Security Alerts

Wordfence Security Alert: Elementor Plugin Vulnerability Dec 6th 2023

On December 6, 2023, Wordfence identified a security concern within Elementor, a widely-used WordPress plugin with almost 9 million installations. Our team observed a changelog entry for Elementor version 3.18.1, revealing a partial patch for a vulnerability we hadn’t initially discovered.Swiftly responding, we deployed a firewall rule to safeguard Wordfence Premium, Wordfence Care, and Wordfence…

XSS and SQLi Vulnerabilities in Slimstat Analytics Plugin

On August 24, 2023, our Wordfence Threat Intelligence team identified and began the responsible disclosure process for a stored Cross-Site Scripting (XSS) and a Blind SQL Injection vulnerability in the Slimstat Analytics plugin, which is actively installed on more than 100,000 WordPress websites. The vulnerability enables threat actors with contributor-level permissions or higher to inject malicious…