Updates on WordPress security, Wordfence and what we're cooking in the lab today.

Category Archive: Research

Wordfence Blog

Multiple Attack Campaigns Targeting Recent Plugin Vulnerabilities

This entry was posted in Research, WordPress Security on February 24, 2020 by Mikey Veenstra   5 Replies

As part of our ongoing research efforts, the Wordfence Threat Intelligence team continually monitors our network for noteworthy threats facing WordPress. Recently, we’ve been tracking malicious activity targeting several vulnerabilities recently patched in popular plugins. In today’s post, we’ll provide details of our research into two active campaigns. We’ll also share some common indicators of …
Read More

WP-VCD Evolves To Remain Most Prevalent WordPress Infection

This entry was posted in Research, WordPress Security on December 17, 2019 by Mikey Veenstra   2 Replies

Early last month we released a comprehensive paper covering WP-VCD, the most prevalent malware campaign affecting the WordPress ecosystem in recent memory. In this paper we examined the campaign from a number of angles, such as the behavior of the malware itself, its method of distribution, and its evolution over time. The presence of threats …
Read More

WP-VCD: The Malware You Installed On Your Own Site

This entry was posted in Research, WordPress Security on November 04, 2019 by Mikey Veenstra   9 Replies

One of the most prevalent malware infections facing the WordPress ecosystem in recent weeks is a campaign known as WP-VCD. Despite the relatively long existence of the campaign, the Wordfence threat intelligence team has associated WP-VCD with a higher rate of new infections than any other WordPress malware every week since August 2019, and the …
Read More

Ongoing Malvertising Campaign Evolves, Adds Backdoors and Targets New Plugins

This entry was posted in Research, WordPress Security on August 30, 2019 by Mikey Veenstra   10 Replies

In July, we reported on a malvertising campaign which was distributing redirect and popup code through a number of public vulnerabilities affecting the WordPress ecosystem. As mentioned in the article, we’ve continued tracking this threat for new or changing activity. Much of the campaign remains identical. Known vulnerabilities in WordPress plugins are exploited to inject …
Read More

Malicious WordPress Redirect Campaign Attacking Several Plugins

This entry was posted in Research, WordPress Security on August 23, 2019 by Mikey Veenstra   24 Replies

Over the past few weeks, our Threat Intelligence team has been tracking an active attack campaign targeting a selection of new and old WordPress plugin vulnerabilities. These attacks seek to maliciously redirect traffic from victims’ sites to a number of potentially harmful locations. Each of the vulnerabilities targeted by this campaign have been public for …
Read More

Recent WordPress Vulnerabilities Targeted by Malvertising Campaign

This entry was posted in Research, WordPress Security on July 22, 2019 by Mikey Veenstra   7 Replies

The Defiant Threat Intelligence team has identified a malvertising campaign which is causing victims’ sites to display unwanted popup ads and redirect visitors to malicious destinations, including tech support scams, malicious Android APKs, and sketchy pharmaceutical ads. This type of campaign is far from novel, but these attacks drew our attention. By targeting a few …
Read More

Critical Vulnerability Patched in Ad Inserter Plugin

This entry was posted in Research, Vulnerabilities, WordPress Security on July 15, 2019 by Sean Murphy   3 Replies

Description: Authenticated Remote Code Execution Affected Plugin: Ad Inserter Affected Versions: <= 2.4.21 CVSS Score: 9.9 (Critical) CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H On Friday, July 12th, our Threat Intelligence team discovered a vulnerability present in Ad Inserter, a WordPress plugin installed on over 200,000 websites. The weakness allowed authenticated users (Subscribers and above) to execute arbitrary PHP …
Read More

Pipdig Update: Dishonest Denials, Erased Evidence, and Ongoing Offenses

This entry was posted in Research, Vulnerabilities on April 02, 2019 by Mikey Veenstra   25 Replies

In last week’s post, we reported on some concerning code identified in the Pipdig Power Pack (P3) plugin. The plugin, which is installed alongside WordPress themes sold by Pipdig, was found to contain a number of suspicious or malicious features. Among these features were a remote “killswitch” Pipdig could use to destroy sites, an obfuscated …
Read More

Peculiar PHP Present In Popular Pipdig Power Pack (P3) Plugin

This entry was posted in Research, WordPress Security on March 29, 2019 by Mikey Veenstra   36 Replies

This week, our team was notified of suspicious code present in a plugin offered alongside themes sold by Pipdig, a UK-based web development team. The user, who wishes to remain anonymous, reached out to us with concerns that the plugin’s developer can grant themselves administrative access to sites using the plugin, or even delete affected …
Read More

Hackers Abusing Recently Patched Vulnerability In Easy WP SMTP Plugin

This entry was posted in Research, Vulnerabilities, WordPress Security on March 20, 2019 by Mikey Veenstra   26 Replies

Over the weekend, a vulnerability was disclosed and patched in the popular WordPress plugin Easy WP SMTP. The plugin allows users to configure SMTP connections for outgoing email, and has a userbase of over 300,000 active installs. The vulnerability is only present in version 1.3.9 of the plugin, and all of the plugin’s users should …
Read More

Follow Us


Protect your websites with the #1 WordPress Security Plugin

Get Premium
Over 150 million downloads

Wordfence Newsletter

Get WordPress Security Alerts and Product Updates