This entry was posted in Research, Vulnerabilities, WordPress Security on December 01, 2021 by Chloe Chamberland 5 Replies
Note: To receive disclosures like this in your inbox the moment they’re published, you can subscribe to our WordPress Security Mailing List. On November 11, 2021 the Wordfence Threat Intelligence team initiated the responsible disclosure process for a vulnerability we discovered in “Variation Swatches for WooCommerce”, a WordPress plugin that is installed on over 80,000 …
Read More
This entry was posted in Research, WordPress Security on November 24, 2021 by Ram Gall 4 Replies
The Wordfence Threat Intelligence team has been tracking a huge increase in malicious login attempts against WordPress sites in our network. Since November 17, 2021, the number of attacks targeting login pages has doubled. We’ve seen a global increase in attacks against WordPress sites during the past week, and more than a quarter of all …
Read More
This entry was posted in General Security, PSA, WordPress Security on November 23, 2021 by Ram Gall 9 Replies
Yesterday GoDaddy disclosed a massive data breach impacting over 1.2 Million customers. Today, we received confirmation from GoDaddy that multiple brands that resell GoDaddy Managed WordPress were impacted. The brands impacted include: tsoHost Media Temple 123Reg Domain Factory Heart Internet Host Europe According to Dan Rice, VP of Corporate Communications at GoDaddy, “The GoDaddy brands …
Read More
This entry was posted in General Security, PSA, WordPress Security on November 22, 2021 by Mark Maunder 38 Replies
There is an update available here: GoDaddy Breach Widens to tsoHost, Media Temple, 123Reg, Domain Factory, Heart Internet, and Host Europe This morning, GoDaddy disclosed that an unknown attacker had gained unauthorized access to the system used to provision the company’s Managed WordPress sites, impacting up to 1.2 million of their WordPress customers. Note that this …
Read More
This entry was posted in Research, Vulnerabilities, WordPress Security on November 17, 2021 by Chloe Chamberland 2 Replies
Note: To receive disclosures like this in your inbox the moment they’re published, you can subscribe to our WordPress Security Mailing List. On November 1, 2021 the Wordfence Threat Intelligence team initiated the responsible disclosure process for a vulnerability we discovered in “Preview E-mails for WooCommerce”, a WordPress plugin that is an extension for WooCommerce, …
Read More
This entry was posted in Research, Vulnerabilities, WordPress Security on November 11, 2021 by Ram Gall 7 Replies
On October 4, 2021, the Wordfence Threat Intelligence team initiated the responsible disclosure process for the Starter Templates plugin, which is installed on over 1 Million WordPress websites. The full name of the WordPress plugin is “Starter Templates — Elementor, Gutenberg & Beaver Builder Templates”, but we are referring to it in this post as …
Read More
This entry was posted in Research, Vulnerabilities, WordPress Security on November 02, 2021 by Ram Gall 0 Replies
Note: To receive disclosures like this in your inbox the moment they’re published, you can subscribe to our WordPress Security Mailing List. On September 27, 2021, the Wordfence Threat Intelligence team initiated the disclosure process for a vulnerability we found in WP DSGVO Tools (GDPR), a WordPress plugin with over 30,000 installations. We were investigating …
Read More
This entry was posted in Research, Vulnerabilities, WordPress Security on October 28, 2021 by Ram Gall 0 Replies
Note: To receive disclosures like this in your inbox the moment they’re published, you can subscribe to our WordPress Security Mailing List. On August 19, 2021, the Wordfence Threat Intelligence team began the disclosure process for a reflected Cross-Site Scripting(XSS) vulnerability we found in NextScripts: Social Networks Auto-Poster, a WordPress plugin with over 100,000 installations. …
Read More
This entry was posted in Research, Vulnerabilities, WordPress Security on October 27, 2021 by Chloe Chamberland 2 Replies
Note: To receive disclosures like this in your inbox the moment they’re published, you can subscribe to our WordPress Security Mailing List. On September 28, 2021 the Wordfence Threat Intelligence team initiated the responsible disclosure process for several vulnerabilities we discovered in OptinMonster, a WordPress plugin installed on over 1,000,000 sites. These flaws made it …
Read More
This entry was posted in Research, Vulnerabilities, WordPress Security on October 26, 2021 by Ram Gall 6 Replies
Update: a previous version of this article incorrectly indicated that this vulnerability could be used for site takeover, we have updated this for accuracy, as the impact is instead complete loss of site content. Note: To receive disclosures like this in your inbox the moment they’re published, you can subscribe to our WordPress Security Mailing …
Read More
