Last week, there were 82 vulnerabilities disclosed in 59 WordPress Plugins and 11 WordPress themes, along with 6 in WordPress Core, that have been added to the Wordfence Intelligence Vulnerability Database, and there were 26 Vulnerability Researchers that contributed to… Continue Reading →
The Wordfence Threat Intelligence team has been monitoring an increase in attacks targeting a Cross-Site Scripting vulnerability in Beautiful Cookie Consent Banner, a WordPress plugin installed on over 40,000 sites. The vulnerability, which was fully patched in January in version… Continue Reading →
On May 20, 2023, WordPress 6.2.2 was released to address a regression — a bug introduced in 6.2.1 that broke shortcode functionality — as well as a security issue. Because 6.2.2 is a security release, you should update your sites… Continue Reading →
On April 25, 2023, our Wordfence Threat Intelligence team identified and began the responsible disclosure process for a stored Cross-Site Scripting (XSS) vulnerability in W3 Eden’s Download Manager plugin, which is actively installed on more than 100,000 WordPress websites, making… Continue Reading →
Last week, there were 139 vulnerabilities disclosed in 105 WordPress Plugins and 2 WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 47 Vulnerability Researchers that contributed to WordPress Security last week. Review those… Continue Reading →
On May 11 2023, Essential Addons for Elementor, a WordPress plugin with over one million active installations, released a patch for a critical vulnerability that made it possible for any unauthenticated user to reset arbitrary user passwords, including user accounts… Continue Reading →
This week, WordPress 6.2.1 was released — the first security and maintenance update for the 6.2 version line. This release patched 5 security vulnerabilities, including Cross-Site Scripting (XSS), Cross-site request forgery (CSRF), and path traversal vulnerabilities. If you have your… Continue Reading →
On May 16, 2023, the WordPress core team released WordPress 6.2.1, which contains patches for 5 vulnerabilities, including a Medium Severity Directory Traversal vulnerability, a Medium-Severity Cross-Site Scripting vulnerability, and several lower-severity vulnerabilities. These patches have been backported to every… Continue Reading →
The ubiquitous client-server architecture of the web provides hackers with a vast attack surface, leaving both the website and the server vulnerable to malicious exploitation. Security risks increase significantly if a website is configured to communicate with the host’s environment… Continue Reading →
Note: You don’t need any other WordPress Security guide if you follow all the steps mentioned in this guide. Originally created for bloggers, WordPress has become a widely-used platform for website development and content management due to its ease of… Continue Reading →
This week, 66 vulnerabilities may affect over 5.8 million WordPress sites. There are 42 plugin vulnerabilities and five in themes that have security patches available, so run those updates! Additionally, there are 18 plugin vulnerabilities and one theme with no… Continue Reading →
By tricking a web server into exposing otherwise restricted information, attackers can gain a powerful tool to compromise a system and cause significant damage. Directory traversal is a common method used to achieve this. An attempt to navigate outside the… Continue Reading →
Yesterday, Google announced “The Beginning of the End of the Password.” By this time next year, you may not be using passwords anymore. The Great Password Extinction is Already Underway Imagine a world without passwords. You can still log into… Continue Reading →
This week, 162 vulnerabilities may affect over 8 million WordPress sites. There are 74 plugin vulnerabilities with security patches available, so run those updates if you use these plugins! Additionally, there are 88 plugin vulnerabilities with no patch available yet…. Continue Reading →
In today’s digital age, businesses rely heavily on their online presence to connect with their customers and boost revenue. Losing access to your website can have disastrous consequences, potentially causing significant financial losses and irreparable damage to your business reputation…. Continue Reading →
This week, 160 vulnerabilities may affect over 8 million WordPress sites. There are 68 plugin vulnerabilities with security patches available, so run those updates if you use these plugins! Additionally, there are 92 plugin vulnerabilities with no patch available yet…. Continue Reading →
Session hijacking is a type of cyberattack that WordPress site owners need to know about. Also known as TCP session hijacking, session hijacking allows attackers to pretend to be a logged-in user on a website. The attacker takes over a… Continue Reading →
This week, 116 vulnerabilities may affect over 6 million WordPress sites. There are 67 plugin vulnerabilities and 2 themes with security patches available, so run those updates if you use these plugins! Additionally, there are 45 plugin vulnerabilities and 2… Continue Reading →
With the rapid evolution of cybersecurity threats, relying on a single layer of defense is no longer sufficient to safeguard your online presence. This makes it imperative for website owners to have a multi-layered security approach, which is best represented… Continue Reading →
This week, 79 vulnerabilities may affect over 6.6 million WordPress sites. There are 55 plugin vulnerabilities and 5 themes with security patches available, so run those updates if you use these plugins! Additionally, there are 19 plugin vulnerabilities with no… Continue Reading →
Cross-Site Request Forgery (CSRF or XSRF) vulnerabilities are rarely high or critical in their severity ratings. They still can do a lot of harm, however. They’ve been the second most common WordPress vulnerability in recent years after Cross-Site Scripting (XSS)… Continue Reading →
This week, the total number of patched and unpatched vulnerabilities is low but still may affect over 3.5 million WordPress sites. There are 51 plugin vulnerabilities and one theme with security patches available, so run those updates if you use… Continue Reading →
Half of all internet traffic isn’t human activity — it’s bots. Spambots, search bots, Twitterbots, and DDoS bots are just a few common types of web robots. They’re everywhere in the online world, and not all of them are bad…. Continue Reading →
Any tool can be used with good or bad intentions, and file inclusion is no different. WordPress is built with PHP, a server-side programming language that uses file inclusion as a method of writing code that can be pulled into… Continue Reading →
This week, the total patched and unpatched vulnerabilities may impact well over 8 million WordPress sites. There are 58 plugin vulnerabilities with security patches available, so run those updates if you use these plugins! Additionally, there are 25 plugin vulnerabilities… Continue Reading →
