This entry was posted in Vulnerabilities, WordPress Security on January 16, 2020 by Chloe Chamberland 1 Reply
On January 7th, our Threat Intelligence team discovered vulnerabilities in WP Database Reset, a WordPress plugin installed on over 80,000 websites. One of these flaws allowed any unauthenticated user to reset any table from the database to the initial WordPress set-up state, while the other flaw allowed any authenticated user, even those with minimal permissions, …
Read More
This entry was posted in Vulnerabilities, WordPress Security on January 14, 2020 by Matt Barry 8 Replies
Description: Authentication Bypass Affected Plugin: InfiniteWP Client Affected Versions: < 1.9.4.5 CVSS Score: 9.8 (Critical) CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Patched Version: 1.9.4.5 A vulnerability has been discovered in the InfiniteWP Client plugin versions 1.9.4.4 or earlier. InfiniteWP Client is a plugin that, when installed on a WordPress site, allows a site owner to manage unlimited WordPress …
Read More
This entry was posted in Vulnerabilities, WordPress Security on January 08, 2020 by Chloe Chamberland 5 Replies
A few weeks ago, our threat intelligence team discovered several vulnerabilities present in Minimal Coming Soon & Maintenance Mode – Coming Soon Page, a WordPress plugin installed on over 80,000 websites. The most severe weakness allowed for an attacker to exploit Cross Site Request Forgery (CSRF) and enable maintenance mode while injecting cross-site scripting (XSS), …
Read More
This entry was posted in Podcasts on December 20, 2019 by Kathy Zant 0 Replies
We’ve had quite a year with Think Like a Hacker, the podcast about WordPress, security and innovation. For this end of year episode, we take a look back at a few of our favorite interviews and news stories. We review conversations with Josepha Haden, Brandy Lawson, Jennifer Bourn, Matt Cromwell, and we look back at …
Read More
This entry was posted in Vulnerabilities, WordPress Security on December 19, 2019 by Chloe Chamberland 3 Replies
Description: Authenticated Arbitrary Redirect Injection and Modification Affected Plugin: 301 Redirects – Easy Redirect Manager CVSS Score: 9.0 (Critical) CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H CVE ID: CVE-2019-19915 Affected Versions: <= 2.40 Patched Version: 2.45 On Friday December 13th, our Threat Intelligence team discovered vulnerabilities present in 301 Redirects – Easy Redirect Manager, a WordPress plugin installed on …
Read More
This entry was posted in Podcasts on December 18, 2019 by Kathy Zant 0 Replies
With Google Chrome experimenting with a badge of shame for websites that load slowly in Chrome, there is a new urgency for high performance interfaces for web users. Gatsby, Gridsome and other static site interfaces are hot in the development community right now, especially when talking about headless WordPress. At WordCamp US, Mark chats with …
Read More
This entry was posted in Research, WordPress Security on December 17, 2019 by Mikey Veenstra 2 Replies
Early last month we released a comprehensive paper covering WP-VCD, the most prevalent malware campaign affecting the WordPress ecosystem in recent memory. In this paper we examined the campaign from a number of angles, such as the behavior of the malware itself, its method of distribution, and its evolution over time. The presence of threats …
Read More
This entry was posted in Podcasts on December 12, 2019 by Kathy Zant 0 Replies
A small furor erupted over a top influencers in WordPress list that neglected to show the diverse nature of the WordPress community. We talk about the impossibility of making an accurate list that reflects the true nature of WordPress influence or contribution, and the diversity we saw during our work on Open, our film project …
Read More
This entry was posted in Podcasts on December 10, 2019 by Kathy Zant 0 Replies
Kim Gjerstad, one of the founders of Mailpoet, visited with Mark at the Wordfence booth at WordCamp US. Kim and Mark talked about the origins of Mailpoet, the plugin that gives users a full email management system within the WordPress administrative dashboard. They talk about email deliverability as well as the challenges of fighting email …
Read More
This entry was posted in Podcasts on December 06, 2019 by Kathy Zant 0 Replies
Yoast, the SEO plugin installed on 9 million WordPress sites, ran a Black Friday sale, experimenting with an ad in the WordPress admin dashboard. The internet furor was dramatic, and Yoast’s CEO Marieke van de Rakt took ownership, showing exceptional leadership. We discuss the ad and the response from both users and competitors and the …
Read More
