If you’re using the Wordfence Security plugin on your WordPress blog or website, be advised that an update was just released an hour ago to address a recently discovered XSS vulnerability.
I’ve checked the official Wordfence blog to learn more about the details of the vulnerability but it seems that they haven’t posted about it yet. However, they did post an alert on their Twitter account:
Wordfence 6.0.22 is out. Important release. Please update asap Get your security on at https://t.co/jfGFkuIq4M
— Wordfence (@wordfence) December 9, 2015
Not sure how long the XSS vulnerability has been around but it’s good to know that the folks at Wordfence Security were quick to address the issue and release an updated version that patches the vulnerability. They also took an extra step of preventing the vulnerability from being exploitable from their servers so that users won’t be vulnerable. I will update this post if I find out more details about the vulnerability.
To update your current Wordfence Security plugin, you can do it via the WordPress admin interface – Dashboard > Updates. Select Wordfence Security and click Update Plugins. If you want to update manually, you can download the latest version of Wordfence Security from the official WordPress Plugins repository and upload it via FTP.
Better safe than sorry folks! If you have this plugin on your personal blog/site or on several sites that you manage, make sure that you take the time to upgrade ASAP to avoid having your site/s being compromised and avoiding problems.