On May 15th, 2025, we received a submission for an Arbitrary File Upload vulnerability in MasterStudy LMS Pro, a WordPress plugin with more than 15,000 estimated active installations. The MasterStudy Education WordPress theme from ThemeForest with more than 21,000 sales…
Tag: Blog – Wordfence
Wordfence Intelligence Weekly WordPress Vulnerability Report (May 12, 2025 to May 18, 2025)
📢 In case you missed it, Wordfence just published its annual WordPress security report for 2024. Read it now to learn more about the evolving risk landscape of WordPress so you can keep your sites protected in 2025 and beyond. …
Sophisticated & Stealthy Formjacking Malware Targets E-Commerce Checkout Pages
The Wordfence Threat Intelligence team recently uncovered a sophisticated formjacking malware targeting WooCommerce sites. This malware injects a fake payment form into legitimate checkout processes and exfiltrates sensitive customer data to a remote Command & Control (C2) server. Unlike traditional…
22,000 WordPress Sites Affected by Privilege Escalation Vulnerability in Motors WordPress Theme
On May 2nd, 2025, we received a submission for a Privilege Escalation vulnerability in Motors, a WordPress theme with more than 22,000 sales. This vulnerability makes it possible for an unauthenticated attacker to change the password of any user, including…
Wordfence Intelligence Weekly WordPress Vulnerability Report (May 5, 2025 to May 11, 2025)
📢 In case you missed it, Wordfence just published its annual WordPress security report for 2024. Read it now to learn more about the evolving risk landscape of WordPress so you can keep your sites protected in 2025 and beyond. …
10,000 WordPress Sites Affected by Remote Code Execution Vulnerability in UiPress lite WordPress Plugin
On March 29th, 2025, we received a submission for a Remote Code Execution vulnerability in UiPress lite, a WordPress plugin with over 10,000 active installations. This vulnerability can be leveraged to execute code remotely, which makes it possible for attackers…
50,000 WordPress Sites Affected by PHP Object Injection Vulnerability in Uncanny Automator WordPress Plugin
On April 26th, 2024, we received a submission for an authenticated PHP Object Injection vulnerability in Uncanny Automator, a WordPress plugin with more than 50,000 active installations. This vulnerability can be leveraged via an existing POP chain present in the…
82,000 WordPress Sites Affected by Arbitrary File Upload Vulnerability in TheGem WordPress Theme
On May 4th, 2025, we received a submission for an Arbitrary File Upload vulnerability in TheGem, a WordPress theme with more than 82,000 sales. This vulnerability can be used by authenticated attackers, with subscriber-level access and above, to upload arbitrary…
Wordfence Intelligence Weekly WordPress Vulnerability Report (April 28, 2025 to May 4, 2025)
📢 In case you missed it, Wordfence just published its annual WordPress security report for 2024. Read it now to learn more about the evolving risk landscape of WordPress so you can keep your sites protected in 2025 and beyond. …
10,000 WordPress Sites Affected by Arbitrary File Read Vulnerability in Eventin WordPress Plugin
On April 6th, 2025, we received a submission for an Arbitrary File Read vulnerability in Eventin, a WordPress plugin with more than 10,000 active installations. This vulnerability makes it possible for an unauthenticated attacker to read arbitrary files on the…