Updates on WordPress security, Wordfence and what we're cooking in the lab today.

Author Archive: Mikey Veenstra

Wordfence Blog

Coupon Creation Vulnerability Patched In WooCommerce Smart Coupons

This entry was posted in Vulnerabilities, WordPress Security on March 04, 2020 by Mikey Veenstra   0 Replies

Description: Unauthenticated Coupon Creation Affected Plugin: WooCommerce Smart Coupons Affected Plugin Slug: woocommerce-smart-coupons Affected Versions: <= 4.6.0 CVSS Score: 5.3 (Medium) CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Patched Version: 4.6.5 Late last month a patch was released for WooCommerce Smart Coupons, a commercial WooCommerce plugin that helps store managers handle coupons and gift certificates. In vulnerable versions of the …
Read More

Site Takeover Campaign Exploits Multiple Zero-Day Vulnerabilities

This entry was posted in Vulnerabilities, WordPress Security on February 27, 2020 by Mikey Veenstra   3 Replies

Early yesterday, the Flexible Checkout Fields for WooCommerce plugin received a critical update to patch a zero-day vulnerability which allowed attackers to modify the plugin’s settings. As our Threat Intelligence team researched the scope of this attack campaign, we discovered three additional zero-day vulnerabilities in popular WordPress plugins that are being exploited as a part of this …
Read More

Multiple Attack Campaigns Targeting Recent Plugin Vulnerabilities

This entry was posted in Research, WordPress Security on February 24, 2020 by Mikey Veenstra   5 Replies

As part of our ongoing research efforts, the Wordfence Threat Intelligence team continually monitors our network for noteworthy threats facing WordPress. Recently, we’ve been tracking malicious activity targeting several vulnerabilities recently patched in popular plugins. In today’s post, we’ll provide details of our research into two active campaigns. We’ll also share some common indicators of …
Read More

Active Attack on Recently Patched Duplicator Plugin Vulnerability Affects Over 1 Million Sites

This entry was posted in Vulnerabilities, WordPress Security on February 19, 2020 by Mikey Veenstra   8 Replies

Description: Unauthenticated Arbitrary File Download Affected Plugin: Duplicator Affected Versions: <= 1.3.26 CVSS Score: 7.5 (High) CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Patched Version: 1.3.28 A critical security update was recently issued for Duplicator, one of the most popular plugins in the WordPress ecosystem. Over a million WordPress sites were affected by a vulnerability allowing attackers to download …
Read More

Critical Vulnerability In Profile Builder Plugin Allowed Site Takeover

This entry was posted in Vulnerabilities, WordPress Security on February 13, 2020 by Mikey Veenstra   1 Reply

Description: Unauthenticated Administrator Registration Affected Plugin: Profile Builder (Free, Pro, and Hobbyist versions affected) Affected Versions: <= 3.1.0 CVSS Score: 10.0 (Critical) CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H Patched Version: 3.1.1 Earlier this week, a critical vulnerability was patched in the Profile Builder plugin for WordPress. This vulnerability affected the free version available on the WordPress.org repository, as …
Read More

WP-VCD Evolves To Remain Most Prevalent WordPress Infection

This entry was posted in Research, WordPress Security on December 17, 2019 by Mikey Veenstra   2 Replies

Early last month we released a comprehensive paper covering WP-VCD, the most prevalent malware campaign affecting the WordPress ecosystem in recent memory. In this paper we examined the campaign from a number of angles, such as the behavior of the malware itself, its method of distribution, and its evolution over time. The presence of threats …
Read More

WP-VCD: The Malware You Installed On Your Own Site

This entry was posted in Research, WordPress Security on November 04, 2019 by Mikey Veenstra   9 Replies

One of the most prevalent malware infections facing the WordPress ecosystem in recent weeks is a campaign known as WP-VCD. Despite the relatively long existence of the campaign, the Wordfence threat intelligence team has associated WP-VCD with a higher rate of new infections than any other WordPress malware every week since August 2019, and the …
Read More

Open Redirect Vulnerability Patched In Bridge Theme

This entry was posted in Vulnerabilities, WordPress Security on October 21, 2019 by Mikey Veenstra   2 Replies

Description: Open Redirect CVSS v3.0 Score: 7.1 (High) CVSS Vector String: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L Affected Software: Two built-in plugins packaged with the Bridge theme – Qode Instagram Widget and Qode Twitter Feed Plugin Slugs: qode-instagram-widget, qode-twitter-feed Affected Versions: Bridge Theme: 18.2 / Plugins: 2.0 (Twitter plugin) 2.0.1 (Instagram plugin) Patched Version: Bridge Theme: 18.2.1 / Plugins: 2.0.1 (Twitter …
Read More

Zero Day Vulnerability in Rich Reviews Plugin Exploited In The Wild

This entry was posted in Vulnerabilities, WordPress Security on September 24, 2019 by Mikey Veenstra   18 Replies

Description: XSS Via Unauthenticated Plugin Options Update Affected Plugin: Rich Reviews Affected Versions: <= 1.7.4 CVSS Score: 8.3 (High) CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L The Wordfence Threat Intelligence team is tracking a series of attacks against an unpatched vulnerability in the Rich Reviews plugin for WordPress. The estimated 16,000 sites running the plugin are vulnerable to unauthenticated plugin …
Read More

Ongoing Malvertising Campaign Evolves, Adds Backdoors and Targets New Plugins

This entry was posted in Research, WordPress Security on August 30, 2019 by Mikey Veenstra   10 Replies

In July, we reported on a malvertising campaign which was distributing redirect and popup code through a number of public vulnerabilities affecting the WordPress ecosystem. As mentioned in the article, we’ve continued tracking this threat for new or changing activity. Much of the campaign remains identical. Known vulnerabilities in WordPress plugins are exploited to inject …
Read More

Follow Us

      


Protect your websites with the #1 WordPress Security Plugin

Get Premium
Over 150 million downloads

Wordfence Newsletter

Get WordPress Security Alerts and Product Updates