilege Escalation Vulnerability in WCFM – WooCommerce Frontend Manager WordPress Plugin
On August 28th, 2024, we received a submission for a Privilege Escalation via Account Takeover vulnerability in WCFM – WooCommerce Frontend Manager, a WordPress plugin with more than 20,000 active installations. This vulnerability makes it possible for an authenticated attacker…
Wordfence Intelligence Weekly WordPress Vulnerability Report (September 9, 2024 to September 15, 2024)
📢 Did you know Wordfence runs a Bug Bounty Program for all WordPress plugins and themes at no cost to vendors? Through October 7th, 2024, XSS vulnerabilities in all plugins and themes with >=1,000 Active Installs are in scope for…
GPU Hosting and Open Source AI Will Revolutionize or Kill WordPress
On the eve of WordCamp US 2024 we find ourselves in the midst of a revolution. It is perhaps the most profoundly transformative technology revolution our species has experienced in our short history in this Universe. In fundamental terms, since…
Wordfence Intelligence Weekly WordPress Vulnerability Report (September 2, 2024 to September 8, 2024)
📢 Did you know Wordfence runs a Bug Bounty Program for all WordPress plugins and themes at no cost to vendors? Through October 7th, 2024, XSS vulnerabilities in all plugins and themes with >=1,000 Active Installs are in scope for…
Over 40,000 WordPress Sites Affected by Privilege Escalation Vulnerability Patched in Post Grid and Gutenberg Blocks Plugin
On August 14th, 2024, we received a submission for a Privilege Escalation vulnerability in Post Grid and Gutenberg Blocks, a WordPress plugin with over 40,000 active installations. This vulnerability can be leveraged by attackers with minimal authenticated access to set…
Critical Arbitrary File Deletion Vulnerability in MP3 Audio Player WordPress Plugin Affects Over 20,000 Sites
On August 4th, 2024, we received a submission for an Arbitrary File Deletion vulnerability in MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar, a WordPress plugin with over 20,000 active installations. This vulnerability can be leveraged…
How To Find XSS (Cross-Site Scripting) Vulnerabilities in WordPress Plugins and Themes
Yesterday, we announced the WordPress XSSplorer Challenge for the Wordfence Bug Bounty Program. The objective of this promotion is to help beginners get started in WordPress bug bounty hunting by opening up the scope of our Bug Bounty Program. Cross-Site…
Wordfence Intelligence Weekly WordPress Vulnerability Report (August 26, 2024 to September 1, 2024)
📢 Did you know Wordfence runs a Bug Bounty Program for all WordPress plugin and themes at no cost to vendors? Through October 7th, 2024, XSS vulnerabilities in all plugins and themes with >=1,000 Active Installs are in scope for…