Updates on WordPress security, Wordfence and what we're cooking in the lab today.

Wordfence Blog

Vulnerability Patched in Sassy Social Share Plugin

This entry was posted in Research, Vulnerabilities, WordPress Security on October 20, 2021 by Chloe Chamberland   7 Replies

Update: This article has been updated for accuracy: while we initially did create a rule to block this vulnerability we later found that the vulnerability was already blocked by an existing rule.  Note: To receive disclosures like this in your inbox the moment they’re published, you can subscribe to our WordPress Security Mailing List. In …
Read More

It’s Not You. It’s Them. On Hacking and Responsible Disclosure.

This entry was posted in General Security, PSA on October 15, 2021 by Mark Maunder   17 Replies

A story was recently posted to Hacker News celebrating a hack of IoT devices at a school that let a student and their friends rickroll the school via a video system. On the one hand, this guy is my personal hero and I want to be them. But I’m a cybersecurity professional, I run a …
Read More

Multiple Vulnerabilities in Brizy Page Builder Plugin Allow Site Takeover

This entry was posted in Research, Vulnerabilities, WordPress Security on October 13, 2021 by Ram Gall   0 Replies

Note: To receive disclosures like this in your inbox the moment they’re published, you can subscribe to our WordPress Security Mailing List. On August 19, 2021, the Wordfence Threat Intelligence team initiated the Responsible Disclosure process for Brizy – Page Builder, a WordPress plugin installed on over 90,000 sites. During a routine review of our …
Read More

Wordfence Helps Enable Education in Uganda

This entry was posted in Wordfence on October 12, 2021 by Mark Maunder   1 Reply

I want to share something very exciting and truly wonderful with you all today. Wordfence just completed a project where we partnered with Far Away Friends, a Denver-based non-profit working in partnership with local leaders in Uganda, to bring light and electricity to a school campus in a remote area of Uganda called Namasale.  I’d …
Read More

High Severity Vulnerability Patched in Access Demo Importer Plugin

This entry was posted in Research, Vulnerabilities, WordPress Security on October 06, 2021 by Chloe Chamberland   0 Replies

Note: To receive disclosures like this in your inbox the moment they’re published, you can subscribe to our WordPress Security Mailing List. On August 9, 2021, the Wordfence Threat Intelligence team attempted to initiate the responsible disclosure process for a vulnerability that we discovered in Access Demo Importer, a WordPress plugin installed on over 20,000 …
Read More

PHP_SELFish Part 2 – Reflected XSS in Easy Social Icons

This entry was posted in Research, Vulnerabilities, WordPress Security on September 29, 2021 by Ram Gall   0 Replies

Today’s post is part two of a two part blog post. It describes a cross site scripting vulnerability in the Easy Social Icons plugin that exploits the PHP_SELF variable. In yesterday’s post, we described another plugin, underConstruction, suffering from a similar vulnerability related to the use of PHP_SELF. On August 16, 2021, the Wordfence Threat …
Read More

PHP_SELFish Part 1 – Reflected XSS in underConstruction Plugin

This entry was posted in Research, Vulnerabilities, WordPress Security on September 28, 2021 by Ram Gall   4 Replies

Today’s post is part one of a two part blog post. It describes a cross site scripting vulnerability that exploits the PHP_SELF variable. Tomorrow we will publish part two, which describes another plugin suffering from a similar vulnerability related to the use of PHP_SELF. So be sure to look out for that post via our …
Read More

Recently Patched Vulnerabilities in Ninja Forms Plugin Affect Over 1 Million Site Owners

This entry was posted in Research, Vulnerabilities, WordPress Security on September 22, 2021 by Chloe Chamberland   0 Replies

On August 3, 2021 the Wordfence Threat Intelligence team initiated the responsible disclosure process for two vulnerabilities that were discovered in Ninja Forms, a WordPress plugin installed on over 1,000,000 sites. These flaws made it possible for an attacker to export sensitive information and send arbitrary emails from a vulnerable site that could be used …
Read More

Terms of Use Violation

This entry was posted in Wordfence on September 04, 2021 by Mark Maunder   0 Replies

Wordfence is used by millions of free and paid customers around the world to secure their WordPress websites. We serve a broad range of customers across the globe, from diverse cultures, with diverse backgrounds, and who have diverse political views. As an organization, Defiant, the company that makes Wordfence, believes that everyone has the right …
Read More

Over 1 Million Sites Affected by Gutenberg Template Library & Redux Framework Vulnerabilities

This entry was posted in Research, Vulnerabilities, WordPress Security on September 01, 2021 by Ram Gall   3 Replies

On August 3, 2021, the Wordfence Threat Intelligence team initiated the disclosure process for two vulnerabilities we discovered in the Gutenberg Template Library & Redux Framework plugin, which is installed on over 1 million WordPress sites. One vulnerability allowed users with lower permissions, such as contributors, to install and activate arbitrary plugins and delete any …
Read More

Follow Us

      


Protect your websites with the #1 WordPress Security Plugin

Get Premium
Over 200 million downloads

Wordfence Newsletter

Get WordPress Security Alerts and Product Updates