The article discusses the discovery of an Arbitrary File Upload vulnerability in the Avada WordPress theme during a Bug Bounty Extravaganza event. The vulnerability, which affects versions up to and including 7.11.4 of the theme, allows authenticated attackers with...
The article discusses a recent submission of an unauthenticated SQL Injection vulnerability in the Ultimate Member WordPress plugin. The vulnerability allows attackers to extract sensitive data from the database, such as password hashes. The discovery was made by...
The article discusses a Privilege Escalation vulnerability found in the Academy LMS WordPress plugin, affecting versions up to 1.9.19, which allows authenticated attackers to elevate their privileges to that of a site administrator. The vulnerability allows users to...
The article announces a Bug Bounty Extravaganza, offering increased bounty rates for vulnerabilities submitted through February 29, 2024, when Wordfence handles responsible disclosure. During the Bug Bounty Extravaganza, a SQL Injection vulnerability was discovered in...
The article details the discovery of an Unauthenticated Stored XSS vulnerability in the Popup Builder WordPress plugin. This vulnerability allows an unauthenticated attacker to inject arbitrary JavaScript, which will be executed when a user accesses an injected page....
In May 2023, the Wordfence Threat Intelligence team discovered high and critical severity vulnerabilities in Kirotech’s UserPro plugin, which is active on over 20,000 WordPress websites. Wordfence Premium, Wordfence Care, and Wordfence Response users received firewall...