Updates on WordPress security, Wordfence and what we're cooking in the lab today.

Author Archive: Ram Gall

Wordfence Blog

Episode 104: Cryptography Demystified

This entry was posted in Podcasts on February 12, 2021 by Ram Gall   0 Replies

This week, the Wordfence team discusses cryptography in depth, including the basics, a brief history, hashing, and the Crypto Wars. We also go over current news, including 2 new findings by the Wordfence Threat Intelligence team, a new milestone for WordPress, and a recent attack on a Florida Town’s water supply. Here are timestamps and …
Read More

Severe Vulnerabilities Patched in NextGen Gallery Affect over 800,000 WordPress Sites

This entry was posted in Research, Vulnerabilities, WordPress Security on February 08, 2021 by Ram Gall   4 Replies

On December 14, 2020, the Wordfence Threat Intelligence team finished researching two Cross-Site Request Forgery (CSRF) vulnerabilities in NextGen Gallery, a WordPress plugin with over 800,000 installations, including a critical severity vulnerability that could lead to Remote Code Execution(RCE) and Stored Cross-Site Scripting(XSS). Exploitation of these vulnerabilities could lead to a site takeover, malicious redirects, …
Read More

The Wordfence 2020 WordPress Threat Report

This entry was posted in General Security, Research, Wordfence, WordPress Security on January 27, 2021 by Ram Gall   4 Replies

Over the course of 2020, and in the process of protecting over 4 million WordPress customers, the Wordfence Threat Intelligence team gathered a massive amount of raw data from attacks targeting WordPress and infection trends, in addition to the malware samples gathered by our Site Cleaning team. Attacks on WordPress can be categorized in three …
Read More

Episode 101: Supporting Remote Students with Free Site Audits & Cleanings

This entry was posted in Podcasts on January 22, 2021 by Ram Gall   0 Replies

Wordfence announces a new program offering free site cleaning and site audits to public schools in the United States. We talk about why we’re offering this program and how to help schools take advantage of it. We also talk about the growing prevalence of WordPress as a content management system and how the incoming administration …
Read More

Uncovering Potential Issues with the Contact Form 7 Vulnerability: More Data Needed

This entry was posted in Vulnerabilities, WordPress Security on January 18, 2021 by Ram Gall   11 Replies

Update: The Proof of Concept posted on exploit-db has been removed since the publication of this article. We have updated the link to point to an archived copy. On December 17, 2020, the Astra research security team disclosed that they had discovered a critical severity Unrestricted File Upload vulnerability in Contact Form 7, the most …
Read More

SolarWinds and Supply Chain Attacks: Could it happen to WordPress?

This entry was posted in General Security, WordPress Security on December 23, 2020 by Ram Gall   2 Replies

The SolarWinds supply chain attack is all over the news, impacting government agencies, telecommunications firms, and other large organizations. The security firm FireEye was the first victim of the attack, disclosing that they had been hacked on December 8, 2020. On December 13th the US Treasury Department announced that it had also been compromised. At …
Read More

A Challenging Exploit: The Contact Form 7 File Upload Vulnerability

This entry was posted in Vulnerabilities, WordPress Security on December 17, 2020 by Ram Gall   1 Reply

Contact Form 7, arguably the most widely used WordPress plugin, released a security patch for an unrestricted file upload vulnerability in all versions 5.3.1 and lower. The WordPress plugin directory lists 5+ million sites using Contact Form 7, but we estimate that it has at least 10 million installations. One of the important features of …
Read More

The NoneNone Brute Force Attacks: Even Hackers Need QA

This entry was posted in Research, WordPress Security on December 17, 2020 by Ram Gall   33 Replies

For the last few weeks we’ve seen and blocked an increase in brute-force, credential stuffing, and dictionary attacks targeting the WordPress xmlrpc.php endpoint, on some days exceeding 150 million attacks against 1.9 million sites in a 24-hour period. These attacks attempt to guess the password of an authorized user on a site, and some of …
Read More

Episode 98: How Application Passwords Work in WordPress 5.6

This entry was posted in Podcasts on December 11, 2020 by Ram Gall   0 Replies

WordPress 5.6 was released this week with a new feature called application passwords. In this episode we talk about how application passwords work, where to find them in your WordPress installation, and why Wordfence decided to turn these off by default in version 7.4.14. We also talk about a new Magecart attack that places card …
Read More

Reflected XSS in PageLayer Plugin Affects Over 200,000 WordPress Sites

This entry was posted in Research, Vulnerabilities, WordPress Security on December 10, 2020 by Ram Gall   2 Replies

On November 4, 2020, the Wordfence Threat Intelligence team found two reflected Cross-Site Scripting (XSS) vulnerabilities in PageLayer, a WordPress plugin installed on over 200,000 sites. These vulnerabilities could lead to an attacker executing malicious Javascript in an administrator’s browser, which could lead to takeover of a vulnerable WordPress site. We contacted the plugin’s publisher, …
Read More

Follow Us

      


Protect your websites with the #1 WordPress Security Plugin

Get Premium
Over 150 million downloads

Wordfence Newsletter

Get WordPress Security Alerts and Product Updates