Wordfence Research and News

Blog icon
Category: WordPress Security
Post title on background showing lit matches

GoDaddy Breach Widens to tsoHost, Media Temple, 123Reg, Domain Factory, Heart Internet, and Host Europe

Yesterday GoDaddy disclosed a massive data breach impacting over 1.2 Million customers.
post title on background showing laptop

GoDaddy Breached – Plaintext Passwords – 1.2M Affected

There is an update available here: GoDaddy Breach Widens to tsoHost, Media Temple, 123Reg, Domain Factory, Heart Internet, and Host Europe This morning, GoDaddy disclosed that an unknown attacker had gained unauthorized access to the system used to provision the company’s Managed WordPress sites, impacting up to 1.2 million of their WordPress customers.

WooCommerce Extension – Reflected XSS Vulnerability

Note: To receive disclosures like this in your inbox the moment they’re published, you can subscribe to our WordPress Security Mailing List.
Post title on background showing stacked blocks with hand pulling out red block

Over 1 Million Sites Impacted by Vulnerability in Starter Templates Plugin

On October 4, 2021, the Wordfence Threat Intelligence team initiated the responsible disclosure process for the Starter Templates plugin, which is installed on over 1 Million WordPress websites.
Post Title on background showing paper being shredded

Vulnerability in WP DSGVO Tools (GDPR) Plugin Allows Unauthenticated Page Deletion

Note: To receive disclosures like this in your inbox the moment they’re published, you can subscribe to our WordPress Security Mailing List.
Post Title teaser on background showing ripped black and red posterboard

XSS Vulnerability in NextScripts: Social Networks Auto-Poster Plugin Impacts 100,000 Sites

Note: To receive disclosures like this in your inbox the moment they’re published, you can subscribe to our WordPress Security Mailing List.

1,000,000 Sites Affected by OptinMonster Vulnerabilities

Note: To receive disclosures like this in your inbox the moment they’re published, you can subscribe to our WordPress Security Mailing List.
Post title on background showing flames

Site Deletion Vulnerability in Hashthemes Plugin

Update: a previous version of this article incorrectly indicated that this vulnerability could be used for site takeover, we have updated this for accuracy, as the impact is instead complete loss of site content.

Vulnerability Patched in Sassy Social Share Plugin

Update: This article has been updated for accuracy: while we initially did create a rule to block this vulnerability we later found that the vulnerability was already blocked by an existing rule. 
Multiple Vulnerabilities in a Page Builder plugin put 90000 sites at risk

Multiple Vulnerabilities in Brizy Page Builder Plugin Allow Site Takeover

Note: To receive disclosures like this in your inbox the moment they’re published, you can subscribe to our WordPress Security Mailing List.
  • Ask Wordfence
  • General Security
  • Holiday
  • Learning
  • Long Read
  • Miscellaneous
  • Monthly Attack Activity Report
  • Podcasts
  • PSA
  • Research
  • SEO
  • Threat Research
  • Uncategorized
  • Videos
  • Vulnerabilities
  • Wordfence
  • Wordfence CLI
  • Wordfence Intelligence
  • WordPress Security

    • Breaking WordPress Security Research in your inbox as it happens.

    Example of a news story

    This site uses cookies in accordance with our Privacy Policy.