Updates on WordPress security, Wordfence and what we're cooking in the lab today.

Category Archive: Research

Wordfence Blog

Ongoing Malvertising Campaign Evolves, Adds Backdoors and Targets New Plugins

This entry was posted in Research, WordPress Security on August 30, 2019 by Mikey Veenstra   10 Replies

In July, we reported on a malvertising campaign which was distributing redirect and popup code through a number of public vulnerabilities affecting the WordPress ecosystem. As mentioned in the article, we’ve continued tracking this threat for new or changing activity. Much of the campaign remains identical. Known vulnerabilities in WordPress plugins are exploited to inject …
Read More

Malicious WordPress Redirect Campaign Attacking Several Plugins

This entry was posted in Research, WordPress Security on August 23, 2019 by Mikey Veenstra   24 Replies

Over the past few weeks, our Threat Intelligence team has been tracking an active attack campaign targeting a selection of new and old WordPress plugin vulnerabilities. These attacks seek to maliciously redirect traffic from victims’ sites to a number of potentially harmful locations. Each of the vulnerabilities targeted by this campaign have been public for …
Read More

Recent WordPress Vulnerabilities Targeted by Malvertising Campaign

This entry was posted in Research, WordPress Security on July 22, 2019 by Mikey Veenstra   7 Replies

The Defiant Threat Intelligence team has identified a malvertising campaign which is causing victims’ sites to display unwanted popup ads and redirect visitors to malicious destinations, including tech support scams, malicious Android APKs, and sketchy pharmaceutical ads. This type of campaign is far from novel, but these attacks drew our attention. By targeting a few …
Read More

Critical Vulnerability Patched in Ad Inserter Plugin

This entry was posted in Research, Vulnerabilities, WordPress Security on July 15, 2019 by Sean Murphy   3 Replies

Description: Authenticated Remote Code Execution Affected Plugin: Ad Inserter Affected Versions: <= 2.4.21 CVSS Score: 9.9 (Critical) CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H On Friday, July 12th, our Threat Intelligence team discovered a vulnerability present in Ad Inserter, a WordPress plugin installed on over 200,000 websites. The weakness allowed authenticated users (Subscribers and above) to execute arbitrary PHP …
Read More

Pipdig Update: Dishonest Denials, Erased Evidence, and Ongoing Offenses

This entry was posted in Research, Vulnerabilities on April 02, 2019 by Mikey Veenstra   25 Replies

In last week’s post, we reported on some concerning code identified in the Pipdig Power Pack (P3) plugin. The plugin, which is installed alongside WordPress themes sold by Pipdig, was found to contain a number of suspicious or malicious features. Among these features were a remote “killswitch” Pipdig could use to destroy sites, an obfuscated …
Read More

Peculiar PHP Present In Popular Pipdig Power Pack (P3) Plugin

This entry was posted in Research, WordPress Security on March 29, 2019 by Mikey Veenstra   36 Replies

This week, our team was notified of suspicious code present in a plugin offered alongside themes sold by Pipdig, a UK-based web development team. The user, who wishes to remain anonymous, reached out to us with concerns that the plugin’s developer can grant themselves administrative access to sites using the plugin, or even delete affected …
Read More

Hackers Abusing Recently Patched Vulnerability In Easy WP SMTP Plugin

This entry was posted in Research, Vulnerabilities, WordPress Security on March 20, 2019 by Mikey Veenstra   26 Replies

Over the weekend, a vulnerability was disclosed and patched in the popular WordPress plugin Easy WP SMTP. The plugin allows users to configure SMTP connections for outgoing email, and has a userbase of over 300,000 active installs. The vulnerability is only present in version 1.3.9 of the plugin, and all of the plugin’s users should …
Read More

XSS Vulnerability in Abandoned Cart Plugin Leads To WordPress Site Takeovers

This entry was posted in Research, Vulnerabilities, WordPress Security on March 11, 2019 by Mikey Veenstra   6 Replies

Last month, a stored cross-site scripting (XSS) flaw was patched in version 5.2.0 of the popular WordPress plugin Abandoned Cart Lite For WooCommerce. The plugin, which we’ll be referring to by its slug woocommerce-abandoned-cart, allows the owners of WooCommerce sites to track abandoned shopping carts in order to recover those sales. A lack of sanitation on …
Read More

Vulnerabilities Patched in WP Cost Estimation Plugin

This entry was posted in Research, Vulnerabilities, WordPress Security on February 13, 2019 by Mikey Veenstra   2 Replies

At the end of January, Wordfence security analysts identified attackers exploiting vulnerabilities in outdated versions of the commercial plugin WP Cost Estimation & Payment Forms Builder, or WP Cost Estimation for short. These flaws were found and patched by the developer a few months ago, but no official public disclosure was made at the time. Following …
Read More

WordPress Sites Compromised via Zero-Day Vulnerabilities in Total Donations Plugin

This entry was posted in Research, Vulnerabilities, WordPress Security on January 25, 2019 by Mikey Veenstra   6 Replies

The Wordfence Threat Intelligence team recently identified multiple critical vulnerabilities in the commercial Total Donations plugin for WordPress. These vulnerabilities, present in all known versions of the plugin up to and including 2.0.5, are being exploited by malicious actors to gain administrative access to affected WordPress sites. We have reserved CVE-2019-6703 to track and reference these vulnerabilities …
Read More

Follow Us

      


Protect your websites with the #1 WordPress Security Plugin

Get Premium
Over 100 million downloads

Wordfence Newsletter

Get WordPress Security Alerts and Product Updates