High Severity Vulnerability Patched in Access Demo Importer Plugin
Note: To receive disclosures like this in your inbox the moment they’re published, you can subscribe to our WordPress Security Mailing List. On August 9, 2021, the Wordfence Threat Intelligence team...
View ArticleMultiple Vulnerabilities in Brizy Page Builder Plugin Allow Site Takeover
Note: To receive disclosures like this in your inbox the moment they’re published, you can subscribe to our WordPress Security Mailing List. On August 19, 2021, the Wordfence Threat Intelligence team...
View ArticleVulnerability Patched in Sassy Social Share Plugin
Note: To receive disclosures like this in your inbox the moment they’re published, you can subscribe to our WordPress Security Mailing List. In 2010, Steffan Esser gave a presentation in Las Vegas that...
View ArticleSite Deletion Vulnerability in Hashthemes Plugin
Update: a previous version of this article incorrectly indicated that this vulnerability could be used for site takeover, we have updated this for accuracy, as the impact is instead complete loss of...
View Article1,000,000 Sites Affected by OptinMonster Vulnerabilities
Note: To receive disclosures like this in your inbox the moment they’re published, you can subscribe to our WordPress Security Mailing List. On September 28, 2021 the Wordfence Threat Intelligence team...
View ArticleXSS Vulnerability in NextScripts: Social Networks Auto-Poster Plugin Impacts...
Note: To receive disclosures like this in your inbox the moment they’re published, you can subscribe to our WordPress Security Mailing List. On August 19, 2021, the Wordfence Threat Intelligence team...
View ArticleVulnerability in WP DSGVO Tools (GDPR) Plugin Allows Unauthenticated Page...
Note: To receive disclosures like this in your inbox the moment they’re published, you can subscribe to our WordPress Security Mailing List. On September 27, 2021, the Wordfence Threat Intelligence...
View ArticleOver 1 Million Sites Impacted by Vulnerability in Starter Templates Plugin
On October 4, 2021, the Wordfence Threat Intelligence team initiated the responsible disclosure process for the Starter Templates plugin, which is installed on over 1 Million WordPress websites. The...
View ArticleWooCommerce Extension – Reflected XSS Vulnerability
Note: To receive disclosures like this in your inbox the moment they’re published, you can subscribe to our WordPress Security Mailing List. On November 1, 2021 the Wordfence Threat Intelligence team...
View ArticleClik here to view.
GoDaddy Breached – Plaintext Passwords – 1.2M Affected
This morning, GoDaddy disclosed that an unknown attacker had gained unauthorized access to the system used to provision the company’s Managed WordPress sites, impacting up to 1.2 million of their...
View ArticleClik here to view.
GoDaddy Breach Widens to tsoHost, Media Temple, 123Reg, Domain Factory, Heart...
Yesterday GoDaddy disclosed a massive data breach impacting over 1.2 Million customers. Today, we received confirmation from GoDaddy that multiple brands that resell GoDaddy Managed WordPress were...
View ArticleClik here to view.
AWS Attacks Targeting WordPress Increase 5X
The Wordfence Threat Intelligence team has been tracking a huge increase in malicious login attempts against WordPress sites in our network. Since November 17, 2021, the number of attacks targeting...
View ArticleXSS Vulnerability Patched in Plugin Designed to Enhance WooCommerce
Note: To receive disclosures like this in your inbox the moment they’re published, you can subscribe to our WordPress Security Mailing List. On November 11, 2021 the Wordfence Threat Intelligence team...
View ArticleAuthentication Bypass Vulnerability Patched in User Registration Plugin
Note: To receive disclosures like this in your inbox the moment they’re published, you can subscribe to our WordPress Security Mailing List. On September 16, 2021 the Wordfence Threat Intelligence team...
View ArticleClik here to view.
1.6 Million WordPress Sites Hit With 13.7 Million Attacks In 36 Hours From...
Today, on December 9, 2021, our Threat Intelligence team noticed a drastic uptick in attacks targeting vulnerabilities that make it possible for attackers to update arbitrary options on vulnerable...
View ArticleWordPress 5.8.3 Security Release
On January 6, 2022, the WordPress core team released WordPress version 5.8.3, which contains security patches for 4 high-severity vulnerabilities. These patches were backported to every version of...
View Article84,000 WordPress Sites Affected by Three Plugins With The Same Vulnerability
On November 5, 2021 the Wordfence Threat Intelligence team initiated the responsible disclosure process for a vulnerability we discovered in “Login/Signup Popup”, a WordPress plugin that is installed...
View ArticleUnauthenticated XSS Vulnerability Patched in HTML Email Template Designer Plugin
On December 23, 2021 the Wordfence Threat Intelligence team initiated the responsible disclosure process for a vulnerability we discovered in “WordPress Email Template Designer – WP HTML Mail”, a...
View ArticleClik here to view.
Announcing Wordfence Care and Wordfence Response
Today I’m incredibly excited to announce that we are launching two new products: Wordfence Care and Wordfence Response. Let’s start with a fun animation that explains our new product suite! In the post...
View ArticleCritical Vulnerabilities in PHP Everywhere Allow Remote Code Execution
On January 4, 2022, the Wordfence Threat Intelligence team began the responsible disclosure process for several Remote Code Execution vulnerabilities in PHP Everywhere, a WordPress plugin installed on...
View Article