Wordfence Intelligence Weekly WordPress Vulnerability Report (July 10, 2023 to July 16, 2023)

Last week, there were 69 vulnerabilities disclosed in 68 WordPress Plugins and 1 WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 29 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities in this report now to ensure your site is not affected. Our mission with … Read more

“Never Assume Anything” – Unauthenticated Stored Cross-Site Scripting Vulnerability Exposed in 14 Email Logging Plugins

“Never Assume Anything” – that is the 4th Guiding Principle written in the Security section of the WordPress Common APIs Handbook for developers. When it comes to WordPress plugin security, assumptions can be dangerous. This became evident when the Wordfence Threat Intelligence team discovered an Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability in 14 different email … Read more

WordPress 6.3 Release Candidate 1

WordPress 6.3 RC1 is ready for download and testing. This version of the WordPress software is under development. Please do not install, run, or test this version on production or mission-critical websites. Instead, you should evaluate RC1 on a test server and site.  Reaching this part of the release cycle is a key milestone. While … Read more

Massive Targeted Exploit Campaign Against WooCommerce Payments Underway

The Wordfence Threat Intelligence team has been monitoring an ongoing exploit campaign targeting a recently disclosed vulnerability in WooCommerce Payments, a plugin installed on over 600,000 sites. Large-scale attacks against the vulnerability, assigned CVE-2023-28121, began on Thursday, July 14, 2023 and continued over the weekend, peaking at 1.3 million attacks against 157,000 sites on Saturday, … Read more

WP Briefing: Episode 60: Sneak a Peek at WordPress 6.3 with Special Guest Mike Schroder

Join WordPress Executive Director Josepha Haden Chomphosy and Core Tech Lead Mike Schroder as they discuss their favorite new features and enhancements coming in WordPress 6.3. Have a question you’d like answered? You can submit them to wpbriefing@wordpress.org, either written or as a voice recording. Credits Host: Josepha Haden ChomphosyGuests: Mike SchroderEditor: Dustin HartzlerLogo: Javier ArceProduction: Nicholas GarofaloSong: Fearless … Read more