Site Deletion Vulnerability in Hashthemes Plugin

WordFence –  WordFence –  Note: To receive disclosures like this in your inbox the moment they’re published, you can subscribe to our WordPress Security Mailing List. On August 25, 2021,…

Vulnerability Patched in Sassy Social Share Plugin

WordFence –  WordFence –  Note: To receive disclosures like this in your inbox the moment they’re published, you can subscribe to our WordPress Security Mailing List. In 2010, Steffan Esser…

It’s Not You. It’s Them. On Hacking and Responsible Disclosure.

WordFence –  WordFence –  A story was recently posted to Hacker News celebrating a hack of IoT devices at a school that let a student and their friends rickroll the…

Brizy WordPress Plugin Exploit Chains Allow Full Site Takeovers

A stored XSS and arbitrary file-upload bug can be paired with an authorization bypass to wreak havoc. Vulnerabilities in the Brizy Page Builder plugin for WordPress sites could be chained…

Multiple Vulnerabilities in Brizy Page Builder Plugin Allow Site Takeover

WordFence –  WordFence –  Note: To receive disclosures like this in your inbox the moment they’re published, you can subscribe to our WordPress Security Mailing List. On August 19, 2021,…

Wordfence Helps Enable Education in Uganda

WordFence –  WordFence –  I want to share something very exciting and truly wonderful with you all today. Wordfence just completed a project where we partnered with Far Away Friends,…

High Severity Vulnerability Patched in Access Demo Importer Plugin

WordFence –  WordFence –  Note: To receive disclosures like this in your inbox the moment they’re published, you can subscribe to our WordPress Security Mailing List. On August 9, 2021,…

PHP_SELFish Part 2 – Reflected XSS in Easy Social Icons

WordFence –  WordFence –  Today’s post is part two of a two part blog post. It describes a cross site scripting vulnerability in the Easy Social Icons plugin that exploits…

PHP_SELFish Part 1 – Reflected XSS in underConstruction Plugin

WordFence –  WordFence –  Today’s post is part one of a two part blog post. It describes a cross site scripting vulnerability that exploits the PHP_SELF variable. Tomorrow we will…

Recently Patched Vulnerabilities in Ninja Forms Plugin Affect Over 1 Million Site Owners

WordFence –  WordFence –  On August 3, 2021 the Wordfence Threat Intelligence team initiated the responsible disclosure process for two vulnerabilities that were discovered in Ninja Forms, a WordPress plugin…