Wordfence 2015 Update and Three Plugin Vulnerabilities You Should Know About
2015 is going to be an exciting year for WordPress publishers. WordPress growth continues to accelerate and the focus this year is on security. The large install base that WordPress has makes it a very attractive target for hackers to find and exploit zero day vulnerabilities.
At Wordfence we are working hard to continue providing protection, early detection and excellent site performance when you install Wordfence on your WordPress website. To that end we now have two US based customer service representatives, Tim and Brian, dedicated to our open source forums who are providing a high level of support to our free customers and continue to give our paid customers priority in our Premium ticketing system. We also have a new Wordfence core developer, Matt based out in Maine, who has already started to check in his first few improvements. Wordfence has some exciting product announcements due later this quarter so watch this space.
Now on to business. Unfortunately cybersecurity did not take a break over the holiday season and so here is a quick roundup of the most important current vulnerabilities we’re tracking and that you should be aware of:
- The popular Pods content development framework for WordPress has a XSS and CSRF vulnerability. This was fixed in version 2.5 which was released on 30 December. Please upgrade immediately. (plugin is popular with over 200,000 downloads)
- The cformsII plugin suffers from a remote code execution vulnerability via unauthorized file upload. Please upgrade immediately to version 14.8 which contains a fix if you’re using this plugin. (plugin has approximately 20,000 downloads)
- The Banner Effect Header plugin has a XSS and CSRF vulnerability . This has been fixed in version 1.2.7 so upgrade if you’re using this plugin. (plugin has approximately 20,000 downloads)
Please upgrade immediately if you are using any of these plugins.
Wishing you a prosperous 2015!
~The Wordfence Team
Comments
11:53 am
Thanks a lot for all the information. It is really helpfull !!!!
11:54 am
Thank You! So happy to have found you last year. More and more of my web design and maintenance clients are expressing concern about their websites and I can tell them that we are using the best WP security plugin available.
Happy New Year!
Jeff @ NicholsWebManagement.com
12:07 pm
Just promise to keep the code clean and light.
Please Please Please do not go down the road of code/feature bloat like that "other" plugin!!!
Thanks :-)
12:27 pm
Thanks guys for keeping all of us in the loop! Awesome ... have a great 2015
12:35 pm
Mark, you and your team are nothing less than fantastic! Thanks for keeping us all in the loop with your terrific information. We all count on you more than you might know:-) mark
12:40 pm
Thank you so much! It's a comfort to know you're so on top of it!
12:47 pm
I only recently discovered your plugin- unfortunately after I was already hacked and had malware installed on my sites - which I'm still trying to sort. But I'm glad that your plugin is already thwarting additional attacks daily and I will certainly be recommending you to others! Thanks for having a free version for us micro businesses/personal bloggers.
12:57 pm
Just installed word fence so I appreciate these updates, keep up the good work.
Simon
12:57 pm
You guys rock! Wish I could afford the paid version, but what you give back to the WP community, even in the free version, is amazing. Other developers should take note and follow your lead. Thanks again for all your hard work and great product, and hope everyone there has an awesome 2015!
-- B
1:22 pm
It's true, even the free version is awesome. Lately hackers have been constantly trying to get into my site, as I see whenever I checked my blocked IPs. But I don't even have to think or worry about it, because Wordfence takes care of it. :)
4:40 pm
A BIG THANKS to you and your team!
Your free version is such a fabulous gift to the Wordpress community.
You deserve Mega success!
5:03 pm
Really appreciate the effort you have extended and look forward to upgrade soon
7:07 pm
Just discovered the Banner Effect Header Plugin causing a redirect on a friend's site.
Thanks for the update!
12:27 am
Worfence rocks! Great job!
4:43 am
Thank you for keeping us up to date.... I keep recommending your plugin because of the great work you do.
7:54 am
Thank you for letting all of us know, glad we are not using any of those. Keep up the good work!
6:15 pm
In early December, my recently launched wordpress based theater review website was the target of DDOS attacks and various other malfeasances. Wordfence was recommended by my host provider and since the day i installed it I've not had any site outages due to the bad guys...plus i installed the falcon engine which rocks! I was able to dial my server and cpu resources down to a minimum while still speeding up my site load times. I went with the paid version right away. excellent job!
12:41 am
Wow, thanks for the great feedback! Glad we could help Jack.
Regards,
Mark Maunder - Wordfence Founder.