Updates on WordPress security, Wordfence and what we're cooking in the lab today.

Wordfence Blog

One Attacker Outpaces All Others

This entry was posted in Vulnerabilities, WordPress Security on May 13, 2020 by Ram Gall   32 Replies

Starting April 28th, we saw a 30 times increase in cross site scripting attack volume, originating from a single attacker, and targeting over a million WordPress sites. We published research detailing the threat actor and attack volume increase on May 5th. By the time we published, the attack volume had dropped back down to baseline …
Read More

Vulnerabilities Patched in Page Builder by SiteOrigin Affects Over 1 Million Sites

This entry was posted in Vulnerabilities, Wordfence, WordPress Security on May 11, 2020 by Chloe Chamberland   5 Replies

On Monday, May 4, 2020, the Wordfence Threat Intelligence team discovered two vulnerabilities present in Page Builder by SiteOrigin, a WordPress plugin actively installed on over 1,000,000 sites. Both of these flaws allow attackers to forge requests on behalf of a site administrator and execute malicious code in the administrator’s browser. The attacker needs to …
Read More

Combined Attack on Elementor Pro and Ultimate Addons for Elementor Puts 1 Million Sites at Risk

This entry was posted in Vulnerabilities, WordPress Security on May 06, 2020 by Chloe Chamberland   63 Replies

On May 6, 2020, our Threat Intelligence team received reports of active exploitation of vulnerabilities in two related plugins, Elementor Pro and Ultimate Addons for Elementor. We have reviewed the log files of compromised sites to confirm this activity. As this is an active attack, we wanted to alert you so that you can take …
Read More

28,000 GoDaddy Hosting Accounts Compromised

This entry was posted in WordPress Security on May 05, 2020 by Chloe Chamberland   29 Replies

This is a public service announcement (PSA) from the Wordfence team regarding a security issue which may impact some of our customers. On May 4, 2020, GoDaddy, one of the world’s largest website hosting providers, disclosed that the SSH credentials of approximately 28,000 GoDaddy hosting accounts were compromised by an unauthorized attacker. SSH, while extremely …
Read More

Nearly a Million WP Sites Targeted in Large-Scale Attacks

This entry was posted in General Security, WordPress Security on May 05, 2020 by Ram Gall   23 Replies

Our Threat Intelligence Team has been tracking a sudden uptick in attacks targeting Cross-Site Scripting(XSS) vulnerabilities that began on April 28, 2020 and increased over the next few days to approximately 30 times the normal volume we see in our attack data. The majority of these attacks appear to be caused by a single threat …
Read More

Episode 75: The WordPress 5.4.1 Security Release & More Plugin Vulnerabilities

This entry was posted in Podcasts on May 02, 2020 by Kathy Zant   0 Replies

The Wordfence Threat Intelligence team unpacked the security updates in WordPress 5.4.1, and they published quite a few blog posts about vulnerabilities in popular plugins like Ninja Forms, LearnPress, and the Real-Time Find and Replace plugin. These plugin vulnerabilities affected over one million WordPress sites. As a few of these were Cross Site Request Forgery …
Read More

Unpacking The 7 Vulnerabilities Fixed in Today’s WordPress 5.4.1 Security Update

This entry was posted in Vulnerabilities, WordPress Security on April 29, 2020 by Ram Gall   0 Replies

WordPress Core version 5.4.1 has just been released. Since this release is marked as a combined security and bug fix update, we recommend updating as soon as possible. With that said, most of the security fixes themselves are for vulnerabilities that appear to require specific circumstances to exploit. All in all this release contains 7 …
Read More

High Severity Vulnerability Patched in Ninja Forms

This entry was posted in Research, Vulnerabilities, WordPress Security on April 29, 2020 by Ram Gall   3 Replies

On April 27, 2020, the Wordfence Threat Intelligence team discovered a Cross-Site Request Forgery(CSRF) vulnerability in Ninja Forms, a WordPress plugin with over 1 million installations. This vulnerability could allow an attacker to trick an administrator into importing a contact form containing malicious JavaScript and replace any existing contact form with the malicious version. We …
Read More

High-Severity Vulnerabilities Patched in LearnPress

This entry was posted in Vulnerabilities, WordPress Security on April 28, 2020 by Ram Gall   3 Replies

On March 16, 2020, LearnPress – WordPress LMS Plugin, a WordPress plugin with over 80,000 installations, patched a high-severity vulnerability that allowed subscriber-level users to elevate their permissions to those of an “LP Instructor”, a custom role with capabilities similar to the WordPress “author” role, including the ability to upload files and create posts containing …
Read More

High Severity Vulnerability Patched in Real-Time Find and Replace Plugin

This entry was posted in Research, Vulnerabilities, WordPress Security on April 27, 2020 by Chloe Chamberland   0 Replies

On April 22, 2020, our Threat Intelligence team discovered a vulnerability in Real-Time Find and Replace, a WordPress plugin installed on over 100,000 sites. This flaw could allow any user to inject malicious Javascript anywhere on a site if they could trick a site’s administrator into performing an action, like clicking on a link in …
Read More

Follow Us

      


Protect your websites with the #1 WordPress Security Plugin

Get Premium
Over 150 million downloads

Wordfence Newsletter

Get WordPress Security Alerts and Product Updates