Wordfence Intelligence Weekly WordPress Vulnerability Report (September 23, 2024 to September 29, 2024)

Software Name Software Slug 012 Ps Multi Languages 012-ps-multi-languages ABC APP CREATOR abcapp-creator Absolute Reviews absolute-reviews Accordion accordions Ads by WPQuads – Adsense Ads, Banner Ads, Popup Ads quick-adsense-reloaded Advanced File Manager file-manager-advanced AnWP Football Leagues football-leagues-by-anwppro Appointment & Event Booking Calendar Plugin – Webba Booking webba-booking-lite ARI Fancy Lightbox – Popup for WordPress ari-fancy-lightbox BA Book Everything ba-book-everything Beam me up Scotty – Back to Top Button beam-me-up-scotty Beaver Builder – WordPress Page Builder beaver-builder-lite-version Bold Page Builder bold-page-builder Bulk NoIndex & NoFollow Toolkit bulk-noindex-nofollow-toolkit-by-mad-fish Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More charitable Charity Addon for Elementor charity-addon-for-elementor Chartify – WordPress Chart Plugin chart-builder Checkout Mestres do WP for WooCommerce checkout-mestres-wp Cities Shipping Zones for WooCommerce cities-shipping-zones-for-woocommerce Classic Editor and Classic Widgets classic-editor-and-classic-widgets ClickSold IDX clicksold-wordpress-plugin Common Tools for Site common-tools-for-site Community by PeepSo – Social Network, Membership, Registration, User Profiles, Premium – Mobile App peepso-core Confetti Fall Animation confetti-fall-animation Contact Form 7 Campaign Monitor Extension contact-form-7-campaign-monitor-extension Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder bit-form Contact Form to Any API contact-form-to-any-api Crowdsignal Dashboard – Polls, Surveys & more polldaddy CSS JS Files css-js-files CubeWP Forms – All-in-One Form Builder cubewp-forms Daily Prayer Time daily-prayer-time-for-mosques Directory Listings WordPress plugin – uListing ulisting Download Monitor download-monitor Easy Digital Downloads – eCommerce Payments and Subscriptions made easy easy-digital-downloads Easy Mega Menu Plugin for WordPress – ThemeHunk themehunk-megamenu-plus Easy PayPal Events easy-paypal-events-tickets Elementor Addons by Livemesh addons-for-elementor ElementsKit Elementor addons elementskit-lite ElementsReady Addons for Elementor element-ready-lite Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce email-subscribers EU/UK VAT Manager for WooCommerce eu-vat-for-woocommerce Event Manager, Events Calendar, Tickets, Registrations – Eventin wp-event-solution Fluent Support – Helpdesk & Customer Support Ticket System fluent-support Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder form-maker Garden Gnome Package garden-gnome-package GEO my WP geo-my-wp GF Custom Style gf-custom-style GiveWP – Donation Plugin and Fundraising Platform give Graphicsly – The ultimate graphics plugin for WordPress website builder ( Gutenberg, Elementor, Beaver Builder, WPBakery ) graphicsly GTM Server Side gtm-server-side Gum Elementor Addon gum-elementor-addon GutenGeek Free Gutenberg Blocks for WordPress gtg-advanced-blocks Happy Addons for Elementor happy-elementor-addons HT Mega – Absolute Addons For Elementor ht-mega-for-elementor HUSKY – Products Filter Professional for WooCommerce woocommerce-products-filter IdeaPush ideapush Instant Chat Floating Button for WordPress Websites instant-chat-wp JoomSport – for Sports: Team & League, Football, Hockey & more joomsport-sports-league-results-management Joy Of Text Lite – SMS messaging for WordPress. WordPress Plugin bus-booking-manager myCred – Loyalty Points and Rewards plugin for WordPress and WooCommerce – Give Points, Ranks, Badges, Cashback, WooCommerce rewards, and WooCommerce credits for Gamification mycred Newsletters newsletters-lite NiceJob nicejob Ninja Forms – The Contact Form Builder That Grows With You ninja-forms OneElements – Best Elementor Addons oneelements-ultimate-addons-for-elementor OSM – OpenStreetMap osm Photo Gallery by 10Web – Mobile-Friendly Image Gallery photo-gallery Pixel Cat – Conversion Pixel Manager facebook-conversion-pixel Podiant podiant Polls CP cp-polls Popup, Optin Form & Email Newsletters for Mailchimp, HubSpot, AWeber – MailOptin mailoptin Post Grid and Gutenberg Blocks post-grid Premium Addons for Elementor premium-addons-for-elementor Premium Packages – Sell Digital Products Securely wpdm-premium-packages Primary Addon for Elementor primary-addon-for-elementor Prisna GWT – Google Website Translator google-website-translator Product Enquiry for WooCommerce, WooCommerce product catalog enquiry-quotation-for-woocommerce ProfileGrid – User Profiles, Groups and Communities profilegrid-user-profiles-groups-and-communities PWA for WP & AMP pwa-for-wp Radio Player – Live Shoutcast, Icecast and Any Audio Stream Player for WordPress radio-player Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation By FunnelKit wp-marketing-automations REST API TO MiniProgram rest-api-to-miniprogram Restaurant & Cafe Addon for Elementor restaurant-cafe-addon-for-elementor Review & testimonial widgets trustmary Revolut Gateway for WooCommerce revolut-gateway-for-woocommerce Salon Booking System salon-booking-system Secure Copy Content Protection and Content Locking secure-copy-content-protection Seriously Simple Stats seriously-simple-stats Share This Image share-this-image ShiftController Employee Shift Scheduling shiftcontroller ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) woolentor-addons Sight – Professional Image Gallery and Portfolio sight Simple Calendar – Google Calendar Plugin google-calendar-events Simple LDAP Login simple-ldap-login Simple Popup Plugin simple-popup-plugin Sky Addons for Elementor (Free Templates Library, Live Copy, Animations, Post Grid, Post Carousel, Particles, Sliders, Chart, Blogs) sky-elementor-addons Special Text Boxes wp-special-textboxes Spreadsheet Integration – Automate Google Sheets With WordPress, WooCommerce & Most Popular Form Plugins.

