Cross-Site Scripting Vulnerability In Download Manager Plugin

On May 30, 2022, Security Researcher Rafie Muhammad reported a reflected Cross-Site Scripting (XSS) vulnerability to us that they discovered in Download Manager, a WordPress plugin installed on over 100,000 sites. On request, we assigned a vulnerability identifier of CVE-2022-1985. All Wordfence users, including Free, Premium, Care, and Response, are protected from exploits targeting this … Read more

The Month in WordPress – May 2022

WordPress has a lot to celebrate this month. The newest release “Arturo” is here. WordPress turned 19 years old last week. And WordCamp Europe, the first in-person flagship WordCamp in two years, is starting today in Porto, Portugal. Read on to learn more about these and other exciting news around WordPress! Say hello to WordPress … Read more

The Cybersecurity CIA Triad: What You Need to Know as a WordPress Site Owner

One of the core concepts of cybersecurity is known as the CIA Triad. There are three pillars to the triad, with each pillar being designed to address an aspect of securing data. These three pillars are Confidentiality, Integrity, and Availability. The Confidentiality pillar is intended to prevent unauthorized access to data, while the Integrity pillar … Read more