Vulnerable plugins and themes are the #1 reason WordPress websites get hacked. The weekly WordPress Vulnerability Report powered by WPScan covers recent WordPress plugin, theme, and core vulnerabilities, and what to do if you run one of the vulnerable plugins or themes Continue reading WordPress Vulnerability Report – June 1, 2022
Vulnerability reports and responsible disclosures are essential for website security awareness and education. Automated attacks targeting known software vulnerabilities are one of the leading causes of website compromises. We’ve compiled a list of some important security updates and vulnerability patches Continue reading Vulnerability & Patch Round-up — May 2022
Vulnerable plugins and themes are the #1 reason WordPress websites get hacked. The weekly WordPress Vulnerability Report powered by WPScan covers recent WordPress plugin, theme, and core vulnerabilities, and what to do if you run one of the vulnerable plugins or themes Continue reading WordPress Vulnerability Report – May 25, 2022
Have you ever thought about why website security matters to your business? If you lock your office door when you leave at the end of the day, or you keep your money in a safe, you have a basic idea Continue reading Why Website Security Matters to Your Business
The number of credit card skimmers targeting WooCommerce websites has skyrocketed over the past year, and threat actors have become increasingly creative in the different ways they obfuscate their payloads to avoid traditional detection. During a recent investigation for an Continue reading Analyzing a WooCommerce Credit Card Skimmer
Vulnerable plugins and themes are the #1 reason WordPress websites get hacked. The weekly WordPress Vulnerability Report powered by WPScan covers recent WordPress plugin, theme, and core vulnerabilities, and what to do if you run one of the vulnerable plugins or themes Continue reading WordPress Vulnerability Report – May 18, 2022
On April 5, 2022, the Wordfence Threat Intelligence team initiated the responsible disclosure process for a set of vulnerabilities in the Jupiter and JupiterX Premium themes and the required JupiterX Core companion plugin for WordPress, which included a critical privilege Continue reading Critical Privilege Escalation Vulnerability in Jupiter and JupiterX Premium Themes
As a WordPress website owner, you already know that security plays a big role in keeping your operations safe from hacks and malicious attacks. But how do websites get hacked exactly? What is the process by which hackers attempt, and Continue reading How Do Websites Get Hacked?
The Wordfence Threat Intelligence team has been tracking a large-scale attack against a Remote Code Execution vulnerability in Tatsu Builder, which is tracked by CVE-2021-25094 and was publicly disclosed on March 24, 2022 by an independent security researcher. The issue Continue reading Millions of Attacks Target Tatsu Builder Plugin
Our remediation and research teams regularly find malicious redirects on client sites. These infections automatically redirect site visitors to third-party websites with malicious resources, scam pages, or commercial websites with the intention of generating illegitimate traffic. As outlined in our Continue reading Massive WordPress JavaScript Injection Campaign Redirects to Ads
Vulnerable plugins and themes are the #1 reason WordPress websites get hacked. The weekly WordPress Vulnerability Report powered by WPScan covers recent WordPress plugin, theme, and core vulnerabilities, and what to do if you run one of the vulnerable plugins or themes Continue reading WordPress Vulnerability Report – May 11, 2022
Since CAPTCHA was first introduced, it has undergone various iterations and evolutions. With each step, the aim always has been to make it easier for humans and more challenging for non-humans to pass the test. Over time, this led to Continue reading The different types of CAPTCHA checks for WordPress websites
If you’re serious about your website’s security, then it’s time to learn about the dangers of SQL injections and how you can combat them. In this guide, we’ll explain in detail what an SQL injection attack looks like, and the Continue reading SQL Injection: A Guide for WordPress Users
Vulnerable plugins and themes are the #1 reason WordPress websites get hacked. The weekly WordPress Vulnerability Report powered by WPScan covers recent WordPress plugin, theme, and core vulnerabilities, and what to do if you run one of the vulnerable plugins or themes Continue reading WordPress Vulnerability Report – May 4, 2022
Our research and remediation teams have noticed an increase in WooCommerce credit card skimmers on client sites over the past few years, as detailed in past blog posts. Due to the increased number of plugins and components facilitating online payments Continue reading WooCommerce Credit Card Skimmers Concealed In Fake Images
If you’re concerned about cross-site scripting and how it impacts your WordPress website, you’re definitely not being paranoid. While the vulnerability of cross-site scripting (also known as XSS), is not exclusive to WordPress site owners, its potential negative impacts on Continue reading Cross-Site Scripting: A Guide for WordPress Users
Our 2021 Website Threat Research Report details our findings and analysis of emerging and ongoing trends and threats in the website security landscape. We’ve put together this analysis to help keep website owners informed and aware of the dangers posed Continue reading Hacked Website Threat Report 2021
On April 18, 2022, the Wordfence Threat Intelligence team initiated the responsible disclosure process for an Object Injection vulnerability in the Booking Calendar plugin for WordPress, which has over 60,000 installations. We received a response the same day and sent Continue reading PHP Object Injection Vulnerability in Booking Calendar Plugin
Vulnerable plugins and themes are the #1 reason WordPress websites get hacked. The weekly WordPress Vulnerability Report powered by WPScan covers recent WordPress plugin, theme, and core vulnerabilities, and what to do if you run one of the vulnerable plugins or themes Continue reading WordPress Vulnerability Report – April 27, 2022
Vulnerability reports and responsible disclosures are essential for website security awareness and education. Automated attacks targeting known software vulnerabilities are one of the leading causes of website compromises. To help educate website owners on emerging threats to their environments, we’ve Continue reading Vulnerability Roundup – April 2022