This site uses cookies in accordance with our Privacy Policy.
Description: Authentication Bypass Affected Plugin: InfiniteWP Client Affected Versions: < 1.9.4.5 CVSS Score: 9.8 (Critical) CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Patched Version: 1.9.4.5 A vulnerability has been discovered in the InfiniteWP Client plugin versions 1.9.4.4 or earlier. InfiniteWP Client is a plugin that, when installed on a WordPress site, allows a site owner to manage unlimited WordPress …
Read More
A few weeks ago, our threat intelligence team discovered several vulnerabilities present in Minimal Coming Soon & Maintenance Mode – Coming Soon Page, a WordPress plugin installed on over 80,000 websites. The most severe weakness allowed for an attacker to exploit Cross Site Request Forgery (CSRF) and enable maintenance mode while injecting cross-site scripting (XSS), …
Read More
A few weeks ago, our Threat Intelligence team identified several vulnerabilities present in Email Subscribers & Newsletters, a WordPress plugin with approximately 100,000+ active installs. We disclosed this issue privately to the plugin’s development team who responded quickly, releasing interim patches just a few days after our initial disclosure. The plugin team also worked with …
Read More
How to navigate and use your Wordfence account.
The Settings page allows you to configure alert settings for sites connected to Central, and allows you to receive alerts via Email, SMS, or Slack.
Enabling two-factor authentication, or 2FA, is one of the most important steps you can take to prevent account compromise.
The Defiant Threat Intelligence team recently began tracking the behavior of an organized brute force attack campaign against WordPress sites. This campaign has created a botnet of infected WordPress websites to perform its attacks, which attempt XML-RPC authentication to other WordPress sites in order to access privileged accounts. Between Wordfence’s brute force protection and the premium real-time …
Read More
Update on May 23 at 11:50AM: A representative from WordPress.com reached out to us with the following statement: There has been some misinformation making the rounds, so to clarify, there has been no security breach for user accounts at WordPress.com. But if someone else has your WordPress.com account credentials, they could log in and modify …
Read More
Privacy Policy and Notice at Collection Effective: January 30, 2024 Defiant, Inc. (“Defiant,” “the Company.” “we,” “us,” or “our”) is committed to privacy and data protection. This Privacy Policy applies to personal information Defiant collects from you, through our interactions with you, through www.defiant.com , www.wordfence.com, websites under the control of Defiant (collectively “Sites”), and the…
Email alerts quickly inform you of security related events on your site.