Security – Page 11

Latest Release of Contact Form 7 Didn’t Actually Fix Authenticated (Editor+) Arbitrary File Upload Vulnerability

Posted on 1 December 2023 by

Recently, the WordPress security provider Wordfence was criticizing another provider, Patchstack, for incentivizing low quality claims of vulnerabilities in WordPress plugins: There are an extremely high number of low risk and low quality vulnerabilities being submitted to databases like Patchstack,” Continue reading Latest Release of Contact Form 7 Didn’t Actually Fix Authenticated (Editor+) Arbitrary File Upload Vulnerability→

PSA: Fake CVE-2023-45124 Phishing Scam Tricks Users Into Installing Backdoor Plugin

Posted on 1 December 2023 by

The Wordfence Threat Intelligence Team has recently been informed of a phishing campaign targeting WordPress users. The Phishing email claims to be from the WordPress team and warns of a Remote Code Execution vulnerability on the user’s site with an Continue reading PSA: Fake CVE-2023-45124 Phishing Scam Tricks Users Into Installing Backdoor Plugin→

Developer of Solid Security Thinks That Their Plugin Shouldn’t Be Easier To Secure Than Chrome Web Browser

Posted on 1 December 2023 by

This week we have covered plenty of questionable behavior by the developer of the 900,000+ install WordPress security plugin Solid Security. From focusing their plugin on a non-existent threat to responding to the plugin failing to prevent an infection by Continue reading Developer of Solid Security Thinks That Their Plugin Shouldn’t Be Easier To Secure Than Chrome Web Browser→

Earn up to $10,000 for Vulnerabilities in WordPress Software – 6X Rewards in the Wordfence Holiday Bug Extravaganza!

Posted on 1 December 2023 by

At Wordfence our mission is to Secure The Web. WordPress powers over 40% of the Web, and Wordfence secures over 4 million WordPress websites. Today we are announcing that for the next 20 days, Wordfence will be paying out some Continue reading Earn up to $10,000 for Vulnerabilities in WordPress Software – 6X Rewards in the Wordfence Holiday Bug Extravaganza!→

Solid Security vs Wordfence

Posted on 30 November 2023 by

The most important thing to know about WordPress firewall plugins is the amount of protection they offer against real threats, but we are somehow the only ones that do testing that would measure that. A lot of the claimed threats Continue reading Solid Security vs Wordfence→

Skimming Credit Cards with WebSockets

Posted on 30 November 2023 by

If you were to believe shopping mall merchants, you’d think the holiday season starts immediately after Halloween. Christmas trees and candy canes abound, along with the same songs played on repeat that we hear every year ad nauseam. However, the Continue reading Skimming Credit Cards with WebSockets→

Siteground’s Security Plugin’s Advanced XSS Protection Isn’t Protection, Advanced or Otherwise

Posted on 30 November 2023 by

SiteGround recently rebranded their SiteGround Security plugin for WordPress to Security Optimizer. That plugin has 1+ million installs according to WordPress.org stats. Like a lot of security plugins, the developer makes strong claims about what it offers. They start their Continue reading Siteground’s Security Plugin’s Advanced XSS Protection Isn’t Protection, Advanced or Otherwise→

Developer Responds to Solid Security Pro Not Preventing Infection by Claiming It is Focused on Malware Prevention

Posted on 30 November 2023 by

A recent negative review of the WordPress security plugin Solid Security claimed that the reviewer was using the Pro version and “my website was infected while this plugin was installed, so it was not really helpful to prevent the infection.” Continue reading Developer Responds to Solid Security Pro Not Preventing Infection by Claiming It is Focused on Malware Prevention→

Wordfence Intelligence Weekly WordPress Vulnerability Report (November 20, 2023 to November 26, 2023)

Posted on 30 November 2023 by

Wordfence just launched its bug bounty program. For the first 6 months, all awarded bounties receive a 10% bonus. View the announcement to learn more now! Last week, there were 115 vulnerabilities disclosed in 87 WordPress Plugins and 1 WordPress Continue reading Wordfence Intelligence Weekly WordPress Vulnerability Report (November 20, 2023 to November 26, 2023)→

Solid Security Firewall Review: It Doesn’t Contain One and Doesn’t Prevent Exploitation of Plugin Vulnerabilities

Posted on 29 November 2023 by

Recently, the iThemes Security plugin was rebranded as Solid Security. Alongside that came new misleading marketing about what protection it offers. Among those is the claim that “Solid Security shields your site from cyberattacks and prevents security vulnerabilities.” They also Continue reading Solid Security Firewall Review: It Doesn’t Contain One and Doesn’t Prevent Exploitation of Plugin Vulnerabilities→

The Developer of BulletProof Security Pro Knows it Doesn’t Actually Protect Against Most Zero-Days

Posted on 29 November 2023 by

On the forum for the WordPress security plugin BulletProof Security Pro, someone asked if the plugin can protect against zero-days: I’m wondering if BPS Pro can protect us against zero-day vulnerabilities discovered in plugins. [Read more] ShareTweetSharePostSharePin It!

