Updates on WordPress security, Wordfence and what we're cooking in the lab today.

Wordfence Blog

Podcast Episode 51: WeWork’s Financial Woes Spark Meetup RSVP Fees and the WordPress 5.2.4 Security Release

This entry was posted in Podcasts on October 16, 2019 by Kathy Zant   0 Replies

This week, we cover WeWork’s failed IPO and financial woes and how this likely led to Meetup’s introduction of an RSVP fee. We discuss why this decision doesn’t bode well for WeWork’s future. We also look at the WordPress 5.2.4 security release and what fixes are included. We discuss the planned release of PHP 7.4 …
Read More

Medium Severity Vulnerability Patched in Fast Velocity Minify Plugin

This entry was posted in Vulnerabilities, WordPress Security on October 16, 2019 by Chloe Chamberland   2 Replies

Description: Full Path Disclosure CVSS v3.0 Score: 4.3 (Medium) CVSS Vector String: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N Affected Plugin: Fast Velocity Minify Plugin Slug: fast-velocity-minify Affected Versions: <= 2.7.6 Patched Version: 2.7.7 A few days ago, our Threat Intelligence team identified a vulnerability present in Fast Velocity Minify, a WordPress plugin with approximately  80,000+ active installs. This flaw allowed …
Read More

Podcast Episode 50: Empowering WordPress Users Through Education with Jennifer Bourn

This entry was posted in Podcasts on October 10, 2019 by Kathy Zant   0 Replies

Jennifer Bourn has been a leader in the WordPress community for years, helping WordPress users of all experience levels get the most out of the platform. She has also created beautiful websites for recognizable brands through her design company, Bourn Creative. At WordCamp Sacramento, we talked about how the WordPress community has opened new experiences …
Read More

Podcast Episode 49: Building Business Through Community with Lindsey Miller

This entry was posted in Podcasts on October 03, 2019 by Kathy Zant   0 Replies

At WordCamp Minneapolis, our Lead Customer Service Engineer Tim Cantrell chats with Lindsey Miller about her work as Partner Marketing Manager at LiquidWeb. Tim and Lindsey also talk about the challenges of being a remote worker, and how the connections in the WordPress community can help individuals make connections that grow a business. Lindsey also …
Read More

Podcast Episode 48: Salesforce Ventures Invests $300 Million in Automattic

This entry was posted in Podcasts on October 01, 2019 by Kathy Zant   0 Replies

Salesforce Ventures invested $300 million into Automattic at a $3 billion valuation. We discuss what this might mean for Automattic, the WordPress community, and the WordPress ecosystem by analyzing the roots of Salesforce and the opportunities it brings to WordPress. We also talk about features and fixes coming in November to WordPress 5.3 especially within …
Read More

Podcast Episode 47: Staying Secure through Community Cooperation with GiveWP’s Matt Cromwell

This entry was posted in Podcasts on September 26, 2019 by Kathy Zant   0 Replies

At WordCamp Sacramento, Matt Cromwell from GiveWP talked with us about how Give began, their mission of democratizing generosity, and how they handled the vulnerability disclosure from the Wordfence team. When our security researchers reached out to provide a proof of concept, the Give and Wordfence teams worked together to ensure that the vulnerability was …
Read More

Authentication Bypass Vulnerability in GiveWP Plugin

This entry was posted in Vulnerabilities, WordPress Security on September 26, 2019 by Chloe Chamberland   0 Replies

Description: Authentication Bypass with Information Disclosure CVSS v3.0 Score: 7.5 (High) CVSS Vector String: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Plugin: GiveWP Plugin Slug: give Affected Versions: <= 2.5.4 Patched Version: 2.5.5 A few weeks ago, our Threat Intelligence team discovered a vulnerability present in GiveWP, a WordPress plugin installed on over 70,000 websites. The weakness allowed unauthenticated users to bypass …
Read More

Podcast Episode 46: Zero Day Vulnerability in Rich Reviews Plugin Exploited In The Wild

This entry was posted in Podcasts on September 25, 2019 by Kathy Zant   1 Reply

We chat with Mikey Veenstra to talk about the Wordfence Threat Intelligence team’s work tracking a series of active attacks on an unpatched vulnerability in the Rich Reviews plugin for WordPress. With an estimated 16,000 installations, attackers are targeting unauthenticated plugin option updates, which can be used to deliver stored cross-site scripting (XSS) payloads. Mikey …
Read More

Zero Day Vulnerability in Rich Reviews Plugin Exploited In The Wild

This entry was posted in Vulnerabilities, WordPress Security on September 24, 2019 by Mikey Veenstra   18 Replies

Description: XSS Via Unauthenticated Plugin Options Update Affected Plugin: Rich Reviews Affected Versions: <= 1.7.4 CVSS Score: 8.3 (High) CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L The Wordfence Threat Intelligence team is tracking a series of attacks against an unpatched vulnerability in the Rich Reviews plugin for WordPress. The estimated 16,000 sites running the plugin are vulnerable to unauthenticated plugin …
Read More

Podcast Episode 45: Securing and Scaling eCommerce with Zach Stepek

This entry was posted in Podcasts on September 20, 2019 by Kathy Zant   0 Replies

This week, our lead customer service engineer Tim Cantrell interviews Zach Stepek, CEO of MindSize, a digital agency focused on helping customers scale and succeed with eCommerce. Zach talks about how he got started with WordPress and WooCommerce, new features in JetPack that add functionality to WooCommerce, and how critical security is to site owners …
Read More

Follow Us

      


Protect your websites with the #1 WordPress Security Plugin

Get Premium
Over 100 million downloads

Wordfence Newsletter

Get WordPress Security Alerts and Product Updates