This site uses cookies in accordance with our Privacy Policy.
Wordfence Research and News
Ninja Forms Shell Upload Vulnerability – Very High Risk
A few times a year we see very bad vulnerabilities come along.
Major Vulnerability in Freshdesk – Results from a recent Wordfence Red Team Exercise
Wordfence recently conducted a red team exercise on our own network.
Announcing a new Firewall, a Threat Defense Feed and a New Approach
This morning at 9am Pacific time we rolled out a new kind of firewall to over 1 Million active WordPress websites.
Panama Papers: Email Hackable via WordPress, Docs Hackable via Drupal
The Mossack Fonseca (MF) data breach, aka Panama Papers, is the largest data breach to journalists in history and includes over 4.8 million emails.
Mossack Fonseca Breach – WordPress Revolution Slider Plugin Possible Cause
Update: We have written a follow-up post on how an attacker may have moved laterally on the network from WordPress into the email server.
Vulnerability in User Role Editor – Users Can Become Admins
There is a major vulnerability in a popular plugin with over 300,000 active installs: User Role Editor 4.24 and older.
Get Rid of Data to Help Secure It
Last week I spent some time chatting with Mike Dahn who is the co-founder of the BSides information security conferences globally.
A Backdoored WordPress Plugin and 3 Additional Vulnerabilities
We have several plugin vulnerabilities we’d like to bring to your attention this week.
The Crypto Wars – How We Arrived at Apple vs United States
This week our team is in San Francisco attending the RSA 2016 Security conference.
WordPress-Delivered Ransomware and Hacked Linux Distributions
In a rather unfortunate turn of events earlier this month, the Hollywood Presbyterian Medical Center was infected with ransomware.
Breaking WordPress Security Research in your inbox as it happens.
