On April 25, 2023, our Wordfence Threat Intelligence team identified and began the responsible disclosure process for a stored Cross-Site Scripting (XSS) vulnerability in W3 Eden’s Download Manager...

Explore the impact of the critical privilege escalation vulnerability in the Essential Addons for Elementor plugin that led to mass-infection via Balada malware. Learn how the attackers exploited the...

Stay updated on the latest WordPress 6.2.1 security release that addresses core WP vulnerabilities, including Directory Traversal, Cross-Site Scripting, CSRF, and injection vulnerabilities. Patch as...

Cloudflare was originally built as native services, but we’re building more and more of it on Cloudflare itself. This post describes how and why we’re doing this.

Last week, there were 139 vulnerabilities disclosed in 105 WordPress Plugins and 2 WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 47...

On May 11 2023, Essential Addons for Elementor, a WordPress plugin with over one million active installations, released a patch for a critical vulnerability that made it possible for any unauthenti...

On May 16, 2023, the WordPress core team released WordPress 6.2.1, which contains patches for 5 vulnerabilities, including a Medium Severity Directory Traversal vulnerability, a Medium-Severity...

Last week, there were 58 vulnerabilities disclosed in 43 WordPress Plugins and 3 WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 27 Vulner...

Explore the latest evolution of SocGholish malware injections in WordPress sites, as attackers leverage intermediary xjquery[.]com domain and zlib compression to evade detection. Learn about the...

Discover how disabling the xmlrpc.php file in WordPress can enhance your site's security by mitigating risks associated with brute force and DDoS attacks. Learn how to determine if XML-RPC is active...

Last week, there were 77 vulnerabilities disclosed in 68 WordPress Plugins and 3 WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 32 Vulner...

A roundup of the top WordPress plugin vulnerabilities and patch updates for April, 2023.

Last week, there were 152 vulnerabilities disclosed in 134 WordPress Plugins and 0 WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 41...

On March 20, 2023, the Wordfence Threat Intelligence team began the responsible disclosure process for two vulnerabilities in Shield Security, a security plugin with over 50,000 installations. One of...

Last week, there were 69 vulnerabilities disclosed in 60 WordPress plugins and 4 WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 32 Vulner...

On April 5, 2023, our Wordfence Threat Intelligence team identified and began the responsible disclosure process for a stored Cross-Site Scripting (XSS) vulnerability in Blubrry’s PowerPress plugin,...

On March 14, 2023, the Wordfence Threat Intelligence team initiated the responsible disclosure process for 2 nearly identical Cross-Site Scripting vulnerabilities in the Weaver Xtreme theme and the...

On Wednesday afternoon a small percentage of WPEngine websites using a paid version of Wordfence experienced a 500 Internal Server Error or white screen on their sites due to an erroneous firewall...