During an internal audit of the All In One SEO plugin, we uncovered an SQL Injection vulnerability and a Privilege Escalation bug.
A security site emailed notices of a data breach affecting over 100 million users of Gravatar. Gravatar denies it was hacked
In a disclosure to the U.S. Securities and Exchange Commission (SEC) that was published today, GoDaddy announced a data security breach impacting its WordPress managed hosting customers. The compan…
In September, Patchstack released its six-month report on the vulnerabilities found with WordPress and its extensions. At the time, it listed over 1,000 issues — the company has shared the[…]
Note: To receive disclosures like this in your inbox the moment they’re published, you can subscribe to our WordPress Security Mailing List. On September 28, 2021 the Wordfence Threat Intelligence[…]
Note: To receive disclosures like this in your inbox the moment they’re published, you can subscribe to our WordPress Security Mailing List. On August 19, 2021, the Wordfence Threat Intelligence[…]
We uncovered security issues in Smash Balloon Social Post Feed Plugin (also known as Custom Facebook Feed) that could grant attackers access to your privileged information. Read this blog post[…]
We uncovered multiple vulnerabilities in WP Fastest Cache plugin that could grant attackers access to your privileged information. We strongly recommend that you update to the latest version of the[…]
In this article, we are going to show you how to add two-factor authentication to WordPress using a two-factor Authentication plugin.
Looking after the security of your WordPress website involves a lot of different tasks. One of the tasks is to make sure that the plugins, themes and WordPress version that[…]
WooCommerce shipped version 5.7.0 through a forced update for some users earlier this week. The minor release was not billed as a security update but the following day WooCommerce published[…]
The Jetpack Scan team discovered a Cross-Site Request Forgery vulnerability in Software License Manager Plugin for WordPress. We recommend that anyone running version 4.5.0 or earlier of the plugin to[…]
On August 3, 2021, the Wordfence Threat Intelligence team initiated the disclosure process for two vulnerabilities we discovered in the Gutenberg Template Library & Redux Framework plugin, which is installed[…]
This week, Jetpack Scan flagged the license file of a premium extension. It turned out to be injected malware using the REST API for remote code execution.