Wordfence Research and News

Blog icon
Category: WordPress Security
Combined Attack on Elementor Pro and Ultimate Addons for Elementor Puts 1 Million Sites at Risk

Combined Attack on Elementor Pro and Ultimate Addons for Elementor Puts 1 Million Sites at Risk

On May 6, 2020, our Threat Intelligence team received reports of active exploitation of vulnerabilities in two related plugins, Elementor Pro and Ultimate Addons for Elementor.
28,000 GoDaddy Hosting Accounts Compromised

28,000 GoDaddy Hosting Accounts Compromised

This is a public service announcement (PSA) from the Wordfence team regarding a security issue which may impact some of our customers.
Nearly a Million WP Sites Targeted in Large-Scale Attacks

Nearly a Million WP Sites Targeted in Large-Scale Attacks

Our Threat Intelligence Team has been tracking a sudden uptick in attacks targeting Cross-Site Scripting(XSS) vulnerabilities that began on April 28, 2020 and increased over the next few days to approximately 30 times the normal volume we see in our attack data.
Unpacking the 7 Vulnerabilities Patched in Today's WordPress 5.4.1. Security Update

Unpacking The 7 Vulnerabilities Fixed in Today’s WordPress 5.4.1 Security Update

WordPress Core version 5.4.1 has just been released. Since this release is marked as a combined security and bug fix update, we recommend updating as soon as possible.
High Severity Vulnerability Patched in Ninja Forms

High Severity Vulnerability Patched in Ninja Forms

On April 27, 2020, the Wordfence Threat Intelligence team discovered a Cross-Site Request Forgery(CSRF) vulnerability in Ninja Forms, a WordPress plugin with over 1 million installations.
High-Severity Vulnerabilities Patched in LearnPress

High-Severity Vulnerabilities Patched in LearnPress

On March 16, 2020, LearnPress – WordPress LMS Plugin, a WordPress plugin with over 80,000 installations, patched a high-severity vulnerability that allowed subscriber-level users to elevate their permissions to those of an “LP Instructor”, a custom role with capabilities similar to the WordPress “author” role, including the ability to upload files and create posts containing ...

High Severity Vulnerability Patched in Real-Time Find and Replace Plugin

On April 22, 2020, our Threat Intelligence team discovered a vulnerability in Real-Time Find and Replace, a WordPress plugin installed on over 100,000 sites.
Critical Vulnerabilities Patched in MapPress Maps Plugin

Critical Vulnerabilities Patched in MapPress Maps Plugin

On April 1, 2020, the Wordfence Threat Intelligence Team discovered two vulnerabilities in MapPress Maps for WordPress, a WordPress plugin with over 80,000 installations.

Unpatched High-Severity Vulnerability in Widget Settings Importer/Exporter Plugin

On March 12, 2020, our Threat Intelligence team discovered a stored Cross-Site Scripting (XSS) vulnerability in Widget Settings Importer/Exporter, a WordPress plugin with over 40,000 installations.

Vulnerability Patched in Accordion Plugin

A few weeks ago, our Threat Intelligence team discovered a vulnerability in Accordion, a WordPress plugin installed on over 30,000 sites.
  • Ask Wordfence
  • General Security
  • Holiday
  • Learning
  • Long Read
  • Miscellaneous
  • Monthly Attack Activity Report
  • Podcasts
  • PSA
  • Research
  • SEO
  • Threat Research
  • Uncategorized
  • Videos
  • Vulnerabilities
  • Wordfence
  • Wordfence CLI
  • Wordfence Intelligence
  • WordPress Security

    • Breaking WordPress Security Research in your inbox as it happens.

    Example of a news story

    This site uses cookies in accordance with our Privacy Policy.