On April 5, 2022, the Wordfence Threat Intelligence team initiated the responsible disclosure process for a set of vulnerabilities in...
The Wordfence Threat Intelligence team has been tracking a large-scale attack against a Remote Code Execution vulnerability in Tatsu Builder, which is tracked by CVE-2021-25094 and...
On April 18, 2022, the Wordfence Threat Intelligence team initiated the responsible disclosure process for an Object Injection vulnerability in the Booking Calendar plugin for WordPress,...
On March 29, 2022, the Wordfence Threat Intelligence team initiated the disclosure process for a critical vulnerability in the Elementor plugin that allowed any authenticated user...
On March 10, 2022 the Wordfence Threat Intelligence team initiated the responsible disclosure process for a vulnerability we discovered in “SiteGround Security”, a WordPress plugin that...
Update – after this article was published, Denis Shagimuratov of CleanTalk reached out to us on Twitter. It appears that they didn’t receive our disclosure because...
Last night, just after 6pm Pacific time, on Thursday March 10, 2022, the WordPress core team released WordPress version 5.9.2, which contains security patches for a...
On November 11, 2021 the Wordfence Threat Intelligence team initiated the responsible disclosure process for a vulnerability we discovered in “Photoswipe Masonry Gallery”, a WordPress plugin...
On February 15, 2022, the Wordfence Threat Intelligence team responsibly disclosed a reflected Cross-Site Scripting (XSS) vulnerability in Header Footer Code Manager, a WordPress plugin with...
Update: a previous version of this article indicated that an attacker would need to begin their attack when a backup was in progress, and would need...