Wordfence Research and News

Blog icon
Category: Research

The Official Facebook Chat Plugin Created Vector for Social Engineering Attacks

On June 26, 2020, our Threat Intelligence team discovered a vulnerability in The Official Facebook Chat Plugin, a WordPress plugin installed on over 80,000 sites.

Critical Vulnerability Exposes over 700,000 Sites Using Divi, Extra, and Divi Builder

On July 23, 2020, our Threat Intelligence team discovered a vulnerability present in two themes by Elegant Themes, Divi and Extra, as well as Divi Builder, a WordPress plugin.
Newsletter Plugin Feature Image

Newsletter Plugin Vulnerabilities Affect Over 300,000 Sites

On July 13, 2020, our Threat Intelligence team was alerted to a recently patched vulnerability in Newsletter, a WordPress plugin with over 300,000 installations.
High Severity Vulnerability Patched In TC Custom JavaScript feature image

High Severity Vulnerability Patched in TC Custom JavaScript

On June 12, 2020, Wordfence Threat Intelligence discovered an unauthenticated stored Cross-Site Scripting(XSS) vulnerability in TC Custom JavaScript, a WordPress plugin with over 10,000 installations.

2 Million Users Affected by Vulnerability in All in One SEO Pack

On July 10, 2020, our Threat Intelligence team discovered a vulnerability in All In One SEO Pack, a WordPress plugin installed on over 2 million sites.
XSS Flaw Impacting 100k Sites Patched in KingComposer Feature Image

XSS Flaw Impacting 100,000 Sites Patched in KingComposer

On June 15, 2020, our Threat Intelligence team was made aware of a number of access control vulnerabilities that had recently been disclosed in KingComposer, a WordPress plugin installed on over 100,000 sites.
Critical Vulnerabilities Patched in Adning Advertising Plugin Feature Image

Critical Vulnerabilities Patched in Adning Advertising Plugin

On June 24, 2020, our Threat Intelligence team was made aware of a possible vulnerability in the Adning Advertising plugin, a premium plugin with over 8,000 customers.

Large Scale Attack Campaign Targets Database Credentials

Between May 29 and May 31, 2020, the Wordfence Firewall blocked over 130 million attacks intended to harvest database credentials from 1.3 million sites by downloading their configuration files.

High Severity Vulnerabilities in PageLayer Plugin Affect Over 200,000 WordPress Sites

A few weeks ago, our Threat Intelligence team discovered several vulnerabilities present in Page Builder: PageLayer – Drag and Drop website builder, a WordPress plugin actively installed on over 200,000 sites.

The Elementor Attacks: How Creative Hackers Combined Vulnerabilities to Take Over WordPress Sites

On May 6, our Threat Intelligence team was alerted to a zero-day vulnerability present in Elementor Pro, a WordPress plugin installed on approximately 1 million sites.