Wordfence Research and News

Blog icon
Newest

Zero-Day Vulnerability in Yellow Pencil Visual Theme Customizer Exploited in the Wild

On Monday the WordPress plugin Yellow Pencil Visual Theme Customizer was closed in the WordPress.org plugin repository. The plugin is quite popular, with an active install base of over 30,000 websites. On Tuesday a security researcher made the irresponsible and dangerous decision to publish a blog post including a proof of concept (POC) detailing how …
Read More

Reminder: Popular Browsers To Distrust Symantec SSL/TLS Certificates Starting In October

This is a final reminder that legacy TLS certificates issued by Symantec, including those issued by authorities like Thawte, Geotrust, and RapidSSL which used Symantec as a central authority, will be distrusted by both Google Chrome and Mozilla Firefox¬†beginning in October. Apple products have partially distrusted these certificates and plan to also distrust the full …
Read More