On April 26th, 2024, we received a submission for an authenticated PHP Object Injection vulnerability in Uncanny Automator, a WordPress plugin with more than 50,000 active installations. This vulnerability can be leveraged via an existing POP chain present in the…
Tag: Blog – Wordfence
82,000 WordPress Sites Affected by Arbitrary File Upload Vulnerability in TheGem WordPress Theme
On May 4th, 2025, we received a submission for an Arbitrary File Upload vulnerability in TheGem, a WordPress theme with more than 82,000 sales. This vulnerability can be used by authenticated attackers, with subscriber-level access and above, to upload arbitrary…
Wordfence Intelligence Weekly WordPress Vulnerability Report (April 28, 2025 to May 4, 2025)
📢 In case you missed it, Wordfence just published its annual WordPress security report for 2024. Read it now to learn more about the evolving risk landscape of WordPress so you can keep your sites protected in 2025 and beyond. …
10,000 WordPress Sites Affected by Arbitrary File Read Vulnerability in Eventin WordPress Plugin
On April 6th, 2025, we received a submission for an Arbitrary File Read vulnerability in Eventin, a WordPress plugin with more than 10,000 active installations. This vulnerability makes it possible for an unauthenticated attacker to read arbitrary files on the…
Recently Disclosed SureTriggers Critical Privilege Escalation Vulnerability Under Active Exploitation
On May 2nd, 2025 the Wordfence Threat Intelligence team added a new critical vulnerability to the Wordfence Intelligence vulnerability database in the OttoKit: All-in-One Automation Platform (Formerly SureTriggers) plugin publicly disclosed by a third-party CNA on April 30th, 2025. This…
WordPress Security Research Series: Setting Up Your Research Lab
Welcome to Part 3 of the WordPress Security Research Beginner Series! If you haven’t yet, take a minute to check out the series introduction to get a sense of what this series is all about. You’ll also want to catch…
Wordfence Intelligence Weekly WordPress Vulnerability Report (April 21, 2025 to April 27, 2025)
📢 In case you missed it, Wordfence just published its annual WordPress security report for 2024. Read it now to learn more about the evolving risk landscape of WordPress so you can keep your sites protected in 2025 and beyond. …
Wordfence: The World’s Leading Quality WordPress Vulnerability Intelligence Provider
Today, we’re examining Wordfence’s vulnerability data for 2024 and 2025, and comparing it to other WordPress Certified Numbering Authorities (CNAs) and vulnerability data providers. This report will demonstrate why Wordfence is the undisputed leader in WordPress vulnerability intelligence and WordPress…
Interesting WordPress Malware Disguised as Legitimate Anti-Malware Plugin
The Wordfence Threat Intelligence team recently discovered an interesting malware variant that appears in the file system as a normal WordPress plugin, often with the name ‘WP-antymalwary-bot.php’, and contains several functions that allow attackers to maintain access to your site,…
Wordfence Intelligence Weekly WordPress Vulnerability Report (April 14, 2025 to April 20, 2025)
📢 In case you missed it, Wordfence just published its annual WordPress security report for 2024. Read it now to learn more about the evolving risk landscape of WordPress so you can keep your sites protected in 2025 and beyond. …