On January 4, 2022 the Wordfence Threat Intelligence team initiated the responsible disclosure process for a vulnerability we discovered in “Profile Builder – User Profile & User Registration Forms”, a[…]
UpdraftPlus, a plugin that allows users to backup to various cloud providers, has patched a severe security vulnerability that would allow logged-in users to download a site’s latest backups. The[…]
We uncovered a backup download vulnerability in UpdraftPlus plugin that could grant attackers access to privileged information.
The holidays are always a busy time for ecommerce stores. Dealing with an influx of Christmas shoppers, holiday sales and inventory, shipping, and at times, also hackers. Today’s investigation starts[…]
On February 7, 2022, Security Researcher Cyku Hong from DEVCORE reported a vulnerability to us that they discovered in WP Statistics, a WordPress plugin installed on over 600,000 sites. This[…]
We discovered a backdoor in themes and plugins by AccessPress Themes. If you have any of these themes or plugins on your site, we recommend updating or migrating to a[…]
On November 5, 2021 the Wordfence Threat Intelligence team initiated the responsible disclosure process for a vulnerability we discovered in “Login/Signup Popup”, a WordPress plugin that is installed on over[…]
On January 6th, Automattic released an important security update for the WordPress core which addresses four separate vulnerabilities. WordPress website administrators are advised to update their websites immediately.
This WordPress core 5.8.3 security update addresses 4 different security vulnerabilities which affect WordPress versions 3.7-5.8.
It’s that time of year again! While website owners always need to be on guard, the holidays season is when online scams and credit card theft are most rampant. Administrators[…]
Today, on December 9, 2021, our Threat Intelligence team noticed a drastic uptick in attacks targeting vulnerabilities that make it possible for attackers to update arbitrary options on vulnerable sites.[…]
GoDaddy, one of the biggest web hosts, discovered a data breach on November 17th, 2021. The WordPress community has been discussing the Godaddy data breach
Note: To receive disclosures like this in your inbox the moment they’re published, you can subscribe to our WordPress Security Mailing List. On November 11, 2021 the Wordfence Threat Intelligence[…]