Over 100,000 WordPress Websites Affected by XSS and SQLi Vulnerabilities in Slimstat Analytics Plugin

by

On August 24, 2023, our Wordfence Threat Intelligence team identified and began the responsible disclosure process for a stored Cross-Site Scripting (XSS) and a Blind SQL Injection vulnerability in the Slimstat Analytics plugin, which is actively installed on more than 100,000 WordPress websites. The vulnerability enables threat actors with contributor-level permissions or higher to inject … Read more

The Month in WordPress – August 2023

by

August 2023 marked another exciting chapter in WordPress, with the Community Summit and WordCamp US bringing the community together for meaningful discussions, knowledge sharing, and learning. This month also welcomed the long-awaited WordPress 6.3 release and offered a glimpse of what’s to come. Let’s dive into it. Meet WordPress 6.3 “Lionel” WordPress 6.3 “Lionel” was … Read more

Wordfence Intelligence Weekly WordPress Vulnerability Report (August 28, 2023 to September 3, 2023)

by

Last week, there were 64 vulnerabilities disclosed in 61 WordPress Plugins and 2 WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 32 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities in this report now to ensure your site is not affected. Our mission with … Read more

Stored Cross-Site Scripting Vulnerability Patched in Newsletter WordPress Plugin

by

On August 16, 2023, our Wordfence Threat Intelligence team identified and began the responsible disclosure process for a stored Cross-Site Scripting (XSS) vulnerability in the Newsletter plugin, which is actively installed on more than 300,000 WordPress websites. The vulnerability enables threat actors with contributor-level permissions or higher to inject malicious web scripts into pages using … Read more