An important security update has been released for the WordFence Security Plugin in Version 6.0.22. The security update fixes an XSS vulnerability that was reported by Matt Rusnak.

We have attempted to automatically upgrade all of our customers to the newest version of WordFence. You can verify that you’re running the latest version of WordFence Security on the Plugins page in your WordPress dashboard. We also added this security threat to our security scanner so anyone who begins using VaultPress after today will be notified of this threat.

If you have a site using WordFence but do not have VaultPress installed, you can protect yourself by upgrading under Dashboard → Updates in your WordPress dashboard.

As always, if you have any questions, drop us a line!