Erik Kraijenoord

On April 5, 2023, our Wordfence Threat Intelligence team identified and began the responsible disclosure process for a stored Cross-Site Scripting (XSS) vulnerability in Blubrry’s PowerPress plugin, which is actively installed on more than 50,000 WordPress websites. The vulnerability enables threat actors with contributor-level permissions or higher to inject malicious web scripts into pages using … Read more

Last week, there were 69 vulnerabilities disclosed in 60 WordPress plugins and 4 WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 32 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities in this report now to ensure your site is not affected. Our mission with … Read more

On March 20, 2023, the Wordfence Threat Intelligence team began the responsible disclosure process for two vulnerabilities in Shield Security, a security plugin with over 50,000 installations. One of these vulnerabilities allowed unauthenticated attackers to inject malicious JavaScript into an administrator dashboard in some configurations, while another allowed authenticated attackers to spoof log entries into … Read more

Last week, there were 152 vulnerabilities disclosed in 134 WordPress Plugins and 0 WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 41 Vulnerability Researchers that contributed to WordPress Security last week. There were more unpatched vulnerabilities than patched last week, so it’s more important than ever to review … Read more

Last week, there were 77 vulnerabilities disclosed in 68 WordPress Plugins and 3 WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 32 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities in this report now to ensure your site is not affected. Our mission with … Read more