On August 14, 2023, our Wordfence Threat Intelligence team identified and began the responsible disclosure process for a stored Cross-Site Scripting (XSS) vulnerability in LiteSpeed Cache plugin, which is actively[…]
On May 5, Patchstack published a security advisory about a high severity reflected cross-site scripting (XSS) vulnerability in ACF (Advanced Custom Fields), potentially affecting more than 4.5 mill…
Today we are incredibly excited to announce that Wordfence is launching an entirely free vulnerability database API and web interface, available for commercial use by hosting companies, security organizations, threat[…]
On June 16, 2022, the Wordfence Threat Intelligence team noticed a back-ported security update in Ninja Forms, a WordPress plugin with over one million active installations. As with all security[…]
On April 18, 2022, the Wordfence Threat Intelligence team initiated the responsible disclosure process for an Object Injection vulnerability in the Booking Calendar plugin for WordPress, which has over 60,000[…]
Elementor has patched a critical Remote Code Execution vulnerability that was discovered by threat analyst Ramuel Gall from Wordfence on March 29, 2022. Wordfence disclosed the vulnerability to Ele…
On March 10, 2022 the Wordfence Threat Intelligence team initiated the responsible disclosure process for a vulnerability we discovered in “SiteGround Security”, a WordPress plugin that is installed on over[…]
Advanced Custom Fields (ACF) recently patched a missing authorization vulnerability in version 5.12.1 that potentially affects more than a million users. The security issue was discovered by Keitar…
On January 4, 2022 the Wordfence Threat Intelligence team initiated the responsible disclosure process for a vulnerability we discovered in “Profile Builder – User Profile & User Registration Forms”, a[…]
UpdraftPlus, a plugin that allows users to backup to various cloud providers, has patched a severe security vulnerability that would allow logged-in users to download a site’s latest backups. The[…]
On November 5, 2021 the Wordfence Threat Intelligence team initiated the responsible disclosure process for a vulnerability we discovered in “Login/Signup Popup”, a WordPress plugin that is installed on over[…]
Note: To receive disclosures like this in your inbox the moment they’re published, you can subscribe to our WordPress Security Mailing List. On August 19, 2021, the Wordfence Threat Intelligence[…]
On July 30, 2021 the Wordfence Threat Intelligence team initiated the responsible disclosure process for a vulnerability that we discovered in Booster for WooCommerce, a WordPress plugin installed on over[…]
We just patched a severe vulnerability in the WooCommerce Currency Switcher plugin. If you are using an older version of this plugin, we encourage you to update immediately.
Enter your account data and we will send you a link to reset your password.
To use social login you have to agree with the storage and handling of your data by this website. %privacy_policy%
AcceptHere you'll find all collections you've created before.
