WordPress released version 6.4.3 on January 30, 2024, containing two security patches addressing longstanding, yet minor, security concerns in the WordPress Core. The first patch resolves the issue of allowing users with Administrator or Super Administrator privileges...
Wordfence has announced the release of Wordfence CLI 3.0.1, codename “Ghost Rider,” which includes a new feature for automatic remediation. This update allows Wordfence CLI to scan and remediate thousands of sites at once, efficiently detecting and removing malware...
The article details the discovery of an Unauthenticated Stored XSS vulnerability in the Popup Builder WordPress plugin. This vulnerability allows an unauthenticated attacker to inject arbitrary JavaScript, which will be executed when a user accesses an injected page....
The article is an announcement from Wordfence about the launch of their bug bounty program. The bug bounty program will offer a 10% bonus on all awarded bounties for the first 6 months. Additionally, the article provides a weekly vulnerability report, detailing the...
WordPress 6.4.2 was released on December 6, 2023, to address a Critical-Severity vulnerability that could allow attackers to execute arbitrary PHP code on WordPress sites. This patch was released to fix a POP chain introduced in version 6.4, which when combined with a...
The Wordfence Threat Intelligence Team has raised an alert regarding a phishing campaign aimed at WordPress users. The campaign involves an email claiming to be from the WordPress team, warning users of a Remote Code Execution vulnerability on their site identified as...