One of the most common problems that we observe among many of our clients is the persistent threat of cross contamination – that is, malware that spreads from one website to another when they are hosted in the same environment. Continue reading New Guide on Secure VPS Configuration
Today, on June 29, 2023, the Wordfence Threat Intelligence Team became aware of an unpatched privilege escalation vulnerability being actively exploited in Ultimate Member, a WordPress plugin installed on over 200,000 sites, through our vulnerability changelog monitoring we do to Continue reading PSA: Unpatched Critical Privilege Escalation Vulnerability in Ultimate Member Plugin Being Actively Exploited
New research from Snicco, WeWatchYourWebsite, Automattic-backed GridPane, and PatchStack reveals WordPress malware scanners that operate as plugins in a compromised environment are fundamentally flawed. Malware scanners are cleanup tools at best for already-compromised sites. They’re not a solid line of Continue reading Why WordPress Malware Scanners Are Worthless
Last week, there were 84 vulnerabilities disclosed in 76 WordPress Plugins and 2 WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 42 Vulnerability Researchers that contributed to WordPress Security last week. Review those Continue reading Wordfence Intelligence Weekly WordPress Vulnerability Report (June 19, 2023 to June 25, 2023)
This week, 140 total vulnerabilities emerged in public disclosure. They may affect over 13 million WordPress sites. There are 116 plugin vulnerabilities and one theme vulnerability that has security patches available, so run those updates! Additionally, there are 23 plugin Continue reading WordPress Vulnerability Report – June 28, 2023
On May 28, 2023, our Wordfence Threat Intelligence team identified and began the responsible disclosure process for an Authentication Bypass vulnerability in miniOrange’s WordPress Social Login and Register plugin, which is actively installed on more than 30,000 WordPress websites. The Continue reading miniOrange Addresses Authentication Bypass Vulnerability in WordPress Social Login and Register WordPress Plugin
Vulnerability reports and responsible disclosures are essential for website security awareness and education. Automated attacks targeting known software vulnerabilities are one of the leading causes of website compromises. To help educate website owners on emerging threats to their environments, we’ve Continue reading WordPress Vulnerability & Patch Roundup June 2023
On June 5, 2023, our Wordfence Threat Intelligence team identified, and began the responsible disclosure process, for an Arbitrary User Password Change vulnerability in LearnDash LMS plugin, a WordPress plugin that is actively installed on more than 100,000 WordPress websites Continue reading Arbitrary User Password Change Vulnerability in LearnDash LMS WordPress Plugin
Readers of this blog will know that attackers are constantly finding new ways to hide their malware and avoid detection; after all, that’s what good malware does best! We have recently observed attackers leveraging both excessive amounts of unicode as Continue reading Remote Code Execution Backdoor Uses Unicode Obfuscation & Non-Standard File Extensions
Last week, there were 60 vulnerabilities disclosed in 52 WordPress Plugins and no WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 25 Vulnerability Researchers that contributed to WordPress Security last week. Review those Continue reading Wordfence Intelligence Weekly WordPress Vulnerability Report (June 12, 2023 to June 18, 2023)
This week, 79 total vulnerabilities emerged in public disclosure. They may affect over 3 million WordPress sites. There are 55 plugin vulnerabilities that have security patches available, so run those updates! Additionally, there are 24 plugin vulnerabilities with no patch Continue reading WordPress Vulnerability Report – June 21, 2023
WooCommerce is a widely used e-commerce platform, powering nearly 6 million online stores worldwide. Its popularity makes it a prime target for cybercriminals looking to exploit vulnerabilities and steal sensitive data and credit card information. In fact, according to data Continue reading New WooCommerce Security Best Practices Guide
As a principle weapon in the hacker’s arsenal, phishing attacks have withstood the test of time, remaining a constant threat in the ever-evolving realm of cyber attacks. For years, hackers have relied on the deceptive art of social engineering to Continue reading What is a WordPress Phishing Attack?
On May 22, 2023, our Wordfence Threat Intelligence team identified and began the responsible disclosure process for an Authentication Bypass vulnerability in StylemixThemes’s BookIt plugin, which is actively installed on more than 10,000 WordPress websites. The vulnerability makes it possible Continue reading StylemixThemes Addresses Authentication Bypass Vulnerability in BookIt WordPress Plugin
On May 29, 2023, our Wordfence Threat Intelligence team identified and began the responsible disclosure process for an Authentication Bypass vulnerability in Tyche Softwares’s Abandoned Cart Lite for WooCommerce plugin, which is actively installed on more than 30,000 WordPress websites. Continue reading Tyche Softwares Addresses Authentication Bypass Vulnerability in Abandoned Cart Lite for WooCommerce WordPress Plugin
Last week, there were 45 vulnerabilities disclosed in 30 WordPress Plugins and no WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 17 Vulnerability Researchers that contributed to WordPress Security last week. Review those Continue reading Wordfence Intelligence Weekly WordPress Vulnerability Report (June 5, 2023 to June 11, 2023)
This week, 56 total vulnerabilities emerged in public disclosure. They may affect over 4 million WordPress sites. There are 37 plugin vulnerabilities and three in themes that have security patches available, so run those updates! Additionally, there are 16 plugin Continue reading WordPress Vulnerability Report – June 14, 2023
In the realm of WordPress security, there’s a powerful tag team working tirelessly behind the scenes to safeguard your website’s login process. Meet salts and security keys, the cryptographic wonders responsible for protecting the sensitive information housed within the cookies Continue reading What Are WordPress Salts & Security Keys?
A 403 error can be a frustrating interruption to anyone’s day; it can lead to exasperated website visitors, even leading to lost traffic and website revenue depending on the affected page. When you (or your site visitors) encounter an unexpected Continue reading What is a 403 Error & How to Fix It
Last week, there were 116 vulnerabilities disclosed in 88 WordPress Plugins and 3 WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 35 Vulnerability Researchers that contributed to WordPress Security last week. Review those Continue reading Wordfence Intelligence Weekly WordPress Vulnerability Report (May 29, 2023 to June 4, 2023)