Updates on CyberSecurity, WordPress and what we're cooking in the lab today.

Category Archive: Vulnerabilities

WordPress 4.7.3 Security Release – Upgrade ASAP

This entry was posted in Vulnerabilities, WordPress Security on March 6, 2017 by Mark Maunder   5 Replies

WordPress 4.7.3 has just been released. It is the third in a series of recent security releases for WordPress core....read more

Rapid Growth in Defacements, Who was Hit, Who is Attacking

This entry was posted in General Security, Vulnerabilities, Wordfence, WordPress Security on February 10, 2017 by Mark Maunder   22 Replies

Yesterday we published numbers indicating how widespread the defacement campaign is targeting the REST-API vulnerability recently fixed in WordPress 4.7.2. If you have not updated to 4.7.2 already on all sites you operate, do so immediately. If you are using Wordfence Premium, you are already protected....read more

A Feeding Frenzy to Deface WordPress Sites

This entry was posted in General Security, Research, Vulnerabilities, WordPress Security on February 9, 2017 by Mark Maunder   47 Replies

In this report we share data on the ongoing flood of WordPress REST-API exploits we are seeing in the wild. We include data on 20 different site defacement campaigns we are currently tracking....read more

WordPress 4.7.1 Security Release with PHPMailer Fix

This entry was posted in Vulnerabilities, WordPress Security on January 13, 2017 by Mark Maunder   7 Replies

WordPress 4.7.1 was released on Wednesday. It contains 8 security fixes including a fix for the PHPMailer issue, which we reported on in late December....read more

Critical Vulnerability in PHPMailer. Affects WP Core.

This entry was posted in General Security, Vulnerabilities, WordPress Security on December 26, 2016 by Mark Maunder   68 Replies

A critical remote code execution vulnerability in PHPMailer has been discovered by Polish researcher Dawid Golunski. The vulnerability was announced on legalhackers.com yesterday but proof of concept exploit details were not included....read more

Avoid Malware Scanners That Use Insecure Hashing

This entry was posted in General Security, Learning, Vulnerabilities, Wordfence, WordPress Security on December 6, 2016 by Mark Maunder   37 Replies

In this post I'm going to discuss a major problem that exists with several WordPress malware scanners: The use of weak hashing algorithms for good and bad file identification. Some malware and antivirus scanners outside of WordPress suffer from this same issue....read more

Top 50 Most Attacked WordPress Plugins This Week

This entry was posted in Research, Vulnerabilities, Wordfence, WordPress Security on August 17, 2016 by Mark Maunder   56 Replies

Last week we shared the top 20 most attacked WordPress themes and an explanation of why many of them are targeted. This week we've dug deep into the data and we are publishing the top 50 most attacked WordPress plugins during the past 7 days....read more

This Week’s Top 20 Attacked Themes and Who is Attacking Them

This entry was posted in Research, Vulnerabilities, Wordfence, WordPress Security on August 9, 2016 by Mark Maunder   41 Replies

Today we're publishing statistics on the attacks we are seeing on themes across the WordPress ecosystem. The Wordfence Firewall provides us with attack telemetry across a large number of sites that we protect. The data we're sharing today is based on the following high level metrics:...read more

Profile of a Russian Attack IP

This entry was posted in Research, Vulnerabilities, Wordfence, WordPress Security on August 3, 2016 by Mark Maunder   71 Replies

At Wordfence we track attacks across all our customer sites, both free and paid to learn more about attacker tactics, techniques and procedures (TTP's). Mining this data helps us improve Wordfence Firewall, Wordfence's Scan and our other features and to do a better job of keeping you safe....read more

Vulnerability Roundup for Thursday July 28th

This entry was posted in Vulnerabilities, WordPress Security on July 28, 2016 by Mark Maunder   12 Replies

This is a roundup of recent vulnerabilities in WordPress plugins that you should be aware of....read more

Get the latest WordPress security updates and news

Sign up for WordPress security alerts, Wordfence product updates and security news via email.