Clik here to view.
High Severity Vulnerability Patched in Download Manager Plugin
On July 8, 2022 the Wordfence Threat Intelligence team initiated the responsible disclosure process for a vulnerability we discovered in “Download Manager,” a WordPress plugin that is installed on over...
View ArticleCross-Site Request Forgery Vulnerability Patched in Ecwid Ecommerce Shopping...
On June 24, 2022, the Wordfence Threat Intelligence team initiated the responsible disclosure process for a Cross-Site Request Forgery vulnerability we discovered in Ecwid Ecommerce Shopping Cart, a...
View ArticleClik here to view.
Wordfence Intelligence Launching at Black Hat 2022 in Las Vegas Next Week
Wordfence protects over 4 million websites around the world on 12,000 unique networks, and we block over 1.8 billion attacks targeting those websites every month. For years we have had a relationship...
View ArticleClik here to view.
Ukrainian Website Threat Landscape Throughout 2022
The Russian invasion of Ukraine began on February 20, 2022. By mid-March it was clear the cyber-war had begun, and the attacks have been consistent ever since. Prior to this, on March 1, 2022,...
View ArticleClik here to view.
Wordfence Launches Wordfence Intelligence for Hosts and Network Defenders
This morning the Wordfence team is launching Wordfence Intelligence live at Black Hat 2022 in Las Vegas. Our entire team is here in Las Vegas, including our international team members. I’d like to tell...
View ArticleClik here to view.
Analyzing Attack Data and Trends Targeting Ukrainian Domains
As we continue to monitor the cyber situation in Ukraine, the data we are seeing shows some interesting trends. Not only has the volume of attacks continued rising throughout the war in Ukraine, the...
View ArticleWordPress Core 6.0.2 Security & Maintenance Release – What You Need to Know
On August 30, 2022, the WordPress core team released WordPress version 6.0.2, which contains patches for 3 vulnerabilities, including a High Severity SQLi vulnerability in the Links functionality as...
View ArticlePSA: Nearly 5 Million Attacks Blocked Targeting 0-Day in BackupBuddy Plugin
Late evening, on September 6, 2022, the Wordfence Threat Intelligence team was alerted to the presence of a vulnerability being actively exploited in BackupBuddy, a WordPress plugin we estimate has...
View ArticlePSA: Zero-Day Vulnerability in WPGateway Actively Exploited in the Wild
On September 8, 2022, the Wordfence Threat Intelligence team became aware of an actively exploited zero-day vulnerability being used to add a malicious administrator user to sites running the WPGateway...
View Article--- Article Not Found! ---
*** *** *** RSSing Note: Article is missing! We don't know where we put it!!. *** ***
View Article--- Article Not Found! ---
*** *** *** RSSing Note: Article is missing! We don't know where we put it!!. *** ***
View ArticleClik here to view.
Spikes in Attacks Serve as a Reminder to Update Plugins
The Wordfence Threat Intelligence team continually monitors trends in the attack data we collect. Occasionally an unusual trend will arise from this data, and we have spotted one such trend standing...
View ArticleClik here to view.
Wordfence Launches Free Vulnerability Database For Commercial Use – And...
Today we are incredibly excited to announce that Wordfence is launching an entirely free vulnerability database API and web interface, available for commercial use by hosting companies, security...
View ArticleHow Much is Your Hacked Site Worth?
The Wordfence Threat Intelligence team has recently concluded an investigation of online marketplaces, colloquially known as “shops” by threat actors, selling access to compromised services. While...
View ArticleClik here to view.
Exploiting WordPress Plugin Vulnerabilities to Steal AWS Metadata
In an ideal world, vulnerabilities would not exist. A request would be sent to a server, properly validated, and only the intended information would be provided by the server. Of course, this is not a...
View ArticlePSA: YITH WooCommerce Gift Cards Premium Plugin Exploited in the Wild
The Wordfence Threat Intelligence team has been tracking exploits targeting a Critical Severity Arbitrary File Upload vulnerability in YITH WooCommerce Gift Cards Premium, a plugin with over 50,000...
View ArticleEleven Vulnerabilities Patched in Royal Elementor Addons
On December 23, 2022, the Wordfence Threat Intelligence team initiated the responsible disclosure process for a set of 11 vulnerabilities in Royal Elementor Addons, a WordPress plugin with over 100,000...
View ArticleClik here to view.
Holiday Attack Spikes Target Ancient Vulnerabilities and Hidden Webshells
Winter brings a number of holidays in a short period of time, and many organizations shut down or run a skeleton crew for a week or more at the end of the year and beginning of the new year. This makes...
View ArticleThe Wordfence 2022 State of WordPress Security Report
Today, the Wordfence Threat Intelligence team is releasing our 2022 State of WordPress Security Report as a free White Paper. In our report, we look at changes in the threat landscape, analyze...
View ArticleMultiple Vulnerabilities Patched in Quick Restaurant Menu Plugin
On January 16, 2023, the Wordfence Threat Intelligence team responsibly disclosed several vulnerabilities in Quick Restaurant Menu, a WordPress plugin that allows users to set up restaurant menus on...
View Article