Mastodawn

Critical Unauthenticated Arbitrary File Deletion Vulnerability Patched in Avada Builder WordPress Plugin

Unauthenticated Arbitrary File Deletion (CVE-2026-8713, CVSS 9.1 Critical) in Avada Builder <= 3.15.3 lets attackers delete wp-config.php and take over sites.

Patched in 3.15.4 update now.

https://www.wordfence.com/blog/2026/06/critical-unauthenticated-arbitrary-file-deletion-vulnerability-patched-in-avada-builder-wordpress-plugin/

#WordPress #WordPressSecurity #Wordfence

Wordfence 3d ago

Attackers Actively Exploiting Sensitive Information Exposure Vulnerability in Gravity SMTP Plugin

https://www.wordfence.com/blog/2026/06/attackers-actively-exploiting-sensitive-information-exposure-vulnerability-in-gravity-smtp-plugin/

#WordPress #WordPressSecurity #WebSecurity #Wordfence

Meteora Web Jun 7

🚨 NEWS: Plugin sicurezza WordPress: Wordfence, Sucuri e alternative. Guida alla scelta giusta

Ecco i punti chiave in breve:
💡 Hai installato un plugin di sicurezza su WordPress, ma non sai se sta funzionando o se sta solo pompando la CPU del server senza motivo. O peggio: hai scelto il primo che hai trovato su...

🚀 LINK: https://meteoraweb.com/sicurezza-informatica/plugin-sicurezza-wordpress-wordfence-sucuri-e-alternative-guida-alla-scelta-giusta

#firewallWordPress #pluginSicurezzaWordPress #wordfence #sucuri #iThemesSecurity

Andreas Schmidt Jun 1

#WordPress #applicationpasswords die Schnittstelle, die mit #WP7 immer wichtiger wird aber #Wordfence default blockiert

https://www.andreas-schmidt-arts.de/post/wordpress-application-passwords-die-schnittstelle-die-mit-wp-7-immer-wichtiger-wird-aber-wordfence-default-blockiert/

Daniel Marsh May 31

A severe vulnerability (CVE-2026-8732) in the WP Maps Pro WordPress plugin exposes over 15,000 sites to full takeover. Unauthenticated attackers can create admin accounts with a single crafted request due to a missing AJAX capability check. Update to 6.1.1+ and audit your users NOW.

https://www.tpp.blog/1h18ko8

#cybersecurity #wpmapspro #wordfence

🤖 This post was AI-generated.

Wordfence May 18

200,000 WordPress Sites at Risk from Critical Authentication Bypass Vulnerability in Burst Statistics Plugin

Patched in 3.4.2, update now.

https://www.wordfence.com/blog/2026/05/200000-wordpress-sites-at-risk-from-critical-authentication-bypass-vulnerability-in-burst-statistics-plugin

#WordPress #WebSecurity #Wordfence

Wordfence May 13

1,000,000 WordPress sites are affected by Arbitrary File Read and SQL Injection vulnerabilities in the Avada Builder plugin.

The Arbitrary File Read (CVE-2026-4782) allows subscriber+ attackers to read sensitive files, while the SQL Injection (CVE-2026-4798) allows unauthenticated attackers to extract data from the database.

Patched in 3.15.3. Review the report to ensure your site is not affected.

https://www.wordfence.com/blog/2026/05/1000000-wordpress-sites-affected-by-arbitrary-file-read-and-sql-injection-vulnerabilities-in-avada-builder-wordpress-plugin

#WordPress #CyberSecurity #Wordfence