We’ve seen forced updates become increasingly common and less controversial over time. But who decides, and how is that decision made? Are there unofficial channels and processes, like a decision[…]
Late last week, Ninja Forms users received a forced security update from WordPress.org for a critical PHP Object Injection vulnerability. This particular vulnerability can be exploited remotely wit…
On June 16, 2022, the Wordfence Threat Intelligence team noticed a back-ported security update in Ninja Forms, a WordPress plugin with over one million active installations. As with all security[…]
Ahacked WordPress site isn’t a subject most WordPress site owners want to think about. But they are a real issue, impacting over 30,000 websites every single day.
On May 30, 2022, Security Researcher Rafie Muhammad reported a reflected Cross-Site Scripting (XSS) vulnerability to us that they discovered in Download Manager, a WordPress plugin installed on over 100,000[…]
WordPress security veterans Rob Cairns and Robert Rowley have a great conversation on building sites for WooCommerce while keeping them secure.
![Massive Wave Of Compromised WordPress Sites - ONGOING [News]](https://i0.wp.com/www.wpnews.io/wp-content/uploads/2022/05/malware-wordpress-hacking.jpg?resize=364%2C205&ssl=1 "Massive Wave Of Compromised WordPress Sites - ONGOING [News]")
Check out this breaking news where thousands of WordPress sites were hacked and redirected to scam sites. Find out how it happened and what can be done.
Our remediation and research teams regularly find malicious redirects on client sites. These infections automatically redirect site visitors to third-party websites with malicious resources, scam pages, or commercial websites with[…]
On April 18, 2022, the Wordfence Threat Intelligence team initiated the responsible disclosure process for an Object Injection vulnerability in the Booking Calendar plugin for WordPress, which has over 60,000[…]
Elementor has patched a critical Remote Code Execution vulnerability that was discovered by threat analyst Ramuel Gall from Wordfence on March 29, 2022. Wordfence disclosed the vulnerability to Ele…
On March 10, 2022 the Wordfence Threat Intelligence team initiated the responsible disclosure process for a vulnerability we discovered in “SiteGround Security”, a WordPress plugin that is installed on over[…]
Advanced Custom Fields (ACF) recently patched a missing authorization vulnerability in version 5.12.1 that potentially affects more than a million users. The security issue was discovered by Keitar…
Update – after this article was published, Denis Shagimuratov of CleanTalk reached out to us on Twitter. It appears that they didn’t receive our disclosure because our contact at the[…]
A Patchstack security advocate digs into the data behind the statistics in their latest report, and explains how the organization helps plugin developers secure their software.
Enter your account data and we will send you a link to reset your password.
To use social login you have to agree with the storage and handling of your data by this website. %privacy_policy%
AcceptHere you'll find all collections you've created before.
