This site uses cookies in accordance with our Privacy Policy.
Search Results
Suggestions:
Critical Vulnerability Patched in External Media Plugin
May 13, 2021
On February 2, 2021, our Threat Intelligence team responsibly disclosed the details of a vulnerability in External Media, a WordPress plugin used by over 8,000 sites. This flaw made it possible for authenticated users, such as subscribers, to upload arbitrary files on any site running the plugin. This vulnerability could be used to achieve remote …
Read More
Widespread Attacks Continue Targeting Vulnerabilities in The Plus Addons for Elementor Pro
April 19, 2021
Over the past 10 days, Wordfence has blocked over 14 million attacks targeting Privilege Escalation Vulnerabilities in The Plus Addons for Elementor Pro on over 75% of sites reporting attacks during this period. By April 13, 2021, this campaign was targeting more sites than all other campaigns put together. Number of sites attacked per day …
Read More
Ten Password Mistakes That Could Get Your WordPress Site Hacked
April 7, 2021
A few months ago on Wordfence Live, we reviewed some of the worst website hacks we’ve ever seen. Every one of them started with poor password choices and escalated into a disastrous event for the site owner. From these common hacks, we have many cautionary tales of site security that could have been prevented by …
Read More
One Million Sites Affected: Four Severe Vulnerabilities Patched in Ninja Forms
February 16, 2021
On January 20, 2021, our Threat Intelligence team responsibly disclosed four vulnerabilities in Ninja Forms, a WordPress plugin used by over one million sites. One of these flaws made it possible for attackers to redirect site administrators to arbitrary locations. The second flaw made it possible for attackers with subscriber level access or above to …
Read More
Unpatched Vulnerability: 50,000 WP Sites Must Find Alternative for Contact Form 7 Style
February 4, 2021
On December 9, 2020, the Wordfence Threat Intelligence team discovered a Cross-Site Request Forgery (CSRF) to Stored Cross Site Scripting (XSS) vulnerability in Contact Form 7 Style, a WordPress plugin installed on over 50,000 sites. Please note that this is a separate plugin from “Contact Form 7” and is designed as an add-on to that …
Read More
Episode 102: Disruption Presents Opportunity
January 29, 2021
After a disruptive year in 2020, there are new challenges in 2021, but also immense opportunities in numerous fields. In a deep and wide-ranging conversation, Mark Maunder and Kathy Zant discuss artificial intelligence, whether or not we’re living in simulation, cryptocurrencies and the opportunities of blockchain technology, open source communities and publishing, avoiding scams and …
Read More
Who Attacked SolarWinds and Why WordPress Users Need to Know
December 24, 2020
Chloe Chamberland is a threat analyst and member of the Wordfence Threat Intelligence Team. She holds the following certifications: OSCP, OSWP, OSWE, Security+, CySA+, PenTest+, CASP+, SSCP, Associate of (ISC)2, CEH, ECSA and eWPT. Many of these are advanced certifications including OSCP and OSWE which are 24 and 48 hour exams respectively, that require hands-on …
Read More
Episode 99: SolarWinds Supply Chain Attack Affects Government and Fortune 500 Businesses
December 18, 2020
Earlier this week, we learned that SolarWinds, the largest provider of network management tools for government and enterprise organizations fell victim to a supply chain attack. This attack affected their Orion network management system. Reportedly, 18,000 enterprise and government customers installed malware that was digitally signed by a valid certificate as part of an update …
Read More
WordPress 5.6 Introduces a New Risk to Your Site: What to Do
December 8, 2020
WordPress 5.6, the final major release planned for 2020, comes out today, on December 8, 2020. It includes a few major features and updates, as well as a huge number of minor enhancements and bug fixes. A few changes have immediate implications for security and compatibility which we’ve highlighted in this post for WordPress users. …
Read More
Episode 95: Critical Privilege Escalation Vulnerabilities Affect Over 100K WordPress Sites
November 13, 2020
Three critical privilege escalation vulnerabilities in the Ultimate Member plugin put over 100,000 sites at risk. We also talk about the Page Experience metric to be added as a ranking signal for Google search in May 2021 and what this means for WordPress sites using page builders or Gutenberg. Microsoft warns against using telephone/SMS-based multi-factor …
Read More
Breaking WordPress Security Research in your inbox as it happens.
