Wordfence Intelligence Weekly WordPress Vulnerability Report (July 3, 2023 to July 9, 2023)

Last week, there were 61 vulnerabilities disclosed in 54 WordPress Plugins and 1 WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 28 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities in this report now to ensure your site is not affected. Our mission with … Read more

Interesting Arbitrary File Upload Vulnerability Patched in User Registration WordPress Plugin

On June 19, 2023, the Wordfence Threat Intelligence team identified and began the responsible disclosure process for an Arbitrary File Upload vulnerability in WPEverest’s User Registration plugin, which is actively installed on more than 60,000 WordPress websites. This vulnerability makes it possible for an authenticated attacker with minimal permissions, such as a subscriber, to upload … Read more

Open-Source Projects Use the Wordfence Vulnerability Data Feed API and You Can Too!

Prior to joining the Wordfence Threat Intelligence team, I spent several years as a vulnerability analyst, responsible for collecting, analyzing, and curating every publicly disclosed vulnerability. This meant collecting vulnerability information from almost a hundred different, disparate sources. As you can imagine, this was quite the challenge as each and every data source came with … Read more

Wordfence Intelligence Weekly WordPress Vulnerability Report (June 26, 2023 to July 2, 2023)

Last week, there were 66 vulnerabilities disclosed in 56 WordPress Plugins and 1 WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 34 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities in this report now to ensure your site is not affected. Our mission with … Read more