Demos
Learn about ChatGPT, an AI-powered program that can understand human language and have conversations like another human being. It can be integrated into the WordPress CM Tooltip Glossary plugin, providing automatic definitions, double-click definitions, customization options, and caching of results. Discover how to start using it and explore its potential in other applications, such as […]
Monthly Archives: February 2023
Plugins, Wordpress
The WordPress Ecosystem is Becoming More Secure with Responsible Disclosure Becoming More Common
28
Feb
Feb
The Wordfence 2022 State of WordPress Security Report was released on January 24th, 2023. One area that we reviewed in this report were the vulnerabilities disclosed in 2022. Keeping in mind that some vulnerabilities affected multiple plugins, themes, and WordPress core, a total of 2,370 vulnerabilities were reported in 2022. The top five vulnerability categories […]
28
Feb
Feb
We all need a little inspiration boost every now and again. Maybe your secret is to go for a walk, have a chat with a friend, or listen to your favorite playlist. Whatever it might be that refuels your creative batteries, our new collection of desktop and mobile wallpapers could help, too. To bring you […]
PNG and JPG have always been the go-to image file formats for WordPress. However, there’s now a growing list of next-gen formats like AVIF and WebP to compete with them. If you’re just discovering them, you might not know what these formats are or which is best for your needs. In this post, we’ll take […]
Plugins, Standard posts
Meet Penpot, An Open-Source Design Platform Made For Designers And Developers Alike
28
Feb
Feb
This article is a sponsored by Penpot The world of developer tools lives and breathes open-source. Open, free programming languages, frameworks, or even code editors everyone can contribute to — lay at the heart of the premise of the free, open web. Yet, with the design tools, it’s always been a much different story. For […]
Plugins, Standard posts, Themes, Wordpress
PSA: Your Site Isn’t Hacked By This Bitcoin Scam, Keep the Money
27
Feb
Feb
On January 19th, 2023, a member of the Wordfence Threat Intelligence team received an email from their personal blog, claiming the site had been hacked, and we received two reports from Wordfence users who received the same message. The email claimed that the site had been hacked due to a vulnerability on the site. The […]
27
Feb
Feb
Today, the Wordfence Threat Intelligence team is releasing our 2022 State of WordPress Security Report as a free White Paper. In our report, we look at changes in the threat landscape, analyze impactful trends, and provide recommendations based on our findings. While most of our recommendations remain consistent with prior years, there were some surprising […]
Plugins, Standard posts, Themes, Wordpress
Multiple Vulnerabilities Patched in Quick Restaurant Menu Plugin
27
Feb
Feb
On January 16, 2023, the Wordfence Threat Intelligence team responsibly disclosed several vulnerabilities in Quick Restaurant Menu, a WordPress plugin that allows users to set up restaurant menus on their sites. This plugin is vulnerable to Missing Authorization, Insecure Direct Object Reference, Cross-Site Request Forgery as well as Cross-Site Scripting in versions up to, and […]
Plugins, security, Wordpress
High-Severity XSS Vulnerability in Metform Elementor Contact Form Builder
27
Feb
Feb
On January 4, 2023, independent security researcher Mohammed Chemouri reached out to the Wordfence Vulnerability Disclosure program to responsibly disclose and request a CVE ID for a vulnerability in Metform Elementor Contact Form Builder, a WordPress plugin with over 100,000 installations. The vulnerability, an unauthenticated stored cross-site scripting vulnerability, is arguably the most dangerous variant […]
Plugins, security, Wordpress
Wordfence Intelligence CE Weekly Vulnerability Report (1-30-2023 to 2-5-2023)
27
Feb
Feb
In case you missed it, Wordfence has curated an industry leading vulnerability database with all known WordPress core, theme and, plugin vulnerabilities known as Wordfence Intelligence Community Edition. This database is continuously updated, maintained, and populated by Wordfence’s highly credentialed and experienced vulnerability researchers through in-house vulnerability research, vulnerability researchers submitting directly to us using […]
27
Feb
Feb
Wordfence 7.9.0 has been released and it includes a very exciting feature for WooCommerce sites and other WordPress sites wanting to make two factor authentication (2fa) available to their site users or members. Wordfence 7.9.0 now lets you give your users the ability to configure 2fa on their profile pages. For WooCommerce websites, by enabling […]
Plugins, security, Wordpress
Wordfence Intelligence CE Weekly Vulnerability Report (Feb 6, 2023 to Feb 12, 2023)
27
Feb
Feb
In case you missed it, Wordfence has curated an industry leading vulnerability database with all known WordPress core, theme, and plugin vulnerabilities known as Wordfence Intelligence Community Edition. This database is continuously updated, maintained, and populated by Wordfence’s highly credentialed and experienced vulnerability researchers through in-house vulnerability research, vulnerability researchers submitting directly to us using […]
27
Feb
Feb
The Wordfence Threat Intelligence team has observed a recent increase in the number of partial vulnerability patches that don’t properly address separate underlying issues. More specifically, we have been seeing an increase in Missing Authorization vulnerabilities that are fixed using tools intended for addressing Cross-Site Request Forgery, which are two independently fixable vulnerability types that […]
Plugins, security, Wordpress
Wordfence Intelligence CE Weekly Vulnerability Report (Feb 13, 2023 to Feb 19, 2023)
27
Feb
Feb
Wordfence has curated an industry leading vulnerability database with all known WordPress core, theme, and plugin vulnerabilities known as Wordfence Intelligence Community Edition. This database is continuously updated, maintained, and populated by Wordfence’s highly credentialed and experienced vulnerability researchers through in-house vulnerability research, vulnerability researchers submitting directly to us using our CVE Request form, and […]
Plugins, Standard posts, Themes, Wordpress
All In One SEO Pack Vulnerabilities Impacting 3 Million Sites Patched
27
Feb
Feb
On January 26, 2023, the Wordfence Team responsibly disclosed two vulnerabilities in All In One SEO Pack, a WordPress plugin installed on over 3 Million sites which provides search engine optimization tools designed to help content creators optimize their sites and reach more users. Both reported issues were Stored Cross-Site Scripting vulnerabilities with one of […]