On July 30, 2021 the Wordfence Threat Intelligence team initiated the responsible disclosure process for a vulnerability that we discovered in Booster for WooCommerce, a WordPress plugin installed on over[…]
In today’s post we discuss emerging techniques that attackers are using to hide the presence of malware. In the example we discuss below, the attacker’s goal is to make everything[…]
On July 29, 2021 the Wordfence Threat Intelligence team initiated the responsible disclosure process for a vulnerability that we discovered in SEOPress, a WordPress plugin installed on over 100,000 sites.[…]
While investigating a security advisory about an arbitrary role change/privilege escalation issue in the HM Multiple Roles WordPress plugin, the Jetpack Scan team discovered that the fix was incomplete and[…]
We just patched a severe vulnerability in the WooCommerce Currency Switcher plugin. If you are using an older version of this plugin, we encourage you to update immediately.
Some weeks ago a critical unauthenticated privilege escalation vulnerability was discovered in old, unpatched versions of the wp-user-avatar plugin. It also allows for arbitrary file uploads, which is where we[…]
Recently we have been seeing a rash of WordPress website compromises with attackers abusing the plugin upload functionality in the wp-admin dashboard to redirect visitors and website owners to malicious[…]
The Jetpack Security team found a number of severe vulnerabilities with the Workreap theme for WordPress. Learn more about the details and how to protect your site.
The Wordfence site cleaning team helps numerous customers recover from malware infections and site intrusions. While doing so, Wordfence Security Analysts perform a detailed forensic investigation in order to determine[…]
On May 27, 2021, the Wordfence Threat Intelligence team initiated the responsible disclosure process for several vulnerabilities that were discovered in ProfilePress, formerly WP User Avatar, a WordPress plugin installed[…]
Attacker could socially engineer site owners into granting them access to form settings or adding malicious scripts to forms.
Attackers are abusing compromised accounts to install a fake WordPress plugin called: WordPress Plugin and user backup Tool.
On May 21, 2021, the Wordfence Threat Intelligence team initiated the responsible disclosure process for a vulnerability that we discovered in WooCommerce Stock Manager, a WordPress plugin installed on over[…]
Attackers are using stolen credentials to install malicious plugins that redirect site visitors to malvertising domains.
Enter your account data and we will send you a link to reset your password.
To use social login you have to agree with the storage and handling of your data by this website. %privacy_policy%
AcceptHere you'll find all collections you've created before.
