Your WordPress News Dashboard

Critical Privilege Escalation Vulnerability in Jupiter and JupiterX Premium Themes - Wordfence Blog

On April 5, 2022, the Wordfence Threat Intelligence team initiated the responsible disclosure process for a set of vulnerabilities in the Jupiter and JupiterX Premium themes and the required JupiterX Core companion plugin for WordPress, which included a critical privilege… Continue Reading →

Millions of Attacks Target Tatsu Builder Plugin - Wordfence Blog

The Wordfence Threat Intelligence team has been tracking a large-scale attack against a Remote Code Execution vulnerability in Tatsu Builder, which is tracked by CVE-2021-25094 and was publicly disclosed on March 24, 2022 by an independent security researcher. The issue… Continue Reading →

Episode 125: Critical SQL Injection Vulnerability Patched in WooCommerce - Wordfence Blog

A critical SQL injection vulnerability was discovered in WooCommerce, the most popular e-Commerce plugin used by over 5 million WordPress sites. The WordPress.org team pushed a forced security update ensuring that over 90 versions of WooCommerce were patched. The REvil… Continue Reading →

Episode 123: Over 30 Million Dell Devices at Risk for Remote BIOS Attacks - Wordfence Blog

Over 30 million Dell devices are at risk for remote BIOS attacks due to four separate security bugs, which can have far reaching effects for enterprise organizations heavily invested in Dell devices. VMware Carbon Black App Control has been updated… Continue Reading →

Episode 122: Largest Password Dump in History Fuels Credential Stuffing Extravaganza - Wordfence Blog

Sites running Jetpack are being infected via compromised WordPress.com credentials. The largest password dump ever with 8.4 billion passwords is used in credential stuffing attacks. Wordfence Threat Intelligence discloses new plugin vulnerabilities as well as a vulnerability at tsoHost. Data… Continue Reading →

Episode 121: Wordfence is Now a CVE Numbering Authority (CNA) - Wordfence Blog

Wordfence is now a CVE Numbering Authority, or a CNA. As a CNA, Wordfence can now assign CVE IDs for new vulnerabilities in WordPress Core, WordPress Plugins and WordPress Themes. An outage at Fastly takes down major websites including Reddit,… Continue Reading →

Episode 119: Critical VMWare Vulnerability Threatens Data Centers - Wordfence Blog

A Critical Vulnerability in VMWare’s vCenter Server threatens some of the largest data centers in the world. An actively exploited 0-day in macOS was used to take screen shots of infected computers. CodeCov claims another victim as Japanese e-Commerce unicorn… Continue Reading →

Episode 118: Four Android Vulnerabilities Under Active Attack - Wordfence Blog

Four memory corruption vulnerabilities are being actively exploited on Android devices and nearly 2 dozen popular Android apps exposed over 100 Million users’ sensitive information in cloud databases. Over 600,000 sites using WP Statistics required a patch to fix a… Continue Reading →

Episode 116: Packagist Patch Shows How Supply Chain Threats Could Impact WordPress - Wordfence Blog

A vulnerability discovered in Packagist, which is used by Composer to manage PHP package requests, could have allowed attackers to trick Composer into downloading backdoored source code, potentially affecting all WordPress sites. Packagist reports that it’s not aware of any… Continue Reading →

Episode 115: Update Your Mac: Gatekeeper Bypass Vulnerability Exploited in the Wild - Wordfence Blog

Apple patches a gatekeeper bypass vulnerability that has been exploited in the wild on MacOS. Though this vulnerability requires some social engineering to exploit, it is believed to have been actively exploited since January 9, 2021. Some Digital Ocean customers… Continue Reading →

Episode 113: An Unprecedented FBI Operation Removes Webshells from Infected Exchange Servers - Wordfence Blog

An FBI initiative began remotely removing webshells from infected Microsoft Exchange servers. WordPress 5.7.1 was released with a few security patches. Over 15 Elementor add on plugins were found to have vulnerabilities similar to those found in the main Elementor… Continue Reading →

Episode 112: Wix Takes Aim at WordPress With New Ad Campaign - Wordfence Blog

A new Wix ad campaign targets WordPress but ends up being tone deaf in both content and strategy. New details emerge about the PHP compromise, but the full story remains unclear. Facebook user data from 2019 ends up on the… Continue Reading →

Episode 110: Active Exploitation Continues on Unpatched Thrive Themes - Wordfence Blog

Attackers continue to exploit recently patched vulnerabilities in Thrive Themes, though not all of them are successful. Two vulnerabilities are patched in the Facebook for WordPress plugin installed on over half a million sites. Google Chrome version 90 will use… Continue Reading →

Episode 108: Hack Exposes 150,000 Security Cameras at Tesla, Cloudflare and Others - Wordfence Blog

A data breach exposes 150,000 security cameras used by organizations around the world, including Tesla and Cloudflare. State-sponsored hacking groups exploit Microsoft Exchange vulnerabilities. A fire in a French data center belonging to hosting company OVH affects millions of websites,… Continue Reading →

Episode 107: Two Plugin Vulnerabilities Target File Upload Capabilities - Wordfence Blog

The Wordfence Threat intelligence team finds vulnerabilities in two plugins, the User Profile Picture plugin and the WooCommerce Upload Files plugin. WordPress 5.7 is set to release on Tuesday, March 9 with numerous enhancements for the block editor, a new… Continue Reading →

Episode 106: Admin Password Resets, Blockchain Botnets and a Central Management RCE - Wordfence Blog

WordPress 5.7 is due to be released on March 9, and it will allow administrators to send password reset emails to users. A botnet is abusing the Bitcoin blockchain for command and control, while VMWare fixes a critical remote code… Continue Reading →

Episode 104: Cryptography Demystified - Wordfence Blog

This week, the Wordfence team discusses cryptography in depth, including the basics, a brief history, hashing, and the Crypto Wars. We also go over current news, including 2 new findings by the Wordfence Threat Intelligence team, a new milestone for… Continue Reading →

Episode 101: Supporting Remote Students with Free Site Audits & Cleanings - Wordfence Blog

Wordfence announces a new program offering free site cleaning and site audits to public schools in the United States. We talk about why we’re offering this program and how to help schools take advantage of it. We also talk about… Continue Reading →

Episode 98: How Application Passwords Work in WordPress 5.6 - Wordfence Blog

WordPress 5.6 was released this week with a new feature called application passwords. In this episode we talk about how application passwords work, where to find them in your WordPress installation, and why Wordfence decided to turn these off by… Continue Reading →

Episode 96: Hosting Provider Failures and Incident Response Preparedness - Wordfence Blog

Two hosting providers experienced outages this week. GoDaddy had a brief outage affecting numerous systems on Tuesday, November 17. Managed.com had an extensive outage due to ransomware that affected all systems. We discuss what types of incident response preparations site… Continue Reading →

Episode 94: Hosting Provider Exposed 63 Million Customer Records - Wordfence Blog

A hosting provider exposed over 63 million customer records via an open elastic search database containing verbose logs with plain-text username/password credentials for numerous WordPress, Magento and other sites. We also talk about the security updates in WordPress 5.5.2/5.5.3 and… Continue Reading →

Episode 92: WordPress Forced Security Autoupdate Protects Sites from Loginizer Vulnerability - Wordfence Blog

An easily exploitable SQL injection vulnerability was discovered in the Loginizer plugin installed on over one million WordPress sites, causing the WordPress team to force an update to sites using the vulnerable version. The Justice Department is filing antitrust suit… Continue Reading →

© 2022 WP News Desk — Powered by WordPress and WP RSS Aggregator | Hosted by WP Engine

Up ↑