WordPress Plugin Exploit Alert: Wordfence Security


Secunia has reported a XSS vulnerability in WordPress security plugin Wordfence Security, which can be exploited to execute arbitrary HTML and script code in a user’s browser session in context of an affected site.

The vulnerability affects versions 3.3.5 and prior, and has been patched in the latest version (3.3.7).  If you’re using this plugin, please update ASAP

The vulnerability was discovered by Eugene Dokukin aka MustLive.

See Also

XSS and IAA vulnerabilities in Wordfence Security for WordPress

Secunia Advisories release 15 – 20 daily security alerts compiled by IT experts. Sign up to receive third party software and Windows security alerts.