Critical Remote Code Execution Vulnerability in Elementor

On March 29, 2022, the Wordfence Threat Intelligence team initiated the disclosure process for a critical vulnerability in the Elementor plugin that allowed any authenticated user to upload arbitrary PHP code. Elementor is one of the most popular WordPress plugins and is installed on over 5 million websites. We sent our disclosure to the official … Read more

WordPress 6.0 Beta 1

WordPress 6.0 Beta 1 is now available for download and testing. This version of the WordPress software is under development. Please do not install, run, and test this version of WordPress on a production or mission-critical website. Instead, it is recommended that you test Beta 1 on a test server and site.  You can test … Read more

Critical Authentication Bypass Vulnerability Patched in SiteGround Security Plugin

On March 10, 2022 the Wordfence Threat Intelligence team initiated the responsible disclosure process for a vulnerability we discovered in “SiteGround Security”, a WordPress plugin that is installed on over 400,000 sites. This flaw makes it possible for attackers to gain administrative user access on vulnerable sites when two-factor authentication (2FA) is enabled but not … Read more

WordPress 5.9.3 Maintenance Release

WordPress 5.9.3 is now available! This maintenance release features 9 bug fixes in Core and 10 bug fixes in the block editor. WordPress 5.9.3 is a short-cycle maintenance release. The next major release will be version 6.0. You can download WordPress 5.9.3 from WordPress.org, or visit your Dashboard → Updates and click “Update Now”. If you have sites that … Read more