Chloe Chamberland, Author at Wordfence

Easily Exploitable Vulnerabilities Patched in WP Database Reset Plugin

This entry was posted in Vulnerabilities, WordPress Security on January 16, 2020 by Chloe Chamberland 1 Reply

On January 7th, our Threat Intelligence team discovered vulnerabilities in WP Database Reset, a WordPress plugin installed on over 80,000 websites. One of these flaws allowed any unauthenticated user to reset any table from the database to the initial WordPress set-up state, while the other flaw allowed any authenticated user, even those with minimal permissions, …
Read More

Multiple Vulnerabilities Patched in Minimal Coming Soon & Maintenance Mode – Coming Soon Page Plugin

This entry was posted in Vulnerabilities, WordPress Security on January 08, 2020 by Chloe Chamberland 5 Replies

A few weeks ago, our threat intelligence team discovered several vulnerabilities present in Minimal Coming Soon & Maintenance Mode – Coming Soon Page, a WordPress plugin installed on over 80,000 websites. The most severe weakness allowed for an attacker to exploit Cross Site Request Forgery (CSRF) and enable maintenance mode while injecting cross-site scripting (XSS), …
Read More

Critical Vulnerability Patched in 301 Redirects – Easy Redirect Manager

This entry was posted in Vulnerabilities, WordPress Security on December 19, 2019 by Chloe Chamberland 3 Replies

Description: Authenticated Arbitrary Redirect Injection and Modification Affected Plugin: 301 Redirects – Easy Redirect Manager CVSS Score: 9.0 (Critical) CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H CVE ID: CVE-2019-19915 Affected Versions: <= 2.40 Patched Version: 2.45 On Friday December 13th, our Threat Intelligence team discovered vulnerabilities present in 301 Redirects – Easy Redirect Manager, a WordPress plugin installed on …
Read More

High Severity Vulnerability Patched in WP Maintenance Plugin

This entry was posted in Vulnerabilities, WordPress Security on November 19, 2019 by Chloe Chamberland 4 Replies

Description: Cross-Site Request Forgery to Stored Cross-Site Scripting CVE ID: CVE-2019-19979 CVSS v3.0 Score: 8.8 (High) CVSS Vector String: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:H Affected Plugin: WP Maintenance Plugin Slug: wp-maintenance Affected Versions: <= 5.0.5 Patched Version: 5.0.6 On November 15th, 2019, our Threat Intelligence team identified a vulnerability present in WP Maintenance, a WordPress plugin with approximately 30,000+ active installs. …
Read More

Multiple Vulnerabilities Patched in Email Subscribers & Newsletters Plugin

This entry was posted in Vulnerabilities, WordPress Security on November 13, 2019 by Chloe Chamberland 0 Replies

A few weeks ago, our Threat Intelligence team identified several vulnerabilities present in Email Subscribers & Newsletters, a WordPress plugin with approximately 100,000+ active installs. We disclosed this issue privately to the plugin’s development team who responded quickly, releasing interim patches just a few days after our initial disclosure. The plugin team also worked with …
Read More

Medium Severity Vulnerability Patched in Fast Velocity Minify Plugin

This entry was posted in Vulnerabilities, WordPress Security on October 16, 2019 by Chloe Chamberland 2 Replies

Description: Full Path Disclosure CVE ID: CVE-2019-19983 CVSS v3.0 Score: 4.3 (Medium) CVSS Vector String: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N Affected Plugin: Fast Velocity Minify Plugin Slug: fast-velocity-minify Affected Versions: <= 2.7.6 Patched Version: 2.7.7 A few days ago, our Threat Intelligence team identified a vulnerability present in Fast Velocity Minify, a WordPress plugin with approximately 80,000+ active installs. …
Read More

Authentication Bypass Vulnerability in GiveWP Plugin

This entry was posted in Vulnerabilities, WordPress Security on September 26, 2019 by Chloe Chamberland 0 Replies

Description: Authentication Bypass with Information Disclosure CVSS v3.0 Score: 7.5 (High) CVSS Vector String: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Plugin: GiveWP Plugin Slug: give Affected Versions: <= 2.5.4 Patched Version: 2.5.5 A few weeks ago, our Threat Intelligence team discovered a vulnerability present in GiveWP, a WordPress plugin installed on over 70,000 websites. The weakness allowed unauthenticated users to bypass …
Read More

Updates on WordPress security, Wordfence and what we're cooking in the lab today.

Wordfence Blog

Easily Exploitable Vulnerabilities Patched in WP Database Reset Plugin

Multiple Vulnerabilities Patched in Minimal Coming Soon & Maintenance Mode – Coming Soon Page Plugin

Critical Vulnerability Patched in 301 Redirects – Easy Redirect Manager

High Severity Vulnerability Patched in WP Maintenance Plugin

Multiple Vulnerabilities Patched in Email Subscribers & Newsletters Plugin

Medium Severity Vulnerability Patched in Fast Velocity Minify Plugin

Authentication Bypass Vulnerability in GiveWP Plugin

Follow Us

Categories

Recent Posts

Updates on WordPress security, Wordfence and what we're cooking in the lab today.

Wordfence Blog

Easily Exploitable Vulnerabilities Patched in WP Database Reset Plugin

Multiple Vulnerabilities Patched in Minimal Coming Soon & Maintenance Mode – Coming Soon Page Plugin

Critical Vulnerability Patched in 301 Redirects – Easy Redirect Manager

High Severity Vulnerability Patched in WP Maintenance Plugin

Multiple Vulnerabilities Patched in Email Subscribers & Newsletters Plugin

Medium Severity Vulnerability Patched in Fast Velocity Minify Plugin

Authentication Bypass Vulnerability in GiveWP Plugin

Follow Us

Categories

Recent Posts

Wordfence Newsletter