This site uses cookies in accordance with our Privacy Policy.
Search Results
Suggestions:
Episode 107: Two Plugin Vulnerabilities Target File Upload Capabilities
March 5, 2021
The Wordfence Threat intelligence team finds vulnerabilities in two plugins, the User Profile Picture plugin and the WooCommerce Upload Files plugin. WordPress 5.7 is set to release on Tuesday, March 9 with numerous enhancements for the block editor, a new robots.txt API, and a stay of execution on jQuery-migrate. A zero day affecting Microsoft Exchange …
Read More
Wordfence vs. Sucuri: Which One Is Best for Your WordPress Website?
November 13, 2024
Choosing the right security plugin can make all the difference in fortifying your website against malicious attacks, data breaches, and other hidden vulnerabilities. Finding the plugin that checks off all your requirements can be a daunting task. You need to carefully examine features, assess the customer support, and understand how each plugin handles security challenges…
WordPress Database Scanning For Malware Released in Wordfence CLI 5.0.1
November 12, 2024
Today we’re excited to announce the recent release of Wordfence CLI version 5.0.1 Now you can scan any WordPress database you have access to for malware and spamvertising with the new db-scan feature. If you are managing many WordPress sites at the server level, the Wordfence CLI is a must-have.
Announcing The Wordfence Audit Log: Off-Site Real-Time Security Event Logging for WordPress
November 5, 2024
The audit log captures and stores security-related events on your website as they happen, and sends them securely to an off-site location to protect them from tampering, and to store them for your analysis.
Audit Log
November 4, 2024
The Wordfence Audit Log is a premium feature that records a history of events on your site to assist in monitoring for unauthorized actions or signs of compromise. Events can include everything from user creation and editing to plugin/theme installation and updates. All data captured for relevant events is saved remotely to Wordfence Central to prevent any tampering that may interfere with post-incident analysis and response.
20,000 WordPress Sites Affected by Privilege Escalation Vulnerability in WCFM – WooCommerce Frontend Manager WordPress Plugin
September 24, 2024
On August 28th, 2024, we received a submission for a Privilege Escalation via Account Takeover vulnerability in WCFM – WooCommerce Frontend Manager, a WordPress plugin with more than 20,000 active installations. This vulnerability makes it possible for an authenticated attacker to change the email of any user, including an administrator, which allows them to reset the password and take over the account and website
Over 40,000 WordPress Sites Affected by Privilege Escalation Vulnerability Patched in Post Grid and Gutenberg Blocks Plugin
September 10, 2024
On August 14th, 2024, we received a submission for a Privilege Escalation vulnerability in Post Grid and Gutenberg Blocks, a WordPress plugin with over 40,000 active installations. This vulnerability can be leveraged by attackers with minimal authenticated access to set their role to administrator utilizing the form submission functionality.
7,000 WordPress Sites Affected by Privilege Escalation Vulnerability in ProfileGrid WordPress Plugin
July 9, 2024
📢 Did you know Wordfence runs a Bug Bounty Program for all WordPress plugin and themes at no cost to vendors? Researchers can earn up to $10,400, for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find a vulnerability, submit the details directly to us, and we handle all the rest. For a limited time, all high risk issues are …
Read More
WordPress Security Research Series: WordPress Request Architecture and Hooks
July 1, 2024
Welcome to Part 1 of the WordPress Security Research Beginner Series! If you haven’t had a chance, please review the series introduction blog post for more details on the goal of this series and what to expect. Before diving into the security features of WordPress, it’s critical to understand the underlying request architecture. WordPress is …
Read More
An Inside Look at The Malware and Techniques Used in the WordPress.org Supply Chain Attack
June 27, 2024
On Monday June 24th, 2024 the Wordfence Threat Intelligence team was made aware of the presence of malware in the Social Warfare repository plugin (see post Supply Chain Attack on WordPress.org Plugins Leads to 5 Maliciously Compromised WordPress Plugins). After adding the malicious code to our Threat Intelligence Database and examining it, we quickly discovered …
Read More
Breaking WordPress Security Research in your inbox as it happens.
