• Home
  • /Archive by category ' Hacks & Vulnerabilities '
  • /Page 3

Archive For: Hacks & Vulnerabilities

Security Tips for Modern Web Administrators

Keeping your website secure is crucial to protecting user data and maintaining trust. Think of your website as a digital vault that needs constant safeguarding against potential threats. By understanding and implementing key security practices, you can significantly reduce the risk of attacks and ensure a safe experience for your users. Let’s break down some... Read More
 

Wordfence Intelligence Weekly WordPress Vulnerability Report (July 22, 2024 to July 28, 2024)

Did you know Wordfence runs a Bug Bounty Program for all WordPress plugin and themes at no cost to vendors? Researchers can earn up to $10,400, for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find a vulnerability, submit the details directly to us, and we handle all the rest.  Last week, there were... Read More
 

Over 8,000 Exploit Attempts Already Blocked For Recently Patched Unauthenticated Arbitrary File Upload Vulnerability in 简数采集器 (Keydatas) WordPress Plugin

On June 18th, 2024, during the 0-day Threat Hunt Promo of our Bug Bounty Program, we received a submission for an Unauthenticated Arbitrary File Upload vulnerability in 简数采集器 (Keydatas), a WordPress plugin with more than 5,000 active installations. This vulnerability makes it possible for unauthenticated threat actors to upload arbitrary files to a vulnerable site... Read More
 

Empowering WordPress Bug Bounty Hunters: Meet the New Wordfence Bug Bounty Program Researcher Dashboard

Today, we are very excited to announce the launch of our brand-new researcher dashboard for the Wordfence Bug Bounty Program! One frequent request we received from our researchers was to have a way to manage and track all their vulnerability submissions in a single location, and we’re delivering just that (and more) today. Now, once... Read More
 

WordPress Vulnerability & Patch Roundup July 2024

Vulnerability reports and responsible disclosures are essential for website security awareness and education. Automated attacks targeting known software vulnerabilities are one of the leading causes of website compromises. To help educate website owners about potential threats to their environments, we’ve compiled a list of important security updates and vulnerability patches for the WordPress ecosystem this... Read More
 

The Aftermath of the WordPress.org Supply Chain Attack: New Malware and Techniques Emerge

On Monday June 24th, 2024 the Wordfence Threat Intelligence team was made aware of the presence of malware in the Social Warfare repository plugin. After adding the malicious code to our Threat Intelligence Database and examining it, we discovered additional affected plugins and continued monitoring the situation throughout the week. More plugins were affected prior... Read More
 

Wordfence Intelligence Weekly WordPress Vulnerability Report (July 15, 2024 to July 21, 2024)

Did you know Wordfence runs a Bug Bounty Program for all WordPress plugin and themes at no cost to vendors? Researchers can earn up to $10,400, for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find a vulnerability, submit the details directly to us, and we handle all the rest.  Last week, there were... Read More
 

How to Enable HTTP/2 On a Server

HTTP/2 is a game-changer in web protocol technology, offering significant improvements in speed, efficiency, and security over its predecessor, HTTP/1.1. With features like multiplexing, header compression, and server push, HTTP/2 can drastically reduce web page load times and enhance the overall user experience. Additionally, HTTP/2 is enabled by default for Sucuri’s Web Application Firewall (WAF),... Read More
 

10,000 WordPress Sites Affected by High Severity Vulnerabilities in BookingPress WordPress Plugin

On July 2nd, 2024, during the 0-day Threat Hunt Promo of our Bug Bounty Program, we received a submission for an Arbitrary File Read to Arbitrary File Creation vulnerability in BookingPress, a WordPress plugin with over 10,000 active installations. This vulnerability makes it possible for authenticated threat actors to create arbitrary files populated with content... Read More
 

Attackers Abuse Swap File to Steal Credit Cards

When it comes to website security, sometimes the most innocuous features can become powerful tools in the hands of attackers. Such was the case in a recent incident we investigated, where bad actors exploited the humble swap file to maintain a persistent credit card skimmer on a Magento e-commerce site. This clever tactic allowed the... Read More
 
Tap To Call