Updates on CyberSecurity, WordPress and what we're cooking in the lab today.

Category Archive: Vulnerabilities

12.8% of Sites Have Sensitive File Disclosure Vulnerabilities

This entry was posted in Vulnerabilities, WordPress Security on October 12, 2017 by Dan Moen   5 Replies

As you probably know we launched Gravityscan this May. Gravityscan is a security scanner for any website that serves as a great complement to Wordfence. Yesterday we were analyzing aggregate scan result data from Gravityscan, and we noticed data that surprised us: 12.8% of sites we scan have at least one sensitive file visible to anyone on the internet....read more

Postman SMTP Plugin With Unpatched Vulnerability Removed From Directory

This entry was posted in Vulnerabilities, Wordfence, WordPress Security on October 6, 2017 by Dan Moen   24 Replies

We have received a number of questions regarding the Postman SMTP plugin which was removed from the WordPress.org directory this week. According to an archived snapshot, the plugin is installed on over 100,000 websites. We assume it was removed because it contains a publicly known reflected cross-site scripting (XSS) vulnerability that has not been fixed. Both Wordfence Free and Premium users who have the firewall enabled have been protected against attempts to exploit this vulnerability from day one. In addition, we alerted all Wordfence users who have the plugin installed when it was removed from the plugin directory....read more

3 Zero-Day Plugin Vulnerabilities Being Exploited In The Wild

This entry was posted in Vulnerabilities, WordPress Security on October 2, 2017 by Brad Haas   6 Replies

As part of our site cleaning service, our security analysts track down the method the attacker used to compromise the site. Often this involves quite a bit of investigative work, and recently it led us to find 0-day exploits in three separate plugins. The exploits were elusive: a malicious file seemed to appear out of nowhere, and even sites with access logs only showed a POST request to /wp-admin/admin-ajax.php at the time the file was created. But we captured the attacks in our threat data, and our lead developer Matt Barry was able to reconstruct the exploits. We quickly pushed new WAF rules to block these exploits. Premium customers received the new rules and were protected immediately. We also notified the plugin authors; all three have published updates to fix the vulnerabilities....read more

XSS Vulnerability in WooCommerce Product Vendors Plugin

This entry was posted in Vulnerabilities, WordPress Security on August 31, 2017 by Mark Maunder   3 Replies

A reflected cross site scripting vulnerability has been reported in a premium WordPress plugin for WooCommerce known as the 'Product Vendors' plugin. This plugin is used by 28% of all online WooCommerce stores. Update: As a commenter pointed out, WooCommerce is used by 28% of all online stores, not the affected extension....read more

TrafficTrade Infection Spreading – How to Protect Yourself and Detect TrafficTrade

This entry was posted in Vulnerabilities, Wordfence, WordPress Security on August 8, 2017 by Mark Maunder   37 Replies

We have seen a significant increase in the number of websites affected by malware we refer to as 'TrafficTrade'. This malware is a piece of javascript that an attacker drops into your website content once they have compromised it. Your visitors are then redirected to websites that install malicious browser plugins or serve up spam advertising....read more

WSO Shell: The Hack Is Coming From Inside The House!

This entry was posted in Vulnerabilities, WordPress Security on June 22, 2017 by Andie La-Rosa   12 Replies

Imagine that one day you discover that a burglar has broken into your home and attempted to make off with your big-screen TV. Fearing for your safety, you immediately contact local law enforcement, and they promptly apprehend the criminal. But to your horror, as they drag the burglar away in handcuffs, they have an additional shocking revelation: the burglar has not only been living in the basement of your home for months, entirely undetected by you, but he's also converted your basement into an elaborate base for all of his criminal operations. ...read more

WordPress 4.7.3 Security Release – Upgrade ASAP

This entry was posted in Vulnerabilities, WordPress Security on March 6, 2017 by Mark Maunder   5 Replies

WordPress 4.7.3 has just been released. It is the third in a series of recent security releases for WordPress core....read more

Rapid Growth in Defacements, Who was Hit, Who is Attacking

This entry was posted in General Security, Vulnerabilities, Wordfence, WordPress Security on February 10, 2017 by Mark Maunder   22 Replies

Yesterday we published numbers indicating how widespread the defacement campaign is targeting the REST-API vulnerability recently fixed in WordPress 4.7.2. If you have not updated to 4.7.2 already on all sites you operate, do so immediately. If you are using Wordfence Premium, you are already protected....read more

A Feeding Frenzy to Deface WordPress Sites

This entry was posted in General Security, Research, Vulnerabilities, WordPress Security on February 9, 2017 by Mark Maunder   49 Replies

In this report we share data on the ongoing flood of WordPress REST-API exploits we are seeing in the wild. We include data on 20 different site defacement campaigns we are currently tracking....read more

WordPress 4.7.1 Security Release with PHPMailer Fix

This entry was posted in Vulnerabilities, WordPress Security on January 13, 2017 by Mark Maunder   7 Replies

WordPress 4.7.1 was released on Wednesday. It contains 8 security fixes including a fix for the PHPMailer issue, which we reported on in late December....read more

Get the latest WordPress security updates and news

Sign up for WordPress security alerts, Wordfence product updates and security news via email.