Updates on WordPress security, Wordfence and what we're cooking in the lab today.

Category Archive: Research

Wordfence Blog

Unauthenticated XSS Vulnerability Patched in HTML Email Template Designer Plugin

This entry was posted in Research, Vulnerabilities, WordPress Security on January 19, 2022 by Chloe Chamberland   0 Replies

On December 23, 2021 the Wordfence Threat Intelligence team initiated the responsible disclosure process for a vulnerability we discovered in “WordPress Email Template Designer – WP HTML Mail”, a WordPress plugin that is installed on over 20,000 sites. This flaw made it possible for an unauthenticated attacker to inject malicious JavaScript that would execute whenever …
Read More

84,000 WordPress Sites Affected by Three Plugins With The Same Vulnerability

This entry was posted in Research, Vulnerabilities, WordPress Security on January 13, 2022 by Chloe Chamberland   2 Replies

On November 5, 2021 the Wordfence Threat Intelligence team initiated the responsible disclosure process for a vulnerability we discovered in “Login/Signup Popup”, a WordPress plugin that is installed on over 20,000 sites. A few days later we discovered the same vulnerability present in two additional plugins developed by the same author: “Side Cart Woocommerce (Ajax)”, …
Read More

1.6 Million WordPress Sites Hit With 13.7 Million Attacks In 36 Hours From 16,000 IPs

This entry was posted in Research, Vulnerabilities, WordPress Security on December 09, 2021 by Chloe Chamberland   17 Replies

Today, on December 9, 2021, our Threat Intelligence team noticed a drastic uptick in attacks targeting vulnerabilities that make it possible for attackers to update arbitrary options on vulnerable sites. This led us into an investigation which uncovered an active attack targeting over a million WordPress sites. Over the past 36 hours, the Wordfence network …
Read More

Authentication Bypass Vulnerability Patched in User Registration Plugin

This entry was posted in Research, Vulnerabilities, WordPress Security on December 08, 2021 by Marco Wotschka   3 Replies

Note: To receive disclosures like this in your inbox the moment they’re published, you can subscribe to our WordPress Security Mailing List. On September 16, 2021 the Wordfence Threat Intelligence team initiated the responsible disclosure process for a vulnerability we discovered in “RegistrationMagic – Custom Registration Forms, User Registration and User Login”, a WordPress plugin …
Read More

XSS Vulnerability Patched in Plugin Designed to Enhance WooCommerce

This entry was posted in Research, Vulnerabilities, WordPress Security on December 01, 2021 by Chloe Chamberland   6 Replies

Note: To receive disclosures like this in your inbox the moment they’re published, you can subscribe to our WordPress Security Mailing List. On November 11, 2021 the Wordfence Threat Intelligence team initiated the responsible disclosure process for a vulnerability we discovered in “Variation Swatches for WooCommerce”, a WordPress plugin that is installed on over 80,000 …
Read More

AWS Attacks Targeting WordPress Increase 5X

This entry was posted in Research, WordPress Security on November 24, 2021 by Ram Gall   4 Replies

The Wordfence Threat Intelligence team has been tracking a huge increase in malicious login attempts against WordPress sites in our network. Since November 17, 2021, the number of attacks targeting login pages has doubled. We’ve seen a global increase in attacks against WordPress sites during the past week, and more than a quarter of all …
Read More

WooCommerce Extension – Reflected XSS Vulnerability

This entry was posted in Research, Vulnerabilities, WordPress Security on November 17, 2021 by Chloe Chamberland   2 Replies

Note: To receive disclosures like this in your inbox the moment they’re published, you can subscribe to our WordPress Security Mailing List. On November 1, 2021 the Wordfence Threat Intelligence team initiated the responsible disclosure process for a vulnerability we discovered in “Preview E-mails for WooCommerce”, a WordPress plugin that is an extension for WooCommerce, …
Read More

Over 1 Million Sites Impacted by Vulnerability in Starter Templates Plugin

This entry was posted in Research, Vulnerabilities, WordPress Security on November 11, 2021 by Ram Gall   7 Replies

On October 4, 2021, the Wordfence Threat Intelligence team initiated the responsible disclosure process for the Starter Templates plugin, which is installed on over 1 Million WordPress websites. The full name of the WordPress plugin is “Starter Templates — Elementor, Gutenberg & Beaver Builder Templates”, but we are referring to it in this post as …
Read More

Vulnerability in WP DSGVO Tools (GDPR) Plugin Allows Unauthenticated Page Deletion

This entry was posted in Research, Vulnerabilities, WordPress Security on November 02, 2021 by Ram Gall   0 Replies

Note: To receive disclosures like this in your inbox the moment they’re published, you can subscribe to our WordPress Security Mailing List. On September 27, 2021, the Wordfence Threat Intelligence team initiated the disclosure process for a vulnerability we found in WP DSGVO Tools (GDPR), a WordPress plugin with over 30,000 installations. We were investigating …
Read More

XSS Vulnerability in NextScripts: Social Networks Auto-Poster Plugin Impacts 100,000 Sites

This entry was posted in Research, Vulnerabilities, WordPress Security on October 28, 2021 by Ram Gall   0 Replies

Note: To receive disclosures like this in your inbox the moment they’re published, you can subscribe to our WordPress Security Mailing List. On August 19, 2021, the Wordfence Threat Intelligence team began the disclosure process for a reflected Cross-Site Scripting(XSS) vulnerability we found in NextScripts: Social Networks Auto-Poster, a WordPress plugin with over 100,000 installations. …
Read More

Follow Us

      


Protect your websites with the #1 WordPress Security Plugin

Get Premium
Over 200 million downloads

Wordfence Newsletter

Get WordPress Security Alerts and Product Updates