Reflected Cross-Site Scripting Vulnerability Patched in WordPress Profile Builder Plugin

On January 4, 2022 the Wordfence Threat Intelligence team initiated the responsible disclosure process for a vulnerability we discovered in “Profile Builder – User Profile & User Registration Forms”, a WordPress plugin that is installed on over 50,000 WordPress websites. This vulnerability makes it possible for an unauthenticated attacker to craft a request that contains … Read more

A New WordPress News

In June 2021, @beafialho in collaboration with @pablohoney floated the idea of giving WordPress News a new look. Today, those ideas become a reality—we’re excited to share that redesign of WordPress News is live! The new design leans on the aesthetics of jazz, intrinsically connected to WordPress and which ultimately translates its uniqueness, historic significance … Read more

Unauthenticated SQL Injection Vulnerability Patched in WordPress Statistics Plugin

On February 7, 2022, Security Researcher Cyku Hong from DEVCORE reported a vulnerability to us that they discovered in WP Statistics, a WordPress plugin installed on over 600,000 sites. This vulnerability made it possible for unauthenticated attackers to execute arbitrary SQL queries by appending them to an existing SQL query. This could be used to … Read more