Wordfence 2015 Update and Three Plugin Vulnerabilities You Should Know About

2015 is going to be an exciting year for WordPress publishers. WordPress growth continues to accelerate and the focus this year is on security. The large install base that WordPress has makes it a very attractive target for hackers to find and exploit zero day vulnerabilities.

At Wordfence we are working hard to continue providing protection, early detection and excellent site performance when you install Wordfence on your WordPress website. To that end we now have two US based customer service representatives, Tim and Brian, dedicated to our open source forums who are providing a high level of support to our free customers and continue to give our paid customers priority in our Premium ticketing system. We also have a new Wordfence core developer, Matt based out in Maine, who has already started to check in his first few improvements. Wordfence has some exciting product announcements due later this quarter so watch this space.

Now on to business. Unfortunately cybersecurity did not take a break over the holiday season and so here is a quick roundup of the most important current vulnerabilities we’re tracking and that you should be aware of:

The popular Pods content development framework for WordPress has a XSS and CSRF vulnerability. This was fixed in version 2.5 which was released on 30 December. Please upgrade immediately. (plugin is popular with over 200,000 downloads)
The cformsII plugin suffers from a remote code execution vulnerability via unauthorized file upload. Please upgrade immediately to version 14.8 which contains a fix if you’re using this plugin. (plugin has approximately 20,000 downloads)
The Banner Effect Header plugin has a XSS and CSRF vulnerability . This has been fixed in version 1.2.7 so upgrade if you’re using this plugin. (plugin has approximately 20,000 downloads)

Please upgrade immediately if you are using any of these plugins.

Wishing you a prosperous 2015!

~The Wordfence Team

Comments

18 Comments

Javier

January 15, 2015
11:53 am

Thanks a lot for all the information. It is really helpfull !!!!
J Nichols

January 15, 2015
11:54 am

Thank You! So happy to have found you last year. More and more of my web design and maintenance clients are expressing concern about their websites and I can tell them that we are using the best WP security plugin available.
Happy New Year!
Jeff @ NicholsWebManagement.com
Mitch

January 15, 2015
12:07 pm

Just promise to keep the code clean and light.

Please Please Please do not go down the road of code/feature bloat like that "other" plugin!!!

Thanks :-)
WebmasterChiel

January 15, 2015
12:27 pm

Thanks guys for keeping all of us in the loop! Awesome ... have a great 2015
mark

January 15, 2015
12:35 pm

Mark, you and your team are nothing less than fantastic! Thanks for keeping us all in the loop with your terrific information. We all count on you more than you might know:-) mark
Jocelyn Myers

January 15, 2015
12:40 pm

Thank you so much! It's a comfort to know you're so on top of it!
Renee

January 15, 2015
12:47 pm

I only recently discovered your plugin- unfortunately after I was already hacked and had malware installed on my sites - which I'm still trying to sort. But I'm glad that your plugin is already thwarting additional attacks daily and I will certainly be recommending you to others! Thanks for having a free version for us micro businesses/personal bloggers.
simon

January 15, 2015
12:57 pm

Just installed word fence so I appreciate these updates, keep up the good work.
Simon
B Bergman

January 15, 2015
12:57 pm

You guys rock! Wish I could afford the paid version, but what you give back to the WP community, even in the free version, is amazing. Other developers should take note and follow your lead. Thanks again for all your hard work and great product, and hope everyone there has an awesome 2015!
-- B
Nyssa the Hobbit

January 15, 2015
1:22 pm

It's true, even the free version is awesome. Lately hackers have been constantly trying to get into my site, as I see whenever I checked my blocked IPs. But I don't even have to think or worry about it, because Wordfence takes care of it. :)
Rich

January 15, 2015
4:40 pm

A BIG THANKS to you and your team!

Your free version is such a fabulous gift to the Wordpress community.

You deserve Mega success!
Chuck Bartok

January 15, 2015
5:03 pm

Really appreciate the effort you have extended and look forward to upgrade soon
Sean

January 15, 2015
7:07 pm

Just discovered the Banner Effect Header Plugin causing a redirect on a friend's site.

Thanks for the update!
Fran

January 16, 2015
12:27 am

Worfence rocks! Great job!
Mario

January 16, 2015
4:43 am

Thank you for keeping us up to date.... I keep recommending your plugin because of the great work you do.
ey phua

January 19, 2015
7:54 am

Thank you for letting all of us know, glad we are not using any of those. Keep up the good work!
Jack Quinn

January 19, 2015
6:15 pm

In early December, my recently launched wordpress based theater review website was the target of DDOS attacks and various other malfeasances. Wordfence was recommended by my host provider and since the day i installed it I've not had any site outages due to the bad guys...plus i installed the falcon engine which rocks! I was able to dial my server and cpu resources down to a minimum while still speeding up my site load times. I went with the paid version right away. excellent job!