This site uses cookies in accordance with our Privacy Policy.
Wordfence Research and News
Category: Research
Vulnerability in Google WordPress Plugin Grants Attacker Search Console Access
On April 21st, our Threat Intelligence team discovered a vulnerability in Site Kit by Google, a WordPress plugin installed on over 300,000 sites.
High Severity Vulnerability Patched in Ninja Forms
On April 27, 2020, the Wordfence Threat Intelligence team discovered a Cross-Site Request Forgery(CSRF) vulnerability in Ninja Forms, a WordPress plugin with over 1 million installations.
High Severity Vulnerability Patched in Real-Time Find and Replace Plugin
On April 22, 2020, our Threat Intelligence team discovered a vulnerability in Real-Time Find and Replace, a WordPress plugin installed on over 100,000 sites.
Multiple Attack Campaigns Targeting Recent Plugin Vulnerabilities
As part of our ongoing research efforts, the Wordfence Threat Intelligence team continually monitors our network for noteworthy threats facing WordPress.
WP-VCD Evolves To Remain Most Prevalent WordPress Infection
Early last month we released a comprehensive paper covering WP-VCD, the most prevalent malware campaign affecting the WordPress ecosystem in recent memory.
WP-VCD: The Malware You Installed On Your Own Site
One of the most prevalent malware infections facing the WordPress ecosystem in recent weeks is a campaign known as WP-VCD.
Ongoing Malvertising Campaign Evolves, Adds Backdoors and Targets New Plugins
In July, we reported on a malvertising campaign which was distributing redirect and popup code through a number of public vulnerabilities affecting the WordPress ecosystem.
Malicious WordPress Redirect Campaign Attacking Several Plugins
Over the past few weeks, our Threat Intelligence team has been tracking an active attack campaign targeting a selection of new and old WordPress plugin vulnerabilities.
Recent WordPress Vulnerabilities Targeted by Malvertising Campaign
The Defiant Threat Intelligence team has identified a malvertising campaign which is causing victims’ sites to display unwanted popup ads and redirect visitors to malicious destinations, including tech support scams, malicious Android APKs, and sketchy pharmaceutical ads.
Critical Vulnerability Patched in Ad Inserter Plugin
Description: Authenticated Remote Code Execution Affected Plugin: Ad Inserter Affected Versions: <= 2.4.21 CVSS Score: 9.9 (Critical) CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H On Friday, July 12th, our Threat Intelligence team discovered a vulnerability present in Ad Inserter, a WordPress plugin installed on over 200,000 websites.
Breaking WordPress Security Research in your inbox as it happens.
