Category Archive: WordPress Security
This entry was posted in WordPress Security on November 23, 2020 by Ram Gall 14 Replies
PHP 8.0 is set to be released on November 26, 2020. As the programming language powering WordPress sites, PHP’s latest version offers new features that developers will find useful and improvements that promise to greatly enhance security and performance in the long run. It also fully removes a number of previously deprecated functions. PHP 8 …
Read More
This entry was posted in Wordfence, WordPress Security on November 19, 2020 by Kathy Zant 0 Replies
Today, we’re pleased to announce that all customers of Wordfence site cleaning services receive an 1-year clean site guarantee. If your site is compromised again after our team has cleaned and secured your WordPress site, we’ll clean it again for free. Additionally, we’re expanding our Security Services Team coverage to 24/7 effective immediately. The Wordfence …
Read More
This entry was posted in Research, Vulnerabilities, WordPress Security on November 17, 2020 by Ram Gall 6 Replies
On November 17, 2020, our Threat Intelligence team noticed a large-scale wave of attacks against recently reported Function Injection vulnerabilities in themes using the Epsilon Framework, which we estimate are installed on over 150,000 sites. So far today, we have seen a surge of more than 7.5 million attacks against more than 1.5 million sites …
Read More
This entry was posted in Research, Vulnerabilities, WordPress Security on November 09, 2020 by Chloe Chamberland 4 Replies
On October 23, 2020, our Threat Intelligence team responsibly disclosed several vulnerabilities in Ultimate Member, a WordPress plugin installed on over 100,000 sites. These flaws made it possible for attackers to escalate their privileges to those of an administrator and take over a WordPress site. We initially reached out to the plugin’s developer on October …
Read More
This entry was posted in Research, Vulnerabilities, WordPress Security on November 05, 2020 by Ram Gall 2 Replies
On October 6, 2020, our Threat Intelligence team discovered a High-Severity Object Injection vulnerability in Welcart e-Commerce, a WordPress plugin with over 20,000 installations that claims top market share in Japan. After we finished our investigation, we contacted the plugin’s publisher, Collne Inc. on October 9, 2020. Full disclosure was sent on October 12, 2020, …
Read More
This entry was posted in WordPress Security on November 02, 2020 by Chloe Chamberland 0 Replies
On Thursday, October 29, the WordPress core team released WordPress version 5.5.2. This was a minor release containing bug fixes and security enhancements to the core WordPress content management system powering over one-third of the internet. There was a subsequent 5.5.3 release one day later; you can read about the emergency WP 5.5.3 release here. …
Read More
This entry was posted in WordPress Security on October 30, 2020 by Matt Barry 26 Replies
The WordPress core team has released an emergency release of WordPress 5.5.3, just one day after the release of version 5.5.2. This emergency release was done to remedy an issue introduced in WordPress 5.5.2 making it impossible to install WordPress on a brand new website without a database connection configured. In preparing for this emergency …
Read More
This entry was posted in Research, Vulnerabilities, WordPress Security on October 14, 2020 by Chloe Chamberland 0 Replies
On September 9, 2020, our Threat Intelligence team discovered a vulnerability in Child Theme Creator by Orbisius, a WordPress plugin installed on over 30,000 sites. This flaw gave attackers the ability to forge requests on behalf of an administrator in order to modify arbitrary theme files and create new PHP files, which could allow an …
Read More
This entry was posted in Research, Vulnerabilities, WordPress Security on October 07, 2020 by Chloe Chamberland 22 Replies
On July 27th, our Threat Intelligence team discovered a vulnerability in WPBakery, a WordPress plugin installed on over 4.3 million sites. This flaw made it possible for authenticated attackers with contributor-level or above permissions to inject malicious JavaScript in posts. We initially reached out to the plugin’s team on July 28, 2020 through their support …
Read More
This entry was posted in Research, Vulnerabilities, WordPress Security on October 05, 2020 by Ram Gall 0 Replies
On September 14, 2020, our Threat Intelligence team discovered two high severity vulnerabilities in Post Grid, a WordPress plugin with over 60,000 installations. While investigating one of these vulnerabilities, we discovered that almost identical vulnerabilities were also present in Team Showcase, a separate plugin by the same author with over 6,000 installations. We initially reached …
Read More
Protect your websites with the #1 WordPress Security Plugin
Get Premium
Over 150 million downloads