Wordfence Research and News

Blog icon
Category: Research
Featured image title text on background

WordPress Malware Camouflaged As Code

In today’s post we discuss emerging techniques that attackers are using to hide the presence of malware.

2021 Mid-Year WordPress Security Report: A Collaboration Between Wordfence and WPScan

Wordfence has collaborated with WPScan to conduct a 2021 mid-year review on the state of WordPress security.

Multiple Vulnerabilities Patched in WordPress Download Manager

On May 4, 2021, the Wordfence Threat Intelligence Team initiated the responsible disclosure process for WordPress Download Manager, a WordPress plugin installed on over 100,000 sites.

Easily Exploitable Critical Vulnerabilities Patched in ProfilePress Plugin

On May 27, 2021, the Wordfence Threat Intelligence team initiated the responsible disclosure process for several vulnerabilities that were discovered in ProfilePress, formerly WP User Avatar, a WordPress plugin installed on over 400,000 sites.

Service Vulnerabilities: Shared Hosting Symlink Security Issue Still Widely Exploited on Unpatched Servers

The Wordfence site cleaning team helps numerous customers recover from malware infections and site intrusions.
Featured Image: Title on background showing a mouse pointer clicking a URL bar

Cross-Site Request Forgery Patched in WP Fluent Forms

On March 2, 2021, the Wordfence Threat Intelligence team responsibly disclosed a Cross-Site Request Forgery(CSRF) vulnerability in WP Fluent Forms, a WordPress plugin installed on over 80,000 sites.

High Severity Vulnerability Patched in WooCommerce Stock Manager Plugin

On May 21, 2021, the Wordfence Threat Intelligence team initiated the responsible disclosure process for a vulnerability that we discovered in WooCommerce Stock Manager, a WordPress plugin installed on over 30,000 sites.
Featured image - Header text on background of padlock images on a screen

Malicious Attack Campaign Targeting Jetpack Users Reusing Passwords

The Wordfence Threat Intelligence and Site Cleaning teams have been tracking a malware campaign that redirects all site visitors to malvertising domains, while attempting to keep site administrators unaware of the infection.
Critical 0-day in Fancy Product Designer Under Active Attack Featerud Image (Text on rippled background)

Critical 0-day in Fancy Product Designer Under Active Attack

Update: A patched version of Fancy Product Designer, 4.6.9, is now available as of June 2, 2021.

Severe Vulnerabilities Patched in Simple 301 Redirects by BetterLinks Plugin

On April 8, 2021, the Wordfence Threat Intelligence team initiated the responsible disclosure process for several vulnerabilities discovered in Simple 301 Redirects by BetterLinks, a WordPress plugin installed on over 300,000 sites.