WordPress 6.2 Beta 1

WordPress 6.2 Beta 1 is ready for download and testing! This version of the WordPress software is under development. Please do not install, run, or test this version of WordPress on production or mission-critical websites. Instead, you should test Beta 1 on a test server and site. You can test WordPress 6.2 Beta 1 in … Read more

High-Severity XSS Vulnerability in Metform Elementor Contact Form Builder

On January 4, 2023, independent security researcher Mohammed Chemouri reached out to the Wordfence Vulnerability Disclosure program to responsibly disclose and request a CVE ID for a vulnerability in Metform Elementor Contact Form Builder, a WordPress plugin with over 100,000 installations. The vulnerability, an unauthenticated stored cross-site scripting vulnerability, is arguably the most dangerous variant … Read more

The Month in WordPress – January 2023

Welcome to the first 2023 edition of The Month in WordPress! January kicked off with an overview of WordPress’ big goals for 2023 and new projects beginning to take shape. Moreover, work on the next major release, WordPress 6.2, continues with Beta 1 scheduled for next week. Read on for the latest news. WordPress 6.2 … Read more

Multiple Vulnerabilities Patched in Quick Restaurant Menu Plugin

On January 16, 2023, the Wordfence Threat Intelligence team responsibly disclosed several vulnerabilities in Quick Restaurant Menu, a WordPress plugin that allows users to set up restaurant menus on their sites. This plugin is vulnerable to Missing Authorization, Insecure Direct Object Reference, Cross-Site Request Forgery as well as Cross-Site Scripting in versions up to, and … Read more