Last week, there were 86 vulnerabilities disclosed in 68 WordPress Plugins and 3 WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 36 Vulnerability Researchers that contributed to WordPress Security last week. Review those Continue reading Wordfence Intelligence Weekly WordPress Vulnerability Report (August 7, 2023 to August 13, 2023)
Since last week, 90 total vulnerabilities emerged in public disclosure. They may affect over one million WordPress sites. There are 49 plugin vulnerabilities and five theme vulnerabilities with security patches, so run those updates! Additionally, there are 35 plugin vulnerabilities Continue reading WordPress Vulnerability Report – August 16, 2023
As part of our product lineup, we offer security monitoring and malware removal services to our Wordfence Care and Response customers. In the event of a security incident, our incident response team will investigate the root cause, find and remove Continue reading Threat Actors Using Obfuscation in Attempt to Evade Detection
A vast majority of website malware employ the ever-familiar HTTP/HTTPS protocols for its malicious activities. But, we also periodically confront more interesting hybrid malware leveraging various other internet protocols. For example, malware sending email spam, DDoS tools creating floods of Continue reading From Google DNS to Tech Support Scam Sites: Unmasking the Malware Trail
On July 9, 2023, our Wordfence Threat Intelligence team identified and began the responsible disclosure process for a Privilege Escalation vulnerability in weDevs’s WP Project Manager plugin, which is actively installed on more than 10,000 WordPress websites. This vulnerability makes Continue reading weDevs Addresses Privilege Escalation Vulnerability in WP Project Manager WordPress Plugin
Since last week, only 30 total vulnerabilities emerged in public disclosure, but they include the popular Advanced Custom Fields (ACF) plugin. ACF is used on over two million active WordPress sites. Fortunately, a patch is available immediately for ACF and Continue reading WordPress Vulnerability Report – August 9, 2023
In the first 6 months of 2023, our team has already added 2,471[1] individual vulnerability records to the Wordfence Intelligence WordPress Vulnerability Database. These vulnerabilities affected 1,680[2] WordPress software components. This means we have already surpassed the total number of Continue reading Demystifying the WordPress Vulnerability Landscape: 2023 Mid-Year Wordfence Intelligence WordPress Vulnerability Review Leveraging ChatGPT
Last week, there were 64 vulnerabilities disclosed in 66 WordPress Plugins and 3 WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 32 Vulnerability Researchers that contributed to WordPress Security last week. Review those Continue reading Wordfence Intelligence Weekly WordPress Vulnerability Report (July 24, 2023 to July 30, 2023)
Since last week, 94 total vulnerabilities emerged in public disclosure. They may affect over 7 million WordPress sites. There are 56 plugin vulnerabilities with security patches, so run those updates! Additionally, there are 35 plugin vulnerabilities and three theme vulnerabilities Continue reading WordPress Vulnerability Report – August 2, 2023
On June 8, 2023, our Wordfence Threat Intelligence team identified and began the responsible disclosure process for an Authentication Bypass vulnerability in WebToffee’s Stripe Payment Plugin for WooCommerce plugin, which is actively installed on more than 10,000 WordPress websites. This Continue reading WebToffee Addresses Authentication Bypass Vulnerability in Stripe Payment Plugin for WooCommerce WordPress Plugin
Vulnerability reports and responsible disclosures are essential for website security awareness and education. Automated attacks targeting known software vulnerabilities are one of the leading causes of website compromises. To help educate website owners on emerging threats to their environments, we’ve Continue reading WordPress Vulnerability & Patch Roundup July 2023
Earlier this week we became aware that malicious actors are using Wordfence brand image to run a phishing scam on WordPress and Wordfence users, posing as unknown login notifications from their own website while linking to a fake login page, Continue reading PSA: Wordfence Brand Being Actively Used in Phishing Campaigns
Since last week, 329 total vulnerabilities emerged in public disclosure. They may affect over 7 million WordPress sites. There are 209 plugin vulnerabilities and 18 theme vulnerabilities with security patches, so run those updates! Additionally, there are 66 plugin vulnerabilities Continue reading WordPress Vulnerability Report – July 27, 2023
Last week, there were 62 vulnerabilities disclosed in 1035 WordPress Plugins and 90 WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 36 Vulnerability Researchers that contributed to WordPress Security last week. Review those Continue reading Wordfence Intelligence Weekly WordPress Vulnerability Report (July 17, 2023 to July 23, 2023)
Note: We accidentally sent out an email for this report with last weeks subject line. Due to the subject line not being very different week to week for this report, we opted to just leave it as is and not Continue reading Wordfence Intelligence Weekly WordPress Vulnerability Report (July 10, 2023 to July 16, 2023)
Since last week, 80 total vulnerabilities emerged in public disclosure. They may affect over 5 million WordPress sites. There are 55 plugin vulnerabilities with security patches available, so run those updates! Additionally, there are 23 plugin vulnerabilities and two theme Continue reading WordPress Vulnerability Report – July 19, 2023
“Never Assume Anything” – that is the 4th Guiding Principle written in the Security section of the WordPress Common APIs Handbook for developers. When it comes to WordPress plugin security, assumptions can be dangerous. This became evident when the Wordfence Continue reading “Never Assume Anything” – Unauthenticated Stored Cross-Site Scripting Vulnerability Exposed in 14 Email Logging Plugins
The Wordfence Threat Intelligence team has been monitoring an ongoing exploit campaign targeting a recently disclosed vulnerability in WooCommerce Payments, a plugin installed on over 600,000 sites. Large-scale attacks against the vulnerability, assigned CVE-2023-28121, began on Thursday, July 14, 2023 Continue reading Massive Targeted Exploit Campaign Against WooCommerce Payments Underway
Last week, there were 61 vulnerabilities disclosed in 54 WordPress Plugins and 1 WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 28 Vulnerability Researchers that contributed to WordPress Security last week. Review those Continue reading Wordfence Intelligence Weekly WordPress Vulnerability Report (July 3, 2023 to July 9, 2023)
During a recent investigation, our malware remediation team encountered a variant of a common malware injection that has been active since at least 2017. The malware was found hijacking the website’s traffic, redirecting visitors via a parked third-party domain to Continue reading Malicious Injection Redirects Traffic via Parked Domain