Wordfence Intelligence Weekly WordPress Vulnerability Report (May 15, 2023 to May 21, 2023)

Last week, there were 82 vulnerabilities disclosed in 59 WordPress Plugins and 11 WordPress themes, along with 6 in WordPress Core, that have been added to the Wordfence Intelligence Vulnerability Database, and there were 26 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities in this report now to ensure your site … Read more

Wordfence Firewall Blocks Bizarre Large-Scale XSS Campaign

The Wordfence Threat Intelligence team has been monitoring an increase in attacks targeting a Cross-Site Scripting vulnerability in Beautiful Cookie Consent Banner, a WordPress plugin installed on over 40,000 sites. The vulnerability, which was fully patched in January in version 2.10.2, offers unauthenticated attackers the ability to add malicious JavaScript to a website, potentially allowing … Read more

W3 Eden Addresses Authenticated Stored XSS Vulnerability in Download Manager WordPress Plugin

On April 25, 2023, our Wordfence Threat Intelligence team identified and began the responsible disclosure process for a stored Cross-Site Scripting (XSS) vulnerability in W3 Eden’s Download Manager plugin, which is actively installed on more than 100,000 WordPress websites, making it one of the most popular download management plugins. The vulnerability enables threat actors with … Read more

WordPress 6.2.2 Security Release

WordPress 6.2.2 is now available! The 6.2.2 minor release addresses 1 bug and 1 security issue. Because this is a security release, it is recommended that you update your sites immediately. All versions since WordPress 5.9 have also been updated. WordPress 6.2.2 is a rapid response release to address a regression in 6.2.1 and further … Read more

Generated by Feedzy