This site uses cookies in accordance with our Privacy Policy.
Search Results
Suggestions:
High-Severity Vulnerabilities Patched in LearnPress
April 28, 2020
On March 16, 2020, LearnPress – WordPress LMS Plugin, a WordPress plugin with over 80,000 installations, patched a high-severity vulnerability that allowed subscriber-level users to elevate their permissions to those of an “LP Instructor”, a custom role with capabilities similar to the WordPress “author” role, including the ability to upload files and create posts containing …
Read More
Critical Vulnerabilities in the WP Lead Plus X WordPress Plugin
April 7, 2020
On March 3, 2020, our Threat intelligence team discovered a number of vulnerabilities in WP Lead Plus X, a WordPress plugin with over 70,000 installations designed to allow site owners to create landing and squeeze pages on their sites. These vulnerabilities allowed an authenticated attacker with minimal permissions, such as a subscriber, to create or …
Read More
Episode 72: WordPress 5.4 Released, Zoom Conferencing Safety & Security
April 6, 2020
This week, we look at the WordPress 5.4 release which includes turning distraction free editing on by default. We also look at new plugin vulnerabilities discovered by the Wordfence Threat Intelligence team, including those found in Rank Math and a Contact From 7 helper plugin. We review the new features recently added to Fast or …
Read More
Safety and Security While Video Conferencing with Zoom
April 2, 2020
With much of the world shifting to working from home due to public health concerns with COVID-19, video conferencing is booming. Businesses, and even schools, are turning to platforms such as Zoom, Microsoft Teams, Google hangouts and other technologies to stay connected. Zoom has come under fire in recent days due to security issues with …
Read More
Critical Vulnerabilities Affecting Over 200,000 Sites Patched in Rank Math SEO Plugin
March 31, 2020
On March 23, 2020, our Threat Intelligence team discovered 2 vulnerabilities in WordPress SEO Plugin – Rank Math, a WordPress plugin with over 200,000 installations. The most critical vulnerability allowed an unauthenticated attacker to update arbitrary metadata, which included the ability to grant or revoke administrative privileges for any registered user on the site. The …
Read More
Episode 71: Hackers Targeting COVID-19 Fears
March 25, 2020
With many of us under either lockdown or shelter-in-place orders due to the COVID-19/Corona virus, fear and stress are rampant. This additional stress lowers our critical thinking capabilities and increases our vulnerability. Hackers targeting these human vulnerabilities are using the global pandemic to attempt exploitation through numerous scams and phishing campaigns. We also cover plugin …
Read More
Vulnerabilities Patched in the Data Tables Generator by Supsystic Plugin
March 24, 2020
A few weeks ago, we disclosed several flaws that were patched in the Pricing Table by Supsystic plugin. On January 20th, our Threat Intelligence team discovered several similar vulnerabilities present in another product from Supsystic: Data Tables Generator by Supsystic, a WordPress plugin installed on over 30,000 sites. These flaws were very similar and allowed …
Read More
Episode 70: Customer Education and Agency Resiliency with Jon Bius
March 14, 2020
We chat with Jon Bius, a web developer at Biz Tools One, an agency in Fayetteville, NC, about how they use customer education to build relationships and differentiate their business. Jon has been helping customers build websites for over two decades, and he talks about how WordPress helps him empower his customers. In the news, …
Read More
Vulnerability Patched in Import Export WordPress Users
March 11, 2020
On February 26th, our Threat Intelligence team discovered a vulnerability in Import Export WordPress Users, a WordPress plugin installed on over 30,000 sites. The flaw allowed anybody with subscriber-level access or above to import new users via a CSV file, including administrative-level users. We reached out to the plugin’s developer on February 26th, who responded …
Read More
Episode 69: The Meteoric Growth of Elementor with Kfir Bitton
March 6, 2020
On February 26, WordPress page building platform Elementor announced that they had received $15 million in venture funding. After topping 4 million installations of their plugin in January, it appears that Elementor is on a path to do some big things with WordPress. This week, we chat with Elementor CRO Kfir Bitton from his office …
Read More
Breaking WordPress Security Research in your inbox as it happens.
