This entry was posted in Research, Vulnerabilities, WordPress Security on September 17, 2020 by Ram Gall 1 Reply
On August 20, 2020, the Wordfence Threat Intelligence team was made aware of several vulnerabilities that had been patched in Discount Rules for WooCommerce, a WordPress plugin installed on over 40,000 sites. We released a firewall rule to protect against these vulnerabilities the same day. During our investigation, we also discovered a separate set of …
Read More
This entry was posted in General Security, Wordfence, WordPress Security on September 16, 2020 by Chloe Chamberland 6 Replies
Yesterday, September 15, 2020, the Wordfence Live team covered The Hacker Motive: What Attackers Are Doing with Your Hacked Site. This companion blog post reviews the motives we discussed live during Wordfence Live and dives deeper into the minds of attackers. You can watch the video of Wordfence Live below. Timestamps You can click on …
Read More
This entry was posted in Research, Vulnerabilities, WordPress Security on September 10, 2020 by Ram Gall 5 Replies
Last week, we covered a vulnerability in the File Manager plugin installed on over 700,000 WordPress sites. By Friday, September 4, 2020, we recorded attacks on over 1.7 million sites, and by today, September 10, 2020 the total number of sites attacked has increased to over 2.6 million. We’ve seen evidence of multiple threat actors …
Read More
This entry was posted in Vulnerabilities, WordPress Security on September 04, 2020 by Ram Gall 13 Replies
The Wordfence Threat Intelligence team is seeing a dramatic increase in attacks targeting the recent 0-day in the WordPress File Manager plugin. This plugin is installed on over 700,000 WordPress websites, and we estimate that 37.4% or 261,800 websites are still running vulnerable versions of this plugin at the time of this publication. Attacks are …
Read More
This entry was posted in Research, Vulnerabilities, WordPress Security on September 01, 2020 by Chloe Chamberland 16 Replies
This morning, on September 1, 2020, the Wordfence Threat Intelligence team was alerted to the presence of a vulnerability being actively exploited in File Manager, a WordPress plugin with over 700,000 active installations. This vulnerability allowed unauthenticated users to execute commands and upload malicious files on a target site. A patch was released this morning …
Read More
This entry was posted in Research, Vulnerabilities, WordPress Security on August 20, 2020 by Ram Gall 2 Replies
On August 13, 2020, the Wordfence Threat Intelligence team finished investigating two vulnerabilities in Advanced Access Manager, a WordPress plugin with over 100,000 installations, including a high-severity Authorization Bypass vulnerability that could lead to privilege escalation and site takeover. We reached out to the plugin’s author the next day, on August 14, 2020, and received …
Read More
This entry was posted in General Security, Wordfence, WordPress Security on August 19, 2020 by Chloe Chamberland 15 Replies
Yesterday, August 18, 2020, the Wordfence Live team covered 10 WordPress Security Mistakes You Might be Making. This companion blog post reviews the recommendations we provided to avoid these mistakes and better secure your WordPress environment. You can watch the video of Wordfence Live below. Timestamps You can click on these timestamps to jump around …
Read More
This entry was posted in Research, Vulnerabilities, WordPress Security on August 13, 2020 by Chloe Chamberland 1 Reply
On July 17, 2020, our Threat Intelligence team discovered two vulnerabilities in Quiz and Survey Master (QSM), a WordPress plugin installed on over 30,000 sites. These flaws made it possible for unauthenticated attackers to upload arbitrary files and achieve remote code execution, as well as delete arbitrary files like a site’s wp-config.php file which could …
Read More
This entry was posted in WordPress Security on August 06, 2020 by Matt Barry 35 Replies
A new feature that will allow automatic updating of plugins and themes will be available in WordPress version 5.5, which is scheduled to be released on August 11, 2020. In this core release of the world’s most popular content management system, site owners will have the option to turn auto-updates on for individual plugins and …
Read More
This entry was posted in Research, Vulnerabilities, WordPress Security on August 04, 2020 by Chloe Chamberland 0 Replies
On June 26, 2020, our Threat Intelligence team discovered a vulnerability in The Official Facebook Chat Plugin, a WordPress plugin installed on over 80,000 sites. This flaw made it possible for low-level authenticated attackers to connect their own Facebook Messenger account to any site running the vulnerable plugin and engage in chats with site visitors …
Read More
