Critical Privilege Escalation Vulnerability in Jupiter and JupiterX Premium Themes

On April 5, 2022, the Wordfence Threat Intelligence team initiated the responsible disclosure process for a set of vulnerabilities in the Jupiter and JupiterX Premium themes and the required JupiterX Core companion plugin for WordPress, which included a critical privilege escalation vulnerability that allowed any user to become an administrator. The plugin developers quickly replied … Read more

Millions of Attacks Target Tatsu Builder Plugin

The Wordfence Threat Intelligence team has been tracking a large-scale attack against a Remote Code Execution vulnerability in Tatsu Builder, which is tracked by CVE-2021-25094 and was publicly disclosed on March 24, 2022 by an independent security researcher. The issue is present in vulnerable versions of both the free and premium Tatsu Builder plugin. Tatsu … Read more

WP Briefing: Episode 31: Open Source & Accessibility– Celebrating Global Accessibility Awareness Day With Guest Joe Devon

In the thirty-first episode of the WordPress Briefing, GAAD Co-Founder Joe Devon joins WordPress Executive Director Josepha Haden Chomphosy to discuss Global Accessibility Awareness Day and the role of open source in accessibility. Have a question you’d like answered? You can submit them to [email protected], either written or as a voice recording. Credits Guest: Joe … Read more