Your WordPress News Dashboard

Episode 90: WPBakery Plugin Vulnerability Exposes Over 4 Million Sites - Wordfence Blog

A vulnerability discovered by the Wordfence Threat Intelligence team in the WPBakery plugin exposes over 4 million sites. High severity vulnerabilities were discovered in the Post Grid and Team Showcase plugins. The online avatar service Gravatar, has been exposed to… Continue Reading →

Episode 89: Shopify Rogue Employees, Medium and Twitter Vulnerabilities, and Hackers Hiding Out in Corporate Networks - Wordfence Blog

Shopify reports that two rogue employees stole data from 200 merchants on their platform. A security researcher found a vulnerability in the Medium Partner Program could have allowed an attacker to steal writers’ earnings. Symantec reports that a state-sponsored hacking… Continue Reading →

Episode 88: XCloner Vulnerabilities, LokiBot Malware, & a 14 Year Old Nets a $25K Bug Bounty - Wordfence Blog

Our Threat Intelligence team discovered several vulnerabilities present in XCloner Backup and Restore, a WordPress plugin installed on over 30,000 sites. These vulnerabilities could have allowed an attacker to modify arbitrary files, including PHP files. The US government Cybersecurity and… Continue Reading →

Episode 87: Vulnerabilities Affect Discount Rules for WooCommerce Plugin, ModSecurity & Windows - Wordfence Blog

Vulnerabilities were recently patched in the Discount Rules for WooCommerce plugin installed on over 40,000 WordPress sites. Developers from OWASP Core Rule Set said ModSecurity v3 is exposed to denial of service exploits, though the maintainers of ModSecurity reject that… Continue Reading →

Episode 86: War of the Hackers - Wordfence Blog

Millions of attacks have been targeting the recent File Manager plugin zero-day vulnerability discovered last week. Two attackers are vying for control over sites compromised through the vulnerability. A security researcher has revealed that specially crafted Windows 10 themes can… Continue Reading →

Episode 85: 0Day in File Manager Plugin and WordPress 5.5.1 Fixes Broken Sites - Wordfence Blog

Over 700,000 WordPress users were affected by a zero-day vulnerability in the File Manager plugin, and the WordPress 5.5.1 release fixed millions of sites affected by deprecation of jQuery Migrate. SendGrid is under siege from spammers using hacked accounts, and… Continue Reading →

Episode 84: Google Chrome Plans to Implement Insecure Form Warnings - Wordfence Blog

The Google Chrome web browser has a high-severity vulnerability that could be used to execute arbitrary code, which has been fixed in Chrome version 85. Google also announced that Chrome 86 will alert users if a form submission is using… Continue Reading →

Episode 83: 100,000 Sites Impacted by Vulnerabilities in Advanced Access Manager - Wordfence Blog

The Wordfence Threat Intelligence team discovered vulnerabilities in the Advanced Access Manager plugin installed on over 100,000 WordPress sites. A high severity authorization bypass could lead to privilege escalation and site takeover. Critical vulnerabilities found in the Quiz and Survey… Continue Reading →

Episode 82: Important Changes in the WordPress 5.5 Update - Wordfence Blog

WordPress 5.5 was released on August 11 with a number of important updates, including a new feature allowing auto-updates of themes and plugins as well as changes to the block editor. The popular Astra theme was suspended from the repository… Continue Reading →

Episode 81: Critical Vulnerability Exposes over 700,000 Sites Using Divi, Extra, and Divi Builder - Wordfence Blog

Our Threat Intelligence team disclosed numerous vulnerabilities this week, including a critical vulnerability in the Divi and Extra themes as well as the Divi Builder plugin. In total, this vulnerability affected over 700,000 sites. A vulnerability found in The Official… Continue Reading →

Episode 80: Critical File Upload Vulnerability in wpDiscuz Plugin - Wordfence Blog

In this week’s news, our Threat Intelligence team discovered a vulnerability in the wpDiscuz plugin, affecting over 80,000 WordPress sites. A blind SQL injection attack affected analytics service Waydev, exposing OAuth tokens for GitHub repositories for software companies, leading to… Continue Reading →

© 2020 WP News Desk — Powered by WordPress and WP RSS Aggregator | Hosted by WP Engine

Up ↑