Updates on WordPress security, Wordfence and what we're cooking in the lab today.

Wordfence Blog

High Severity Vulnerability Patched in WP Maintenance Plugin

This entry was posted in Vulnerabilities, WordPress Security on November 19, 2019 by Chloe Chamberland   2 Replies

Description: Cross-Site Request Forgery to Stored Cross-Site Scripting CVSS v3.0 Score: 8.8 (High) CVSS Vector String: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:H Affected Plugin: WP Maintenance Plugin Slug: wp-maintenance Affected Versions: <= 5.0.5 Patched Version: 5.0.6 On November 15th, 2019, our Threat Intelligence team identified a vulnerability present in WP Maintenance, a WordPress plugin with approximately 30,000+ active installs. This flaw allowed …
Read More

Podcast Episode 55: Yoast’s Marieke van de Rakt & Michiel Heijmans at WordCamp US

This entry was posted in Podcasts on November 14, 2019 by Kathy Zant   0 Replies

At WordCamp US in Saint Louis, Mark sat down with Yoast CEO Marieke van de Rakt and COO Michiel Heijmans in the Wordfence booth to talk about not only how Yoast began, but also how they’ve grown to over 9 million active installations and the challenges of managing such a large user base. Marieke and …
Read More

Multiple Vulnerabilities Patched in Email Subscribers & Newsletters Plugin

This entry was posted in Vulnerabilities, WordPress Security on November 13, 2019 by Chloe Chamberland   0 Replies

A few weeks ago, our Threat Intelligence team identified several vulnerabilities present in Email Subscribers & Newsletters, a WordPress plugin with approximately 100,000+ active installs. We disclosed this issue privately to the plugin’s development team who responded quickly, releasing interim patches just a few days after our initial disclosure. The plugin team also worked with …
Read More

Podcast Episode 54: The Hacker Mindset at WordCamp US

This entry was posted in Podcasts on November 08, 2019 by Kathy Zant   0 Replies

Kathy Zant gave a presentation about The Hacker Mindset at WordCamp US 2019 in St. Louis. Learning to think like a hacker in the security realm is a big part of keeping your assets safe, and there are additional benefits. Kathy illustrates how the hacker mindset is much more than protecting your site. Thinking like …
Read More

WP-VCD: The Malware You Installed On Your Own Site

This entry was posted in Research, WordPress Security on November 04, 2019 by Mikey Veenstra   9 Replies

One of the most prevalent malware infections facing the WordPress ecosystem in recent weeks is a campaign known as WP-VCD. Despite the relatively long existence of the campaign, the Wordfence threat intelligence team has associated WP-VCD with a higher rate of new infections than any other WordPress malware every week since August 2019, and the …
Read More

Podcast Episode 53: WordCamp US 2019 Preview from St. Louis

This entry was posted in Podcasts on October 31, 2019 by Kathy Zant   0 Replies

Mark and Kathy connect in person on Halloween in St. Louis to talk about what’s happening at WordCamp US. We review what’s new at WCUS, some of the more interesting sessions, and all of the fun activities Wordfence is bringing to North America’s largest WordCamp. Kathy and Mark also tear down the 4th wall to …
Read More

Stored XSS Patched in SyntaxHighlighter Evolved Plugin

This entry was posted in Vulnerabilities, WordPress Security on October 22, 2019 by Matt Barry   6 Replies

Description: Stored XSS CVSS Severity Score: 6.1 (Medium) CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Affected Software: SyntaxHighlighter Evolved Plugin Slug: syntaxhighlighter Affected Version: 3.5.0 Patched Version: 3.5.1 While doing a security audit of the plugins and themes we run on wordfence.com, I discovered a stored XSS vulnerability in SyntaxHighlighter Evolved. SyntaxHighlighter Evolved currently has around 40,000+ active installations. …
Read More

Open Redirect Vulnerability Patched In Bridge Theme

This entry was posted in Vulnerabilities, WordPress Security on October 21, 2019 by Mikey Veenstra   2 Replies

Description: Open Redirect CVSS v3.0 Score: 7.1 (High) CVSS Vector String: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L Affected Software: Two built-in plugins packaged with the Bridge theme – Qode Instagram Widget and Qode Twitter Feed Plugin Slugs: qode-instagram-widget, qode-twitter-feed Affected Versions: Bridge Theme: 18.2 / Plugins: 2.0 (Twitter plugin) 2.0.1 (Instagram plugin) Patched Version: Bridge Theme: 18.2.1 / Plugins: 2.0.1 (Twitter …
Read More

Podcast Episode 52: Innovating for Customer Success with Andrea Zoellner

This entry was posted in Podcasts on October 18, 2019 by Kathy Zant   0 Replies

Andrea Zoellner has been an active organizer of WordCamp Montreal and is the Chief Content Creator at hosting provider, SiteGround. Andrea focuses on supporting SiteGround customers in the North American and English-speaking market. With a background in journalism, Andrea found WordPress as the easiest way to get online and integrate with different services. She talked …
Read More

Podcast Episode 51: WeWork’s Financial Woes Spark Meetup RSVP Fees and the WordPress 5.2.4 Security Release

This entry was posted in Podcasts on October 16, 2019 by Kathy Zant   0 Replies

This week, we cover WeWork’s failed IPO and financial woes and how this likely led to Meetup’s introduction of an RSVP fee. We discuss why this decision doesn’t bode well for WeWork’s future. We also look at the WordPress 5.2.4 security release and what fixes are included. We discuss the planned release of PHP 7.4 …
Read More

Follow Us

      


Protect your websites with the #1 WordPress Security Plugin

Get Premium
Over 100 million downloads

Wordfence Newsletter

Get WordPress Security Alerts and Product Updates