WordPress activity logs help site administrators better manage their WordPress websites and users, and keep them secure. Activity logs are also very helpful in a post hack scenario, to identify the source of the attack. If you are new to WordPress activity logs, this...
On February 28, 2020, the Wordfence Threat Intelligence team became aware of a newly patched stored Cross-Site Scripting (XSS) vulnerability in IMPress for IDX Broker, a WordPress plugin with over 10,000 installations. Although all Wordfence users, including those...
With many of us under either lockdown or shelter-in-place orders due to the COVID-19/Corona virus, fear and stress are rampant. This additional stress lowers our critical thinking capabilities and increases our vulnerability. Hackers targeting these human...
The fourth release candidate for WordPress 5.4 is live! WordPress 5.4 is currently scheduled to land on March 31 2020, and we need your help to get there—if you haven’t tried 5.4 yet, now is the time! You can test the WordPress 5.4 release candidate in...
A few weeks ago, we disclosed several flaws that were patched in the Pricing Table by Supsystic plugin. On January 20th, our Threat Intelligence team discovered several similar vulnerabilities present in another product from Supsystic: Data Tables Generator by...
Votre site Web WordPress redirige-t-il les utilisateurs vers des sites inconnus et non sécurisés? Si oui, votre site Web pourrait être piraté . De telles attaques de redirection piratées WordPress sont assez courantes lorsque le malware redirige les visiteurs d’un...
WordPress powers a lot of websites on the Internet. So it’s no surprise that seasoned attackers and “script-kiddies” like to target WordPress websites. Whether you’re a webmaster, or a security professional, when tasked with assessing the security posture of a...
Finding out that your Hostgator site is hacked is a nightmare! You need to act fast to remove the malware or you risk permanent suspension on the platform.All web hosting providers including Hostgator run regular scans of their websites to check for malware. If they...
On March 2nd, our Threat Intelligence team discovered several vulnerable endpoints in Responsive Ready Sites Importer, a WordPress plugin installed on over 40,000 sites. These flaws allowed any authenticated user, regardless of privilege level, the ability to execute...
The third release candidate for WordPress 5.4 is now available! WordPress 5.4 is currently scheduled to be released on March 31 2020, and we need your help to get there—if you haven’t tried 5.4 yet, now is the time! There are two ways to test the...
On 27th February 2020, at 9:34PM (CET) we received an email notifying us that our plugin WP Security Audit Log was “temporarily withdrawn from the WordPress.org Plugin directory due to an exploit”.We submitted a fix on Friday, 28th February 2020, at 4:08PM. It only...
Share via: At any moment, your website might be under attack without you knowing it. Bots could be probing your pages, trying to find vulnerabilities to inject malware or gain access to user data. It's your job to secure your WordPress site so it isn't low-hanging...
On March 4th, our Threat Intelligence team discovered several vulnerabilities in Popup Builder, a WordPress plugin installed on over 100,000 sites. One vulnerability allowed an unauthenticated attacker to inject malicious JavaScript into any published popup, which...
Many website owners have contacted us worried about Japanese SEO Spam or Japanese Keyword Hack. This Blog Includes show What is a Japanese Keyword Hack?In a Japanese keyword hack, auto generated Japanese text starts to appear on your site. This particular Blackhat SEO...
On February 26th, our Threat Intelligence team discovered a vulnerability in Import Export WordPress Users, a WordPress plugin installed on over 30,000 sites. The flaw allowed anybody with subscriber-level access or above to import new users via a CSV file, including...
New WordPress plugin and theme vulnerabilities were disclosed during the first half of March, so we want to keep you aware. In this post, we cover recent WordPress plugin, theme and core vulnerabilities and what to do if you are running one of the vulnerable plugins...
One of the greatest things about WordPress is the open source community behind it. Thanks to the multitude of plugins and themes available, even the most basic of users can create and deploy a WordPress site with ease.Through this beautiful ecosystem that empowers...
WordPress CoreNo notable WordPress core security releases.Plugin/Theme Vulnerabilities of NoteDuplicator PluginThe Duplicator and Duplicator-Pro plugins both contained a vulnerability that allowed attackers to make a single request to a website, and be able to...
This entry was posted in Vulnerabilities, WordPress Security on March 6, 2020 by Ram Gall 2 RepliesThe Wordfence Threat Intelligence team is tracking a series of attacks against an unpatched vulnerability in the Custom Searchable Data Entry System...
As hacks and security breaches become more of a concern for anyone running a WordPress website, it’s important to know you can drastically improve your security by using a few WordPress security best practices. If you don’t already have a WordPress security strategy...
WPForms Plugin version 1.5.8.2 and below were found to be vulnerable to authenticated stored XSS while I was auditing the plugin. WPForms version 1.5.9 with improved data sanitization was released on March 5, 2020. This Blog Includes show SummaryWPForms is a popular...