This Cyber News was published on www.wordfence.com. Publication date: Thu, 03 Oct 2024 16:13:06 +0000


Cyber News related to Wordfence Intelligence Weekly WordPress Vulnerability Report (September 23, 2024 to September 29, 2024)

Wordfence Intelligence Weekly WordPress Vulnerability Report - Wordfence just launched its bug bounty program. Last week, there were 109 vulnerabilities disclosed in 98 WordPress Plugins and 10 WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 33 ...
10 months ago Wordfence.com
Wordfence Intelligence Weekly WordPress Vulnerability Report - Last week, there were 95 vulnerabilities disclosed in 65 WordPress Plugins and 3 WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 33 Vulnerability Researchers that contributed to WordPress ...
8 months ago Wordfence.com
Wordfence Intelligence Weekly WordPress Vulnerability Report - For the first 6 months, all awarded bounties receive a 10% bonus. Last week, there were 16 vulnerabilities disclosed in 16 WordPress Plugins and no WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there ...
10 months ago Wordfence.com
Wordfence Intelligence Weekly WordPress Vulnerability Report - For the first 6 months, all awarded bounties receive a 10% bonus. Over the last two weeks, there were 263 vulnerabilities disclosed in 217 WordPress Plugins and 3 WordPress themes that have been added to the Wordfence Intelligence Vulnerability ...
10 months ago Wordfence.com
Wordfence Intelligence Weekly WordPress Vulnerability Report - For the first 6 months, all awarded bounties receive a 10% bonus. Last week, there were 85 vulnerabilities disclosed in 74 WordPress Plugins and 2 WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there ...
9 months ago Wordfence.com
Wordfence Intelligence Weekly WordPress Vulnerability Report - For the first 6 months, all awarded bounties receive a 10% bonus. Last week, there were 85 vulnerabilities disclosed in 74 WordPress Plugins and 2 WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there ...
9 months ago Wordfence.com
Wordfence Intelligence Weekly WordPress Vulnerability Report - For the first 6 months, all awarded bounties receive a 10% bonus. Last week, there were 67 vulnerabilities disclosed in 60 WordPress Plugins and no WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there ...
9 months ago Wordfence.com
Wordfence Intelligence Weekly WordPress Vulnerability Report - Last week, there were 122 vulnerabilities disclosed in 110 WordPress Plugins and no WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 52 Vulnerability Researchers that contributed to WordPress ...
9 months ago Wordfence.com
Wordfence Intelligence Weekly WordPress Vulnerability Report - Last week, there were 52 vulnerabilities disclosed in 42 WordPress Plugins and no WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 26 Vulnerability Researchers that contributed to WordPress ...
9 months ago Wordfence.com
Wordfence Intelligence Weekly WordPress Vulnerability Report - Last week, there were 134 vulnerabilities disclosed in 110 WordPress Plugins and 1 WordPress Theme that have been added to the Wordfence Intelligence Vulnerability Database, and there were 46 Vulnerability Researchers that contributed to WordPress ...
5 months ago Wordfence.com
Website Takeover Campaign Takes Advantage of Unauthenticated Stored Cross-Site Scripting Vulnerability in Popup Builder Plugin - Later on January 10th, 2024 we received an interesting malware submission demonstrating how a Cross-Site Scripting vulnerability in single plugin can allow an unauthenticated attacker to inject an arbitrary administrative account that can be used to ...
