General

weDevs Addresses Privilege Escalation Vulnerability in WP Project Manager WordPress Plugin

by

On July 9, 2023, our Wordfence Threat Intelligence team identified and began the responsible disclosure process for a Privilege Escalation vulnerability in weDevs’s WP Project Manager plugin, which is actively installed on more than 10,000 WordPress websites. This vulnerability makes it possible for an authenticated attacker to grant themselves administrative privileges by updating user metadata. … Read more

WordPress 6.3 “Lionel”

by

Say hello to WordPress 6.3 “Lionel,” named after Lionel Hampton, the celebrated American jazz artist. A prolific jazz vibraphonist, pianist, and percussionist, Hampton gained notoriety working in harmony with greats from Charles Mingus to Quincy Jones and as bandleader of the eponymous Lionel Hampton Orchestra. His artistry and charitable work have been recognized with a … Read more

Demystifying the WordPress Vulnerability Landscape: 2023 Mid-Year Wordfence Intelligence WordPress Vulnerability Review Leveraging ChatGPT

by

In the first 6 months of 2023, our team has already added 2,471[1] individual vulnerability records to the Wordfence Intelligence WordPress Vulnerability Database. These vulnerabilities affected 1,680[2] WordPress software components. This means we have already surpassed the total number of vulnerabilities disclosed last year (2022), which was 2,395[1] based on unique vulnerability records. Introduction The … Read more

Wordfence Intelligence Weekly WordPress Vulnerability Report (July 24, 2023 to July 30, 2023)

by

Last week, there were 64 vulnerabilities disclosed in 66 WordPress Plugins and 3 WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 32 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities in this report now to ensure your site is not affected. Our mission with … Read more