Updates on WordPress security, Wordfence and what we're cooking in the lab today.

Wordfence Blog

Podcast Episode 57: SEO Content Strategy and Lock Picking with Maddy Osman at WordCamp US

This entry was posted in Podcasts on November 22, 2019 by Kathy Zant   0 Replies

Maddy Osman is a SEO content strategist that has worked with a number of familiar brands in both the WordPress and SaaS spaces. She spoke at WordCamp US and took some time to chat with us at the Wordfence sponsor booth. Maddy talks about how she got started in SEO content strategy after doing web …
Read More

Episode 56: WordCamp US, WordPress 5.3 and Chrome Blocking Mixed Content

This entry was posted in Podcasts on November 20, 2019 by Kathy Zant   0 Replies

In Episode 56, we review the premiere of Open, The Community Code, a film about the WordPress community that world premiered at Matt Mullenweg’s State of the Word Keynote at WordCamp US. Mark and Kathy talk about what it was like watching friends in the community see the film for the first time. We also …
Read More

High Severity Vulnerability Patched in WP Maintenance Plugin

This entry was posted in Vulnerabilities, WordPress Security on November 19, 2019 by Chloe Chamberland   2 Replies

Description: Cross-Site Request Forgery to Stored Cross-Site Scripting CVSS v3.0 Score: 8.8 (High) CVSS Vector String: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:H Affected Plugin: WP Maintenance Plugin Slug: wp-maintenance Affected Versions: <= 5.0.5 Patched Version: 5.0.6 On November 15th, 2019, our Threat Intelligence team identified a vulnerability present in WP Maintenance, a WordPress plugin with approximately 30,000+ active installs. This flaw allowed …
Read More

Podcast Episode 55: Yoast’s Marieke van de Rakt & Michiel Heijmans at WordCamp US

This entry was posted in Podcasts on November 14, 2019 by Kathy Zant   0 Replies

At WordCamp US in Saint Louis, Mark sat down with Yoast CEO Marieke van de Rakt and COO Michiel Heijmans in the Wordfence booth to talk about not only how Yoast began, but also how they’ve grown to over 9 million active installations and the challenges of managing such a large user base. Marieke and …
Read More

Multiple Vulnerabilities Patched in Email Subscribers & Newsletters Plugin

This entry was posted in Vulnerabilities, WordPress Security on November 13, 2019 by Chloe Chamberland   0 Replies

A few weeks ago, our Threat Intelligence team identified several vulnerabilities present in Email Subscribers & Newsletters, a WordPress plugin with approximately 100,000+ active installs. We disclosed this issue privately to the plugin’s development team who responded quickly, releasing interim patches just a few days after our initial disclosure. The plugin team also worked with …
Read More

Podcast Episode 54: The Hacker Mindset at WordCamp US

This entry was posted in Podcasts on November 08, 2019 by Kathy Zant   0 Replies

Kathy Zant gave a presentation about The Hacker Mindset at WordCamp US 2019 in St. Louis. Learning to think like a hacker in the security realm is a big part of keeping your assets safe, and there are additional benefits. Kathy illustrates how the hacker mindset is much more than protecting your site. Thinking like …
Read More

WP-VCD: The Malware You Installed On Your Own Site

This entry was posted in Research, WordPress Security on November 04, 2019 by Mikey Veenstra   9 Replies

One of the most prevalent malware infections facing the WordPress ecosystem in recent weeks is a campaign known as WP-VCD. Despite the relatively long existence of the campaign, the Wordfence threat intelligence team has associated WP-VCD with a higher rate of new infections than any other WordPress malware every week since August 2019, and the …
Read More

Podcast Episode 53: WordCamp US 2019 Preview from St. Louis

This entry was posted in Podcasts on October 31, 2019 by Kathy Zant   0 Replies

Mark and Kathy connect in person on Halloween in St. Louis to talk about what’s happening at WordCamp US. We review what’s new at WCUS, some of the more interesting sessions, and all of the fun activities Wordfence is bringing to North America’s largest WordCamp. Kathy and Mark also tear down the 4th wall to …
Read More

Stored XSS Patched in SyntaxHighlighter Evolved Plugin

This entry was posted in Vulnerabilities, WordPress Security on October 22, 2019 by Matt Barry   6 Replies

Description: Stored XSS CVSS Severity Score: 6.1 (Medium) CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Affected Software: SyntaxHighlighter Evolved Plugin Slug: syntaxhighlighter Affected Version: 3.5.0 Patched Version: 3.5.1 While doing a security audit of the plugins and themes we run on wordfence.com, I discovered a stored XSS vulnerability in SyntaxHighlighter Evolved. SyntaxHighlighter Evolved currently has around 40,000+ active installations. …
Read More

Open Redirect Vulnerability Patched In Bridge Theme

This entry was posted in Vulnerabilities, WordPress Security on October 21, 2019 by Mikey Veenstra   2 Replies

Description: Open Redirect CVSS v3.0 Score: 7.1 (High) CVSS Vector String: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L Affected Software: Two built-in plugins packaged with the Bridge theme – Qode Instagram Widget and Qode Twitter Feed Plugin Slugs: qode-instagram-widget, qode-twitter-feed Affected Versions: Bridge Theme: 18.2 / Plugins: 2.0 (Twitter plugin) 2.0.1 (Instagram plugin) Patched Version: Bridge Theme: 18.2.1 / Plugins: 2.0.1 (Twitter …
Read More

Follow Us

      


Protect your websites with the #1 WordPress Security Plugin

Get Premium
Over 100 million downloads

Wordfence Newsletter

Get WordPress Security Alerts and Product Updates