Authentication Bypass Vulnerability Patched in User Registration Plugin

Note: To receive disclosures like this in your inbox the moment they’re published, you can subscribe to our WordPress Security Mailing List. On September 16, 2021 the Wordfence Threat Intelligence team initiated the responsible disclosure process for a vulnerability we discovered in “RegistrationMagic – Custom Registration Forms, User Registration and User Login”, a WordPress plugin … Read more

XSS Vulnerability Patched in Plugin Designed to Enhance WooCommerce

Note: To receive disclosures like this in your inbox the moment they’re published, you can subscribe to our WordPress Security Mailing List. On November 11, 2021 the Wordfence Threat Intelligence team initiated the responsible disclosure process for a vulnerability we discovered in “Variation Swatches for WooCommerce”, a WordPress plugin that is installed on over 80,000 … Read more

AWS Attacks Targeting WordPress Increase 5X

The Wordfence Threat Intelligence team has been tracking a huge increase in malicious login attempts against WordPress sites in our network. Since November 17, 2021, the number of attacks targeting login pages has doubled. We’ve seen a global increase in attacks against WordPress sites during the past week, and more than a quarter of all … Read more

Unauthenticated XSS Vulnerability Patched in HTML Email Template Designer Plugin

On December 23, 2021 the Wordfence Threat Intelligence team initiated the responsible disclosure process for a vulnerability we discovered in “WordPress Email Template Designer – WP HTML Mail”, a WordPress plugin that is installed on over 20,000 sites. This flaw made it possible for an unauthenticated attacker to inject malicious JavaScript that would execute whenever … Read more

84,000 WordPress Sites Affected by Three Plugins With The Same Vulnerability

On November 5, 2021 the Wordfence Threat Intelligence team initiated the responsible disclosure process for a vulnerability we discovered in “Login/Signup Popup”, a WordPress plugin that is installed on over 20,000 sites. A few days later we discovered the same vulnerability present in two additional plugins developed by the same author: “Side Cart Woocommerce (Ajax)”, … Read more

Generated by Feedzy