Stored Cross-Site Scripting Vulnerability Patched in Newsletter WordPress Plugin

On August 16, 2023, our Wordfence Threat Intelligence team identified and began the responsible disclosure process for a stored Cross-Site Scripting (XSS) vulnerability in the Newsletter plugin, which is actively installed on more than 300,000 WordPress websites. The vulnerability enables threat actors with contributor-level permissions or higher to inject malicious web scripts into pages using … Read more

WP Briefing: Episode 61: Community, Summit, all at Washington D.C.

Join WordPress Executive Director Josepha Haden Chomphosy as she discusses the latest from the Community Summit and her takeaways from the 2023 event in Washington, D.C. Have a question you’d like answered? You can submit them to wpbriefing@wordpress.org, either written or as a voice recording. Credits Host: Josepha Haden ChomphosyEditor: Dustin HartzlerLogo: Javier ArcProduction: Brett McSherrySong: Fearless First by Kevin … Read more

Wordfence Intelligence Weekly WordPress Vulnerability Report (August 21, 2023 to August 27, 2023)

Last week, there were 43 vulnerabilities disclosed in 38 WordPress Plugins and no WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 23 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities in this report now to ensure your site is not affected. Our mission with … Read more

Introducing Free Wordfence Intelligence WordPress Vulnerability Webhook Notifications!

We’re incredibly excited to announce that we have launched a webhook integration for vulnerabilities as part of Wordfence Intelligence, which enables users to stay on top of the latest vulnerabilities being added to the Wordfence Intelligence WordPress Vulnerability database, all completely for free! This webhook feature makes it possible for users to receive real-time updates … Read more