WebToffee Addresses Authentication Bypass Vulnerability in Stripe Payment Plugin for WooCommerce WordPress Plugin

by

On June 8, 2023, our Wordfence Threat Intelligence team identified and began the responsible disclosure process for an Authentication Bypass vulnerability in WebToffee’s Stripe Payment Plugin for WooCommerce plugin, which is actively installed on more than 10,000 WordPress websites. This vulnerability makes it possible for an attacker to gain access to the accounts of users … Read more

WordPress 6.3 RC3

by

WordPress 6.3 RC3 is ready for download and testing. This version of the WordPress software is under development. Please do not install, run, or test this version on production or mission-critical websites. Instead, you should evaluate RC3 on a test server and site.  The WordPress 6.3 release is scheduled for August 8, 2023—just one week … Read more

People of WordPress: Ihtisham Zahoor

by

From administrator to web developer thanks to the supportive WordPress community. Through learning from other software users in Pakistan, Ihtisham Zahoor knew that his life would change. He moved cities and careers to make his life through open source. The People of WordPress series shares inspiring stories of how people’s lives can change for the better through … Read more

Wordfence Intelligence Weekly WordPress Vulnerability Report (July 17, 2023 to July 23, 2023)

by

Last week, there were 62 vulnerabilities disclosed in 1035 WordPress Plugins and 90 WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 36 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities in this report now to ensure your site is not affected. Our mission with … Read more