Wordfence Research and News

Blog icon
Category: WordPress Security

The NoneNone Brute Force Attacks: Even Hackers Need QA

For the last few weeks we’ve seen and blocked an increase in brute-force, credential stuffing, and dictionary attacks targeting the WordPress xmlrpc.php endpoint, on some days exceeding 150 million attacks against 1.9 million sites in a 24-hour period.
Reflected XSS in Pagelayer plugin impacts over 200,000 sites

Reflected XSS in PageLayer Plugin Affects Over 200,000 WordPress Sites

On November 4, 2020, the Wordfence Threat Intelligence team found two reflected Cross-Site Scripting (XSS) vulnerabilities in PageLayer, a WordPress plugin installed on over 200,000 sites.
WordPress 5.6 Introuduces a new risk to your site. What to do.

WordPress 5.6 Introduces a New Risk to Your Site: What to Do

WordPress 5.6, the final major release planned for 2020, comes out today, on December 8, 2020.
PHP8: What WordPress users need to know feature image

PHP 8: What WordPress Users Need to Know

PHP 8.0 is set to be released on November 26, 2020.
Wordfence Site Cleaning Guarantee

Wordfence Site Cleaning Guarantee Extended to 1 Year

Today, we’re pleased to announce that all customers of Wordfence site cleaning services receive an 1-year clean site guarantee.
Large Scale Attacks Target Epsilon Framework Themes feature image

Large-Scale Attacks Target Epsilon Framework Themes

On November 17, 2020, our Threat Intelligence team noticed a large-scale wave of attacks against recently reported Function Injection vulnerabilities in themes using the Epsilon Framework, which we estimate are installed on over 150,000 sites.

Critical Privilege Escalation Vulnerabilities Affect 100K Sites Using Ultimate Member Plugin

On October 23, 2020, our Threat Intelligence team responsibly disclosed several vulnerabilities in Ultimate Member, a WordPress plugin installed on over 100,000 sites.
Object Injection Vulnerabilityi in Welcart e-Commerce feature image

Object Injection Vulnerability in Welcart e-Commerce Plugin

On October 6, 2020, our Threat Intelligence team discovered a High-Severity Object Injection vulnerability in Welcart e-Commerce, a WordPress plugin with over 20,000 installations that claims top market share in Japan.
Unpacking the 5.5.2 and 5.5.3 Release

Unpacking the WordPress 5.5.2/5.5.3 Security Release

On Thursday, October 29, the WordPress core team released WordPress version 5.5.2.
Emergency WP 5.5.3 Release

Emergency WP 5.5.3 Release

The WordPress core team has released an emergency release of WordPress 5.5.3, just one day after the release of version 5.5.2.
  • Ask Wordfence
  • General Security
  • Holiday
  • Learning
  • Long Read
  • Miscellaneous
  • Monthly Attack Activity Report
  • Podcasts
  • PSA
  • Research
  • SEO
  • Threat Research
  • Uncategorized
  • Videos
  • Vulnerabilities
  • Wordfence
  • Wordfence CLI
  • Wordfence Intelligence
  • WordPress Security

    • Breaking WordPress Security Research in your inbox as it happens.

    Example of a news story

    This site uses cookies in accordance with our Privacy Policy.