ALERT: Wordfence Security XSS Vulnerability Discovered

wordfence security

If you’re using the Wordfence Security plugin on your WordPress blog or website, be advised that an update was just released an hour ago to address a recently discovered XSS vulnerability.

I’ve checked the official Wordfence blog to learn more about the details of the vulnerability but it seems that they haven’t posted about it yet. However, they did post an alert on their Twitter account:

Not sure how long the XSS vulnerability has been around but it’s good to know that the folks at Wordfence Security were quick to address the issue and release an updated version that patches the vulnerability. They also took an extra step of preventing the vulnerability from being exploitable from their servers so that users won’t be vulnerable. I will update this post if I find out more details about the vulnerability.

To update your current Wordfence Security plugin, you can do it via the WordPress admin interface – Dashboard > Updates. Select Wordfence Security and click Update Plugins. If you want to update manually, you can download the latest version of Wordfence Security from the official WordPress Plugins repository and upload it via FTP.

Better safe than sorry folks! If you have this plugin on your personal blog/site or on several sites that you manage, make sure that you take the time to upgrade ASAP to avoid having your site/s being compromised and avoiding problems.

JP Habaradas

Owner and editor of JaypeeOnline. Self-proclaimed geek. New media writer and consultant. WordPress advocate. Loves blogging, gadgets, video games and sports. You can follow him on Facebook or Twitter.
View All Articles

Leave a Reply

Your email address will not be published.