Updates on WordPress security, Wordfence and what we're cooking in the lab today.

Wordfence Blog

Vulnerabilities Patched in IMPress for IDX Broker

This entry was posted in Vulnerabilities, WordPress Security on March 26, 2020 by Ram Gall   2 Replies

On February 28, 2020, the Wordfence Threat Intelligence team became aware of a newly patched stored Cross-Site Scripting (XSS) vulnerability in IMPress for IDX Broker, a WordPress plugin with over 10,000 installations. Although all Wordfence users, including those still using the free version of Wordfence, were already protected from this vulnerability by the Web Application …
Read More

Episode 71: Hackers Targeting COVID-19 Fears

This entry was posted in Podcasts on March 25, 2020 by Kathy Zant   2 Replies

With many of us under either lockdown or shelter-in-place orders due to the COVID-19/Corona virus, fear and stress are rampant. This additional stress lowers our critical thinking capabilities and increases our vulnerability. Hackers targeting these human vulnerabilities are using the global pandemic to attempt exploitation through numerous scams and phishing campaigns. We also cover plugin …
Read More

Vulnerabilities Patched in the Data Tables Generator by Supsystic Plugin

This entry was posted in Vulnerabilities, WordPress Security on March 24, 2020 by Chloe Chamberland   0 Replies

A few weeks ago, we disclosed several flaws that were patched in the Pricing Table by Supsystic plugin. On January 20th, our Threat Intelligence team discovered several similar vulnerabilities present in another product from Supsystic: Data Tables Generator by Supsystic, a WordPress plugin installed on over 30,000 sites. These flaws were very similar and allowed …
Read More

Severe Flaws Patched in Responsive Ready Sites Importer Plugin

This entry was posted in Vulnerabilities, WordPress Security on March 18, 2020 by Chloe Chamberland   0 Replies

On March 2nd, our Threat Intelligence team discovered several vulnerable endpoints in Responsive Ready Sites Importer, a WordPress plugin installed on over 40,000 sites. These flaws allowed any authenticated user, regardless of privilege level, the ability to execute various AJAX actions that could reset site data, inject malicious JavaScript in pages, modify theme customizer data, …
Read More

Episode 70: Customer Education and Agency Resiliency with Jon Bius

This entry was posted in Podcasts on March 14, 2020 by Kathy Zant   0 Replies

We chat with Jon Bius, a web developer at Biz Tools One, an agency in Fayetteville, NC, about how they use customer education to build relationships and differentiate their business. Jon has been helping customers build websites for over two decades, and he talks about how WordPress helps him empower his customers. In the news, …
Read More

Vulnerabilities Patched in Popup Builder Plugin Affecting over 100,000 Sites

This entry was posted in Vulnerabilities, WordPress Security on March 12, 2020 by Ram Gall   5 Replies

On March 4th, our Threat Intelligence team discovered several vulnerabilities in Popup Builder, a WordPress plugin installed on over 100,000 sites. One vulnerability allowed an unauthenticated attacker to inject malicious JavaScript into any published popup, which would then be executed whenever the popup loaded. The other vulnerability allowed any logged-in user, even those with minimal …
Read More

Vulnerability Patched in Import Export WordPress Users

This entry was posted in Vulnerabilities, Wordfence on March 11, 2020 by Chloe Chamberland   0 Replies

On February 26th, our Threat Intelligence team discovered a vulnerability in Import Export WordPress Users, a WordPress plugin installed on over 30,000 sites. The flaw allowed anybody with subscriber-level access or above to import new users via a CSV file, including administrative-level users. We reached out to the plugin’s developer on February 26th, who responded …
Read More

Zero-Day Vulnerability in ThemeREX Addons Now Patched

This entry was posted in Vulnerabilities, WordPress Security on March 09, 2020 by Chloe Chamberland   0 Replies

On February 18th, we were alerted to a vulnerability present in ThemeREX Addons, a WordPress plugin installed on approximately 44,000 sites. We took immediate action to release a firewall rule to protect Wordfence Premium users. As this vulnerability was being actively attacked, we also publicly notified the community of the vulnerability to help protect users …
Read More

Active Attack on Zero Day in Custom Searchable Data Entry System Plugin

This entry was posted in Vulnerabilities, WordPress Security on March 06, 2020 by Ram Gall   2 Replies

The Wordfence Threat Intelligence team is tracking a series of attacks against an unpatched vulnerability in the Custom Searchable Data Entry System plugin for WordPress. The estimated 2,000+ sites running the plugin are vulnerable to Unauthenticated Data Modification and Deletion, including the potential to delete the entire contents of any table in a vulnerable site’s …
Read More

Episode 69: The Meteoric Growth of Elementor with Kfir Bitton

This entry was posted in Podcasts on March 06, 2020 by Kathy Zant   0 Replies

On February 26, WordPress page building platform Elementor announced that they had received $15 million in venture funding. After topping 4 million installations of their plugin in January, it appears that Elementor is on a path to do some big things with WordPress. This week, we chat with Elementor CRO Kfir Bitton from his office …
Read More

Follow Us

      


Protect your websites with the #1 WordPress Security Plugin

Get Premium
Over 150 million downloads

Wordfence Newsletter

Get WordPress Security Alerts and Product Updates