Updates on WordPress security, Wordfence and what we're cooking in the lab today.

Category Archive: Research

Wordfence Blog

2 Million Users Affected by Vulnerability in All in One SEO Pack

This entry was posted in Research, Vulnerabilities, WordPress Security on July 16, 2020 by Chloe Chamberland   0 Replies

On July 10, 2020, our Threat Intelligence team discovered a vulnerability in All In One SEO Pack, a WordPress plugin installed on over 2 million sites. This flaw allowed authenticated users with contributor level access or above the ability to inject malicious scripts that would be executed if a victim accessed the wp-admin panel’s ‘all …
Read More

XSS Flaw Impacting 100,000 Sites Patched in KingComposer

This entry was posted in Research, Vulnerabilities, WordPress Security on July 09, 2020 by Ram Gall   2 Replies

On June 15, 2020, our Threat Intelligence team was made aware of a number of access control vulnerabilities that had recently been disclosed in KingComposer, a WordPress plugin installed on over 100,000 sites. During our investigation of these vulnerabilities, we discovered an unpatched reflected Cross-Site Scripting(XSS) vulnerability. Wordfence Premium customers received a new firewall rule …
Read More

Critical Vulnerabilities Patched in Adning Advertising Plugin

This entry was posted in Research, Vulnerabilities, WordPress Security on July 08, 2020 by Ram Gall   3 Replies

On June 24, 2020, our Threat Intelligence team was made aware of a possible vulnerability in the Adning Advertising plugin, a premium plugin with over 8,000 customers. We eventually discovered 2 vulnerabilities, one of which was a critical vulnerability that allowed an unauthenticated attacker to upload arbitrary files, leading to Remote Code Execution(RCE), which could …
Read More

Large Scale Attack Campaign Targets Database Credentials

This entry was posted in General Security, Research, WordPress Security on June 03, 2020 by Ram Gall   24 Replies

Between May 29 and May 31, 2020, the Wordfence Firewall blocked over 130 million attacks intended to harvest database credentials from 1.3 million sites by downloading their configuration files. The peak of this attack campaign occurred on May 30, 2020. At this point, attacks from this campaign accounted for 75% of all attempted exploits of …
Read More

High Severity Vulnerabilities in PageLayer Plugin Affect Over 200,000 WordPress Sites

This entry was posted in Research, Vulnerabilities, WordPress Security on May 28, 2020 by Chloe Chamberland   0 Replies

A few weeks ago, our Threat Intelligence team discovered several vulnerabilities present in Page Builder: PageLayer – Drag and Drop website builder, a WordPress plugin actively installed on over 200,000 sites. The plugin is from the same creators as wpCentral, a plugin within which we recently discovered a privilege escalation vulnerability. One flaw allowed any …
Read More

The Elementor Attacks: How Creative Hackers Combined Vulnerabilities to Take Over WordPress Sites

This entry was posted in Research, Vulnerabilities, WordPress Security on May 19, 2020 by Chloe Chamberland   4 Replies

On May 6, our Threat Intelligence team was alerted to a zero-day vulnerability present in Elementor Pro, a WordPress plugin installed on approximately 1 million sites. That vulnerability was being exploited in conjunction with another vulnerability found in Ultimate Addons for Elementor, a WordPress plugin installed on approximately 110,000 sites. We immediately released a firewall …
Read More

Vulnerability in Google WordPress Plugin Grants Attacker Search Console Access

This entry was posted in Research, Vulnerabilities, WordPress Security on May 13, 2020 by Chloe Chamberland   0 Replies

On April 21st, our Threat Intelligence team discovered a vulnerability in Site Kit by Google, a WordPress plugin installed on over 300,000 sites. This flaw allows any authenticated user, regardless of capability, to become a Google Search Console owner for any site running the Site Kit by Google plugin. We filed a security issue report …
Read More

High Severity Vulnerability Patched in Ninja Forms

This entry was posted in Research, Vulnerabilities, WordPress Security on April 29, 2020 by Ram Gall   3 Replies

On April 27, 2020, the Wordfence Threat Intelligence team discovered a Cross-Site Request Forgery(CSRF) vulnerability in Ninja Forms, a WordPress plugin with over 1 million installations. This vulnerability could allow an attacker to trick an administrator into importing a contact form containing malicious JavaScript and replace any existing contact form with the malicious version. We …
Read More

High Severity Vulnerability Patched in Real-Time Find and Replace Plugin

This entry was posted in Research, Vulnerabilities, WordPress Security on April 27, 2020 by Chloe Chamberland   0 Replies

On April 22, 2020, our Threat Intelligence team discovered a vulnerability in Real-Time Find and Replace, a WordPress plugin installed on over 100,000 sites. This flaw could allow any user to inject malicious Javascript anywhere on a site if they could trick a site’s administrator into performing an action, like clicking on a link in …
Read More

Multiple Attack Campaigns Targeting Recent Plugin Vulnerabilities

This entry was posted in Research, WordPress Security on February 24, 2020 by Mikey Veenstra   5 Replies

As part of our ongoing research efforts, the Wordfence Threat Intelligence team continually monitors our network for noteworthy threats facing WordPress. Recently, we’ve been tracking malicious activity targeting several vulnerabilities recently patched in popular plugins. In today’s post, we’ll provide details of our research into two active campaigns. We’ll also share some common indicators of …
Read More

Follow Us

      


Protect your websites with the #1 WordPress Security Plugin

Get Premium
Over 150 million downloads

Wordfence Newsletter

Get WordPress Security Alerts and Product Updates