HTTPS Protocol: What is the Default Port for SSL & Common TCP Ports

Posted on 28 November 2023 by

SSL port numbers serve as communication endpoints for transmitting or receiving data. One of the primary functions of these ports is to establish a secure connection between a web page and a website hosting server or the CDN/WAF that might Continue reading HTTPS Protocol: What is the Default Port for SSL & Common TCP Ports→

Shield Security Firewall Review: It’s Been Broken For a Year and a Half

Posted on 28 November 2023 by

The developer of the WordPress security plugin Shield Security has long made strange claims about their plugin and how it compares to other plugins. Currently, they market it in part with this claim: Shield is the only security plugin for Continue reading Shield Security Firewall Review: It’s Been Broken For a Year and a Half→

900,000+ Install WordPress Security Plugin Solid Security Focused on Non-Existent Threat

Posted on 28 November 2023 by

Recently the less popular than it used to be, but still used on at least 900,000 websites, WordPress security plugin iThemes Security was rebranded as Solid Security. Alongside that came new marketing for the plugin. The previous marketing was not Continue reading 900,000+ Install WordPress Security Plugin Solid Security Focused on Non-Existent Threat→

Patchstack vs Wordfence WordPress Plugin Vulnerability Data: It’s Largely The Same Inaccurate Data

Posted on 27 November 2023 by

When it comes to protecting WordPress websites from vulnerabilities in WordPress plugins, one piece of the solution involves being warned if you are using plugins with known vulnerabilities. Doing that well requires doing a lot of work. That is something Continue reading Patchstack vs Wordfence WordPress Plugin Vulnerability Data: It’s Largely The Same Inaccurate Data→

Patchstack’s Plugin Vulnerability Data Continues to Not Be Impeccable Either

Posted on 27 November 2023 by

There are many sources for data on WordPress plugin vulnerabilities. Or there appears to be. In reality, most sources are simply copying their data from the others. The results of that are often quite poor, which the providers simply deny. Continue reading Patchstack’s Plugin Vulnerability Data Continues to Not Be Impeccable Either→

WordPress Vulnerability & Patch Roundup November 2023

Posted on 24 November 2023 by

Vulnerability reports and responsible disclosures are essential for website security awareness and education. Automated attacks targeting known software vulnerabilities are one of the leading causes of website compromises. To help educate website owners on emerging threats to their environments, we’ve Continue reading WordPress Vulnerability & Patch Roundup November 2023→

Wordfence Intelligence Weekly WordPress Vulnerability Report (November 13, 2023 to November 19, 2023)

Posted on 23 November 2023 by

Wordfence just launched its bug bounty program. For the first 6 months, all awarded bounties receive a 10% bonus. View the announcement to learn more now! Last week, there were 126 vulnerabilities disclosed in 102 WordPress Plugins and 2 WordPress Continue reading Wordfence Intelligence Weekly WordPress Vulnerability Report (November 13, 2023 to November 19, 2023)→

Several Critical Vulnerabilities including Privilege Escalation, Authentication Bypass, and More Patched in UserPro WordPress Plugin

Posted on 21 November 2023 by

On May 1, 2023, the Wordfence Threat Intelligence team began the responsible disclosure process for multiple high and critical severity vulnerabilities we discovered in Kirotech’s UserPro plugin, which is actively installed on more than 20,000 WordPress websites. Wordfence Premium, Wordfence Care, Continue reading Several Critical Vulnerabilities including Privilege Escalation, Authentication Bypass, and More Patched in UserPro WordPress Plugin→

What Impact Does Two-Factor Authentication (2FA) Have On Hackings Through WordPress Plugin Vulnerabilities?

Posted on 21 November 2023 by

On the WordPress Support Forum, someone asked not that long ago if two-factor authentication (2FA) would prevent websites being hacked through security flaws in WordPress plugins? It’s a good question and another security provider didn’t really answer the question. For Continue reading What Impact Does Two-Factor Authentication (2FA) Have On Hackings Through WordPress Plugin Vulnerabilities?→