Wordfence Research and News

Blog icon

Coupon Creation Vulnerability Patched In WooCommerce Smart Coupons

Description: Unauthenticated Coupon Creation Affected Plugin: WooCommerce Smart Coupons Affected Plugin Slug: woocommerce-smart-coupons Affected Versions: <= 4.6.0 CVSS Score: 5.3 (Medium) CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Patched Version: 4.6.5 Late last month a patch was released for WooCommerce Smart Coupons, a commercial WooCommerce plugin that helps store managers handle coupons and gift certificates. In vulnerable versions of the …
Read More

Site Takeover Campaign Exploits Multiple Zero-Day Vulnerabilities

Early yesterday, the Flexible Checkout Fields for WooCommerce plugin received a critical update to patch a zero-day vulnerability which allowed attackers to modify the plugin’s settings. As our Threat Intelligence team researched the scope of this attack campaign, we discovered three additional zero-day vulnerabilities in popular WordPress plugins that are being exploited as a part of this …
Read More

Multiple Attack Campaigns Targeting Recent Plugin Vulnerabilities

As part of our ongoing research efforts, the Wordfence Threat Intelligence team continually monitors our network for noteworthy threats facing WordPress. Recently, we’ve been tracking malicious activity targeting several vulnerabilities recently patched in popular plugins. In today’s post, we’ll provide details of our research into two active campaigns. We’ll also share some common indicators of …
Read More

Active Attack on Recently Patched Duplicator Vulnerability Affects 1 Million Sites

Active Attack on Recently Patched Duplicator Plugin Vulnerability Affects Over 1 Million Sites

Description: Unauthenticated Arbitrary File Download Affected Plugin: Duplicator Affected Versions: <= 1.3.26 CVE ID: CVE-2020-11738 CVSS Score: 7.5 (High) CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Patched Version: 1.3.28 A critical security update was recently issued for Duplicator, one of the most popular plugins in the WordPress ecosystem. Over a million WordPress sites were affected by a vulnerability allowing …
Read More

Critical Vulnerability In Profile Builder Plugin Allowed Site Takeover

Description: Unauthenticated Administrator Registration Affected Plugin: Profile Builder (Free, Pro, and Hobbyist versions affected) Affected Versions: <= 3.1.0 CVSS Score: 10.0 (Critical) CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H Patched Version: 3.1.1 Earlier this week, a critical vulnerability was patched in the Profile Builder plugin for WordPress. This vulnerability affected the free version available on the WordPress.org repository, as …
Read More

WP-VCD Evolves To Remain Most Prevalent WordPress Infection

Early last month we released a comprehensive paper covering WP-VCD, the most prevalent malware campaign affecting the WordPress ecosystem in recent memory. In this paper we examined the campaign from a number of angles, such as the behavior of the malware itself, its method of distribution, and its evolution over time. The presence of threats …
Read More

WP-VCD: The Malware You Installed On Your Own Site

One of the most prevalent malware infections facing the WordPress ecosystem in recent weeks is a campaign known as WP-VCD. Despite the relatively long existence of the campaign, the Wordfence threat intelligence team has associated WP-VCD with a higher rate of new infections than any other WordPress malware every week since August 2019, and the …
Read More

Open Redirect Vulnerability Patched In Bridge Theme

Description: Open Redirect CVSS v3.0 Score: 7.1 (High) CVSS Vector String: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L Affected Software: Two built-in plugins packaged with the Bridge theme – Qode Instagram Widget and Qode Twitter Feed Plugin Slugs: qode-instagram-widget, qode-twitter-feed Affected Versions: Bridge Theme: 18.2 / Plugins: 2.0 (Twitter plugin) 2.0.1 (Instagram plugin) Patched Version: Bridge Theme: 18.2.1 / Plugins: 2.0.1 (Twitter …
Read More

Zero Day Vulnerability in Rich Reviews Plugin Exploited In The Wild

Description: XSS Via Unauthenticated Plugin Options Update Affected Plugin: Rich Reviews Affected Versions: <= 1.7.4 CVSS Score: 8.3 (High) CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L The Wordfence Threat Intelligence team is tracking a series of attacks against an unpatched vulnerability in the Rich Reviews plugin for WordPress. The estimated 16,000 sites running the plugin are vulnerable to unauthenticated plugin …
Read More

Ongoing Malvertising Campaign Evolves, Adds Backdoors and Targets New Plugins

In July, we reported on a malvertising campaign which was distributing redirect and popup code through a number of public vulnerabilities affecting the WordPress ecosystem. As mentioned in the article, we’ve continued tracking this threat for new or changing activity. Much of the campaign remains identical. Known vulnerabilities in WordPress plugins are exploited to inject …
Read More