This entry was posted in Podcasts on February 19, 2021 by Kathy Zant 0 Replies
An analysis of WordPress-related search trends found that interest in WooCommerce related results dominated during 2020. We discuss recent vulnerabilities discovered by our threat intelligence team in Ninja Forms, affecting over 1 million sites. WordPress issues a statement that pirated themes and plugins are prohibited on the repository. And a supply chain attack affects users …
Read More
This entry was posted in Research, Vulnerabilities, WordPress Security on February 16, 2021 by Chloe Chamberland 0 Replies
On January 20, 2021, our Threat Intelligence team responsibly disclosed four vulnerabilities in Ninja Forms, a WordPress plugin used by over one million sites. One of these flaws made it possible for attackers to redirect site administrators to arbitrary locations. The second flaw made it possible for attackers with subscriber level access or above to …
Read More
This entry was posted in Podcasts on February 12, 2021 by Ram Gall 0 Replies
This week, the Wordfence team discusses cryptography in depth, including the basics, a brief history, hashing, and the Crypto Wars. We also go over current news, including 2 new findings by the Wordfence Threat Intelligence team, a new milestone for WordPress, and a recent attack on a Florida Town’s water supply. Here are timestamps and …
Read More
This entry was posted in Research, Vulnerabilities, WordPress Security on February 10, 2021 by Chloe Chamberland 4 Replies
On December 17, 2020, our Threat Intelligence team responsibly disclosed three vulnerabilities in Responsive Menu, a WordPress plugin installed on over 100,000 sites. The first flaw made it possible for authenticated attackers with low-level permissions to upload arbitrary files and ultimately achieve remote code execution. The remaining two flaws made it possible for attackers to …
Read More
This entry was posted in Research, Vulnerabilities, WordPress Security on February 08, 2021 by Ram Gall 4 Replies
On December 14, 2020, the Wordfence Threat Intelligence team finished researching two Cross-Site Request Forgery (CSRF) vulnerabilities in NextGen Gallery, a WordPress plugin with over 800,000 installations, including a critical severity vulnerability that could lead to Remote Code Execution(RCE) and Stored Cross-Site Scripting(XSS). Exploitation of these vulnerabilities could lead to a site takeover, malicious redirects, …
Read More
This entry was posted in Podcasts on February 05, 2021 by Kathy Zant 0 Replies
Wordfence opens the K-12 site audit and site cleaning service for publicly funded state schools worldwide. Machine learning is now a big part of our malware identification process, which will speed new malware signatures to deployment for WordPress sites protected by Wordfence. A bug in Sudo can let attackers with access to a local system …
Read More
This entry was posted in Research, WordPress Security on February 04, 2021 by Chloe Chamberland 9 Replies
On December 9, 2020, the Wordfence Threat Intelligence team discovered a Cross-Site Request Forgery (CSRF) to Stored Cross Site Scripting (XSS) vulnerability in Contact Form 7 Style, a WordPress plugin installed on over 50,000 sites. Please note that this is a separate plugin from “Contact Form 7” and is designed as an add-on to that …
Read More
This entry was posted in Research, Wordfence, WordPress Security on February 02, 2021 by Gregory Bloom 1 Reply
Wordfence is the leader in WordPress security, protecting over 4 million WordPress sites from malicious attacks. With new malware variants discovered daily, we now have a new weapon in our arsenal against WordPress attacks: Machine Learning. How Wordfence identifies malware For years, the Wordfence Threat Intelligence team has stayed ahead of attackers by quickly identifying …
Read More
This entry was posted in Podcasts on January 29, 2021 by Kathy Zant 0 Replies
After a disruptive year in 2020, there are new challenges in 2021, but also immense opportunities in numerous fields. In a deep and wide-ranging conversation, Mark Maunder and Kathy Zant discuss artificial intelligence, whether or not we’re living in simulation, cryptocurrencies and the opportunities of blockchain technology, open source communities and publishing, avoiding scams and …
Read More
This entry was posted in General Security, Research, Wordfence, WordPress Security on January 27, 2021 by Ram Gall 4 Replies
Over the course of 2020, and in the process of protecting over 4 million WordPress customers, the Wordfence Threat Intelligence team gathered a massive amount of raw data from attacks targeting WordPress and infection trends, in addition to the malware samples gathered by our Site Cleaning team. Attacks on WordPress can be categorized in three …
Read More
