I just registered my first CVE. Here is the background story.
One of our goals at OP Innovate is to protect our clients and partners at all times. During a recent penetration testing engagement, the testing scope included a WordPress website. So I decided to channel some effort into WordPress plugins where a vulnerability could potentially affect millions of users. One of the plugins I found was Wordfence.
Wordfence is a firewall and security scanner, and it is considered to be a leader in WordPress security. It has over 4 million active installations.
After reviewing the different functionalities of the plugin, I was drawn to a certain field in the management page of the firewall.
Guess what? It works!
I quickly informed the Wordfence team about my finding and they responded immediately, releasing an update within 24 hours. Their quick remediation ensured that this vulnerability no longer affects millions of their users.
Wordfence reached out to NVD who issued a new CVE – My first CVE