Wordfence · Wordfence · CVE-2019-9669
**Name of the Vulnerable Software and Affected Versions**
Wordfence plugin version 7.2.3
**Description**
The issue concerns a potential XSS attack vector in the Wordfence plugin for WordPress. However, it has been noted that this may not be considered a valid vulnerability within the context of the Wordfence WordPress plugin, as the firewall rules are maintained on vendor servers and pushed to the plugin without versioning. Bypassing a WAF rule does not necessarily make a WordPress site vulnerable in terms of software vulnerabilities.
**Recommendations**
At the moment, there is no information about a newer version that contains a fix for this vulnerability.