Critical Vulnerabilities Patched in MapPress Maps Plugin
On April 1, 2020, the Wordfence Threat Intelligence Team discovered two vulnerabilities in MapPress Maps for WordPress, a WordPress plugin with over 80,000 installations. One vulnerability that allowed...
View ArticleClik here to view.
High Severity Vulnerability Patched in Real-Time Find and Replace Plugin
On April 22, 2020, our Threat Intelligence team discovered a vulnerability in Real-Time Find and Replace, a WordPress plugin installed on over 100,000 sites. This flaw could allow any user to inject...
View ArticleHigh-Severity Vulnerabilities Patched in LearnPress
On March 16, 2020, LearnPress – WordPress LMS Plugin, a WordPress plugin with over 80,000 installations, patched a high-severity vulnerability that allowed subscriber-level users to elevate their...
View ArticleHigh Severity Vulnerability Patched in Ninja Forms
On April 27, 2020, the Wordfence Threat Intelligence team discovered a Cross-Site Request Forgery(CSRF) vulnerability in Ninja Forms, a WordPress plugin with over 1 million installations. This...
View ArticleUnpacking The 7 Vulnerabilities Fixed in Today’s WordPress 5.4.1 Security Update
WordPress Core version 5.4.1 has just been released. Since this release is marked as a combined security and bug fix update, we recommend updating as soon as possible. With that said, most of the...
View ArticleClik here to view.
Nearly a Million WP Sites Targeted in Large-Scale Attacks
Our Threat Intelligence Team has been tracking a sudden uptick in attacks targeting Cross-Site Scripting(XSS) vulnerabilities that began on April 28, 2020 and increased over the next few days to...
View Article28,000 GoDaddy Hosting Accounts Compromised
This is a public service announcement (PSA) from the Wordfence team regarding a security issue which may impact some of our customers. On May 4, 2020, GoDaddy, one of the world’s largest website...
View ArticleCombined Attack on Elementor Pro and Ultimate Addons for Elementor Puts 1...
On May 6, 2020, our Threat Intelligence team received reports of active exploitation of vulnerabilities in two related plugins, Elementor Pro and Ultimate Addons for Elementor. We have reviewed the log...
View ArticleClik here to view.
Vulnerabilities Patched in Page Builder by SiteOrigin Affects Over 1 Million...
On Monday, May 4, 2020, the Wordfence Threat Intelligence team discovered two vulnerabilities present in Page Builder by SiteOrigin, a WordPress plugin actively installed on over 1,000,000 sites. Both...
View ArticleClik here to view.
One Attacker Outpaces All Others
Starting April 28th, we saw a 30 times increase in cross site scripting attack volume, originating from a single attacker, and targeting over a million WordPress sites. We published research detailing...
View ArticleClik here to view.
Vulnerability in Google WordPress Plugin Grants Attacker Search Console Access
On April 21st, our Threat Intelligence team discovered a vulnerability in Site Kit by Google, a WordPress plugin installed on over 300,000 sites. This flaw allows any authenticated user, regardless of...
View ArticleClik here to view.
The Elementor Attacks: How Creative Hackers Combined Vulnerabilities to Take...
On May 6, our Threat Intelligence team was alerted to a zero-day vulnerability present in Elementor Pro, a WordPress plugin installed on approximately 1 million sites. That vulnerability was being...
View ArticleClik here to view.
High Severity Vulnerabilities in PageLayer Plugin Affect Over 200,000...
A few weeks ago, our Threat Intelligence team discovered several vulnerabilities present in Page Builder: PageLayer – Drag and Drop website builder, a WordPress plugin actively installed on over...
View ArticleClik here to view.
Large Scale Attack Campaign Targets Database Credentials
Between May 29 and May 31, 2020, the Wordfence Firewall blocked over 130 million attacks intended to harvest database credentials from 1.3 million sites by downloading their configuration files. The...
View ArticleWordPress 5.4.2 Patches Multiple XSS Vulnerabilities
WordPress Core version 5.4.2 has just been released. Since this release is marked as a combined security and bug fix update, we recommend updating as soon as possible. With that said, most of the...
View ArticleMalware Detection: Measuring Recall to Catch Them All
At Wordfence, we take performance seriously on all levels. While speed is one way to measure performance, there are other metrics that are equally important. Over the past year, our Threat Intelligence...
View ArticleCritical Vulnerabilities Patched in Adning Advertising Plugin
On June 24, 2020, our Threat Intelligence team was made aware of a possible vulnerability in the Adning Advertising plugin, a premium plugin with over 8,000 customers. We eventually discovered 2...
View ArticleXSS Flaw Impacting 100,000 Sites Patched in KingComposer
On June 15, 2020, our Threat Intelligence team was made aware of a number of access control vulnerabilities that had recently been disclosed in KingComposer, a WordPress plugin installed on over...
View ArticleClik here to view.
2 Million Users Affected by Vulnerability in All in One SEO Pack
On July 10, 2020, our Threat Intelligence team discovered a vulnerability in All In One SEO Pack, a WordPress plugin installed on over 2 million sites. This flaw allowed authenticated users with...
View ArticleHigh Severity Vulnerability Patched in TC Custom JavaScript
On June 12, 2020, Wordfence Threat Intelligence discovered an unauthenticated stored Cross-Site Scripting(XSS) vulnerability in TC Custom JavaScript, a WordPress plugin with over 10,000 installations....
View Article