Maintenance
Unauthenticated Stored Cross-Site Scripting Vulnerability Patched in WordPress Core
WordPress 6.5.2 was released yesterday, on April 9, 2024. It included a single security patch, along with a handful of bug fixes. The security patch was for a Stored Cross-Site Scripting vulnerability that could be exploited by both unauthenticated users, when a comment block is present on a page, and by authenticated users who have […]
Read More
WPMU DEV Review: Features, Pricing and Details
In a world where time is money, you want tools that save you time, giving you room to make more money. When you manage multiple WordPress sites, your task list is enormous, but repetitive. A good WordPress site management tool will automate those repetitive tasks and save you a lot of time. A management tool […]
Read More
$937 Bounty Awarded for Privilege Escalation and Local File Inclusion Vulnerabilities Patched in MasterStudy LMS WordPress Plugin
🎉 Did you know we’re running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! On February 25th, 2024, during our second Bug Bounty Extravaganza, we received a submission for a Privilege […]
Read More
$657 Bounty Awarded for Arbitrary File Upload Patched in WEmanage App Worker WordPress Plugin
On February 1st, 2024, during our Bug Bounty Extravaganza, we received a submission for an Arbitrary File Upload vulnerability in Management App for WooCommerce, a WordPress plugin with 1,000+ active installations. This vulnerability makes it possible for authenticated users such as subscribers and customers to upload arbitrary files to a vulnerable site and achieve remote […]
Read More
Wordfence Intelligence Weekly WordPress Vulnerability Report (March 25, 2024 to March 31, 2024)
Did you know we’re running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there were 375 vulnerabilities disclosed in 297 WordPress Plugins and 7 WordPress Themes that have been added […]
Read More
ManageWP vs InfiniteWP: A Head-To-Head Comparison
It is a constant battle to stay ahead of WordPress site maintenance; especially if you are a successful agency juggling care plans across multiple customers. Updating plugins on one site is manageable, but multiply that by 10 sites and the complexity rises. Monitoring and optimizing each site can feel like you’re constantly putting out fires. […]
Read More
$5,500 Bounty Awarded for Unauthenticated SQL Injection Vulnerability Patched in LayerSlider WordPress Plugin
On March 25th, 2024, during our second Bug Bounty Extravaganza, we received a submission for an unauthenticated SQL Injection vulnerability in LayerSlider, a WordPress plugin with more than 1,000,000 estimated active installations. This vulnerability can be leveraged to extract sensitive data from the database, such as password hashes. Props to AmrAwad who discovered and responsibly […]
Read More
Introducing New Pricing For Wordfence CLI!
We have an exciting announcement today about the Wordfence CLI project. We launched Wordfence CLI at WordCamp US back in August of 2023 with the goal of bringing malware and vulnerability scanning to the command line. We’ve been working closely with our customers since the launch to better understand their needs. As a result, we’ve […]
Read More
Unauthenticated Stored Cross-Site Scripting Vulnerability Patched in WP-Members Membership Plugin – $500 Bounty Awarded
Did you know we’re running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! On February 21st, 2024, during our second Bug Bounty Extravaganza, an Unauthenticated Stored Cross-Site Scripting vulnerability was reported […]
Read More