Updates on CyberSecurity, WordPress and what we're cooking in the lab today.

Category Archive: Vulnerabilities

WordPress 4.7.1 Security Release with PHPMailer Fix

This entry was posted in Vulnerabilities, WordPress Security on January 13, 2017 by Mark Maunder   6 Replies   

WordPress 4.7.1 was released on Wednesday. It contains 8 security fixes including a fix for the PHPMailer issue, which we reported on in late December....read more

Critical Vulnerability in PHPMailer. Affects WP Core.

This entry was posted in General Security, Vulnerabilities, WordPress Security on December 26, 2016 by Mark Maunder   68 Replies   

A critical remote code execution vulnerability in PHPMailer has been discovered by Polish researcher Dawid Golunski. The vulnerability was announced on legalhackers.com yesterday but proof of concept exploit details were not included....read more

Avoid Malware Scanners That Use Insecure Hashing

This entry was posted in General Security, Learning, Vulnerabilities, Wordfence, WordPress Security on December 6, 2016 by Mark Maunder   37 Replies   

In this post I'm going to discuss a major problem that exists with several WordPress malware scanners: The use of weak hashing algorithms for good and bad file identification. Some malware and antivirus scanners outside of WordPress suffer from this same issue....read more

Top 50 Most Attacked WordPress Plugins This Week

This entry was posted in Research, Vulnerabilities, Wordfence, WordPress Security on August 17, 2016 by Mark Maunder   56 Replies   

Last week we shared the top 20 most attacked WordPress themes and an explanation of why many of them are targeted. This week we've dug deep into the data and we are publishing the top 50 most attacked WordPress plugins during the past 7 days....read more

This Week’s Top 20 Attacked Themes and Who is Attacking Them

This entry was posted in Research, Vulnerabilities, Wordfence, WordPress Security on August 9, 2016 by Mark Maunder   41 Replies   

Today we're publishing statistics on the attacks we are seeing on themes across the WordPress ecosystem. The Wordfence Firewall provides us with attack telemetry across a large number of sites that we protect. The data we're sharing today is based on the following high level metrics:...read more

Profile of a Russian Attack IP

This entry was posted in Research, Vulnerabilities, Wordfence, WordPress Security on August 3, 2016 by Mark Maunder   71 Replies   

At Wordfence we track attacks across all our customer sites, both free and paid to learn more about attacker tactics, techniques and procedures (TTP's). Mining this data helps us improve Wordfence Firewall, Wordfence's Scan and our other features and to do a better job of keeping you safe....read more

Vulnerability Roundup for Thursday July 28th

This entry was posted in Vulnerabilities, WordPress Security on July 28, 2016 by Mark Maunder   12 Replies   

This is a roundup of recent vulnerabilities in WordPress plugins that you should be aware of....read more

Vulnerability in Easy Forms for MailChimp 6.1.2 and older

This entry was posted in Vulnerabilities, WordPress Security on July 28, 2016 by Dan Moen   1 Reply   

Panagiotis Vagenas, a Wordfence Security Researcher, has discovered a reflected cross site scripting vulnerability in the Easy Forms for MailChimp plugin for WordPress. There are over 40,000 active installations according to wordpress.org. We shared the details of the vulnerability with the author on Monday and they released version 6.1.3 on Tuesday, which includes a fix for the vulnerability....read more

New Vulnerability in All in One SEO Pack Plugin 2.3.7 and earlier

This entry was posted in Vulnerabilities, Wordfence, WordPress Security on July 13, 2016 by Dan Moen   13 Replies   

Yesterday morning Panagiotis Vagenas, a Wordfence Security Researcher, discovered a new vulnerability in the All in One SEO Pack WordPress plugin. This is in addition to another serious vulnerability we wrote about yesterday morning in the same plugin....read more

Serious Vulnerability in All in One SEO Pack Plugin 2.3.6.1 and earlier

This entry was posted in Vulnerabilities, Wordfence, WordPress Security on July 12, 2016 by Mark Maunder   9 Replies   

There is a serious stored cross site scripting (XSS) vulnerability in All in One SEO Pack Plugin versions 2.3.6.1 and older. This plugin is installed on over 1 million active websites and is extremely popular and widely used....read more

Get the latest WordPress security updates and news

Sign up for WordPress security alerts, Wordfence product updates and security news via email.