Updates on WordPress security, Wordfence and what we're cooking in the lab today.

Wordfence Blog

Easily Exploitable Vulnerabilities Patched in WP Database Reset Plugin

This entry was posted in Vulnerabilities, WordPress Security on January 16, 2020 by Chloe Chamberland   1 Reply

On January 7th, our Threat Intelligence team discovered vulnerabilities in WP Database Reset, a WordPress plugin installed on over 80,000 websites. One of these flaws allowed any unauthenticated user to reset any table from the database to the initial WordPress set-up state, while the other flaw allowed any authenticated user, even those with minimal permissions, …
Read More

Critical Authentication Bypass Vulnerability in InfiniteWP Client Plugin

This entry was posted in Vulnerabilities, WordPress Security on January 14, 2020 by Matt Barry   8 Replies

Description: Authentication Bypass Affected Plugin: InfiniteWP Client Affected Versions: < 1.9.4.5 CVSS Score: 9.8 (Critical) CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Patched Version: 1.9.4.5 A vulnerability has been discovered in the InfiniteWP Client plugin versions 1.9.4.4 or earlier. InfiniteWP Client is a plugin that, when installed on a WordPress site, allows a site owner to manage unlimited WordPress …
Read More

Multiple Vulnerabilities Patched in Minimal Coming Soon & Maintenance Mode – Coming Soon Page Plugin

This entry was posted in Vulnerabilities, WordPress Security on January 08, 2020 by Chloe Chamberland   5 Replies

A few weeks ago, our threat intelligence team discovered several vulnerabilities present in Minimal Coming Soon & Maintenance Mode – Coming Soon Page, a WordPress plugin installed on over 80,000 websites. The most severe weakness allowed for an attacker to exploit Cross Site Request Forgery (CSRF) and enable maintenance mode while injecting cross-site scripting (XSS), …
Read More

Episode 62: 2019 Think Like a Hacker Highlights

This entry was posted in Podcasts on December 20, 2019 by Kathy Zant   0 Replies

We’ve had quite a year with Think Like a Hacker, the podcast about WordPress, security and innovation. For this end of year episode, we take a look back at a few of our favorite interviews and news stories. We review conversations with Josepha Haden, Brandy Lawson, Jennifer Bourn, Matt Cromwell, and we look back at …
Read More

Critical Vulnerability Patched in 301 Redirects – Easy Redirect Manager

This entry was posted in Vulnerabilities, WordPress Security on December 19, 2019 by Chloe Chamberland   3 Replies

Description: Authenticated Arbitrary Redirect Injection and Modification Affected Plugin: 301 Redirects – Easy Redirect Manager  CVSS Score: 9.0 (Critical) CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H CVE ID: CVE-2019-19915 Affected Versions: <= 2.40 Patched Version: 2.45 On Friday December 13th, our Threat Intelligence team discovered vulnerabilities present in 301 Redirects – Easy Redirect Manager, a WordPress plugin installed on …
Read More

Episode 61: Improving Website Performance and User Experiences with Dave Ryan

This entry was posted in Podcasts on December 18, 2019 by Kathy Zant   0 Replies

With Google Chrome experimenting with a badge of shame for websites that load slowly in Chrome, there is a new urgency for high performance interfaces for web users. Gatsby, Gridsome and other static site interfaces are hot in the development community right now, especially when talking about headless WordPress. At WordCamp US, Mark chats with …
Read More

WP-VCD Evolves To Remain Most Prevalent WordPress Infection

This entry was posted in Research, WordPress Security on December 17, 2019 by Mikey Veenstra   2 Replies

Early last month we released a comprehensive paper covering WP-VCD, the most prevalent malware campaign affecting the WordPress ecosystem in recent memory. In this paper we examined the campaign from a number of angles, such as the behavior of the malware itself, its method of distribution, and its evolution over time. The presence of threats …
Read More

Podcast Episode 60: Top WordPress Influencer Lists & Chrome Password Security Improvements

This entry was posted in Podcasts on December 12, 2019 by Kathy Zant   0 Replies

A small furor erupted over a top influencers in WordPress list that neglected to show the diverse nature of the WordPress community. We talk about the impossibility of making an accurate list that reflects the true nature of WordPress influence or contribution, and the diversity we saw during our work on Open, our film project …
Read More

Podcast Episode 59: Mailpoet’s Kim Gjerstad on Beating Spammers and Improving Net Promoter Scores

This entry was posted in Podcasts on December 10, 2019 by Kathy Zant   0 Replies

Kim Gjerstad, one of the founders of Mailpoet, visited with Mark at the Wordfence booth at WordCamp US. Kim and Mark talked about the origins of Mailpoet, the plugin that gives users a full email management system within the WordPress administrative dashboard. They talk about email deliverability as well as the challenges of fighting email …
Read More

Episode 58: Leadership and the Business of WordPress Plugins: Lessons from the Yoast Black Friday Ad

This entry was posted in Podcasts on December 06, 2019 by Kathy Zant   0 Replies

Yoast, the SEO plugin installed on 9 million WordPress sites, ran a Black Friday sale, experimenting with an ad in the WordPress admin dashboard. The internet furor was dramatic, and Yoast’s CEO Marieke van de Rakt took ownership, showing exceptional leadership. We discuss the ad and the response from both users and competitors and the …
Read More

Follow Us

      


Protect your websites with the #1 WordPress Security Plugin

Get Premium
Over 100 million downloads

Wordfence Newsletter

Get WordPress Security Alerts and Product Updates