Wordfence Research and News

Blog icon

Revslider, MailPoet, GravityForms Exploits Bypass Cloudflare WAF

Update: We have received reports from a plugin vendor that there may be some confusion about whether or not the plugins referred to in this post are still vulnerable.

Interview with Security Researcher Pan Vagenas

At Wordfence I’m really proud of the team we have. Our team are all amazing people who work hard every day to help secure WordPress websites.

Top 50 Most Attacked WordPress Plugins This Week

Last week we shared the top 20 most attacked WordPress themes and an explanation of why many of them are targeted.

404 to 301 Plugin Considered Harmful

Yesterday we received a site cleaning request where one of our customers was seeing spammy links, Payday Loans in this case, injected into their WordPress website page content.

Panama Papers: Email Hackable via WordPress, Docs Hackable via Drupal

The Mossack Fonseca (MF) data breach, aka Panama Papers, is the largest data breach to journalists in history and includes over 4.8 million emails.

Mossack Fonseca Breach – WordPress Revolution Slider Plugin Possible Cause

Update: We have written a follow-up post on how an attacker may have moved laterally on the network from WordPress into the email server.
  • Ask Wordfence
  • General Security
  • Holiday
  • Learning
  • Long Read
  • Miscellaneous
  • Monthly Attack Activity Report
  • Podcasts
  • PSA
  • Research
  • SEO
  • Threat Research
  • Uncategorized
  • Videos
  • Vulnerabilities
  • Wordfence
  • Wordfence CLI
  • Wordfence Intelligence
  • WordPress Security

    • Breaking WordPress Security Research in your inbox as it happens.

    Example of a news story

    This site uses cookies in accordance with our Privacy Policy.