Vulnerability Patched in Sassy Social Share Plugin

WordFence –  WordFence –  Note: To receive disclosures like this in your inbox the moment they’re published, you can subscribe to our WordPress Security Mailing List. In 2010, Steffan Esser…

Multiple Vulnerabilities in Brizy Page Builder Plugin Allow Site Takeover

WordFence –  WordFence –  Note: To receive disclosures like this in your inbox the moment they’re published, you can subscribe to our WordPress Security Mailing List. On August 19, 2021,…

High Severity Vulnerability Patched in Access Demo Importer Plugin

WordFence –  WordFence –  Note: To receive disclosures like this in your inbox the moment they’re published, you can subscribe to our WordPress Security Mailing List. On August 9, 2021,…

PHP_SELFish Part 2 – Reflected XSS in Easy Social Icons

WordFence –  WordFence –  Today’s post is part two of a two part blog post. It describes a cross site scripting vulnerability in the Easy Social Icons plugin that exploits…

PHP_SELFish Part 1 – Reflected XSS in underConstruction Plugin

WordFence –  WordFence –  Today’s post is part one of a two part blog post. It describes a cross site scripting vulnerability that exploits the PHP_SELF variable. Tomorrow we will…

Recently Patched Vulnerabilities in Ninja Forms Plugin Affect Over 1 Million Site Owners

WordFence –  WordFence –  On August 3, 2021 the Wordfence Threat Intelligence team initiated the responsible disclosure process for two vulnerabilities that were discovered in Ninja Forms, a WordPress plugin…

Over 1 Million Sites Affected by Gutenberg Template Library & Redux Framework Vulnerabilities

WordFence –  WordFence –  On August 3, 2021, the Wordfence Threat Intelligence team initiated the disclosure process for two vulnerabilities we discovered in the Gutenberg Template Library & Redux Framework…

Nested Pages Patches Post Deletion Vulnerability

WordFence –  WordFence –  On August 13, 2021, the Wordfence Threat Intelligence team responsibly disclosed two vulnerabilities in Nested Pages, a WordPress plugin installed on over 80,000 sites that provides…

Critical Authentication Bypass Vulnerability Patched in Booster for WooCommerce

WordFence –  WordFence –  On July 30, 2021 the Wordfence Threat Intelligence team initiated the responsible disclosure process for a vulnerability that we discovered in Booster for WooCommerce, a WordPress…

XSS Vulnerability Patched in SEOPress Affects 100,000 sites

WordFence –  WordFence –  On July 29, 2021 the Wordfence Threat Intelligence team initiated the responsible disclosure process for a vulnerability that we discovered in SEOPress, a WordPress plugin installed…