On this week’s Think Like a Hacker podcast, we cover an active attack campaign targeting WordPress sites and numerous plugin vulnerabilities. This active attack campaign has been ongoing and has outpaced all other attacks on WordPress vulnerabilities. Our threat intelligence team has been tracking this attacker for months now, and we’re seeing these attacks intensifying. We also look at vulnerabilities found in Google’s Site Kit plugin and the Page Builder by SiteOrigin, and why it’s so important for plugin developers to have a Responsible Disclosure Policy published in an easy to find location on their site.
We also look at how a combination of two vulnerabilities were used in a zero-day active attack on sites running Elementor Pro and the Ultimate Addons for Elementor plugin.
We also look at some new updates to Fast or Slow, the new global site speed profiling tool created by the Wordfence engineering team, and the impromptu hard launch the site experienced when it rose to the #1 position on Hacker News on May 8, 2020.
May has been a rather busy month in WordPress security and for the Wordfence team. Enjoy the podcast, and stay safe.