9 months ago Wordfence.com
8,000 WordPress Sites affected by Arbitrary File Upload Vulnerability in WP Hotel Booking WordPress Plugin - The WP Hotel Booking plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the update_review() function in all versions up to, and including, 2.1.2. This makes it possible for authenticated attackers, ...
1 month ago Wordfence.com
SQL Injection Vulnerability Patched in Tutor LMS WordPress Plugin - On February 15th, 2024, during our second Bug Bounty Extravaganza, we received a submission for an authenticated SQL Injection vulnerability in Tutor LMS, a WordPress plugin with more than 80,000+ active installations. Props to Muhammad Hassham ...
7 months ago Wordfence.com
Record Breaking $153,000+ Already Invested into the Security of the WordPress Ecosystem by Wordfence - In just a few short months since our launch in November of last year, the Wordfence Bug Bounty Program has already awarded over $153,000 in bounties to WordPress security researchers who have been responsibly reporting security issues in WordPress ...
7 months ago Wordfence.com
30,000 WordPress Sites affected by Arbitrary SQL Execution Vulnerability Patched in Visualizer WordPress Plugin - On April 10th, 2024, during our second Bug Bounty Extravaganza, we received a submission for an authenticated SQL Execution vulnerability in Visualizer, a WordPress plugin with more than 30,000 active installations. Props to Krzysztof Zając who ...
5 months ago Wordfence.com
Too Much Escaping Backfires, Allows Shortcode-Based XSS Vulnerability in Contact Form Entries WordPress Plugin - On February 24th, 2024, during our second Bug Bounty Extravaganza, we received a submission for a stored Cross-Site Scripting vulnerability in Contact Form Entries, a WordPress plugin with more than 60,000+ active installations. The vulnerability ...
7 months ago Wordfence.com
Critical Unauthenticated Remote Code Execution Found in Backup Migration Plugin - Wordfence just launched its bug bounty program. On December 5th, 2023, shortly after the launch of our Holiday Bug Extravaganza, we received a submission for a PHP Code Injection vulnerability in Backup Migration, a WordPress plugin with over 90,000+ ...
10 months ago Wordfence.com
$1,900 Bounty Awarded for Arbitrary Options Update Vulnerability Patched in Cookie Information - This vulnerability could be used by authenticated attackers, with authenticated access, to update arbitrary options and leverage that for privilege escalation. Props to Lucio Sá who discovered and responsibly reported this vulnerability through the ...
9 months ago Wordfence.com
Type Juggling Leads to Two Vulnerabilities in POST SMTP Mailer WordPress Plugin - On December 14th, 2023, during our Bug Bounty Program Holiday Bug Extravaganza, we received a submission for an Authorization Bypass vulnerability in POST SMTP Mailer, a WordPress plugin with over 300,000+ active installations. This vulnerability ...
9 months ago Wordfence.com
Wordfence CLI 2.1.0 Adds Email Capability and Unattended Configuration - We've just released Wordfence CLI 2.1.0 which includes two exciting new capabilities. Wordfence CLI can now email you a summary of scan results for both the malware scan and the vulnerability scan. These emails can be sent directly, or via an SMTP ...
10 months ago Wordfence.com
PSA: Fake CVE-2023-45124 Phishing Scam Tricks Users Into Installing Backdoor Plugin - The Wordfence Threat Intelligence Team has recently been informed of a phishing campaign targeting WordPress users. The Download Plugin link redirects the victim to a convincing fake landing page at en-gb-wordpress[. It then sends the site URL and ...
11 months ago Packetstormsecurity.com
WordPress Security Research: A Beginner's Series - Over the coming months, this series will be presented through multiple blog posts, each delving into the fundamentals of WordPress's architecture and security mechanisms while featuring real-world examples of vulnerabilities and their exploitation. ...
4 months ago Wordfence.com
CVE-2023-2813 - All of the above Aapna WordPress theme through 1.3, Anand WordPress theme through 1.2, Anfaust WordPress theme through 1.1, Arendelle WordPress theme before 1.1.13, Atlast Business WordPress theme through 1.5.8.5, Bazaar Lite WordPress theme before ...
1 year ago
Developer Accounts Compromised Due to Credential Reuse in WordPress.org Supply Chain Attack - On June 24th, 2024, the Wordfence Threat Intelligence Team became aware of a WordPress plugin, Social Warfare, that was infected with malware through the WordPress repository. We immediately notified the WordPress Plugin's Team and they removed the ...
4 months ago Wordfence.com
Critical WordPress Plug-in RCE Bug Exposes Reams of Websites to Takeover - A critical unauthenticated remote control execution bug in a backup plug-in that's been downloaded more than 90,000 times exposes vulnerable WordPress sites to takeover - another example of the epidemic of risk posed by flawed plug-ins for the ...
10 months ago Darkreading.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)