Your WordPress News Dashboard

Large Scale Attack Campaign Targets Database Credentials - Wordfence Blog

Between May 29 and May 31, 2020, the Wordfence Firewall blocked over 130 million attacks intended to harvest database credentials from 1.3 million sites by downloading their configuration files. The peak of this attack campaign occurred on May 30, 2020…. Continue Reading →

High Severity Vulnerabilities in PageLayer Plugin Affect Over 200,000 WordPress Sites - Wordfence Blog

A few weeks ago, our Threat Intelligence team discovered several vulnerabilities present in Page Builder: PageLayer – Drag and Drop website builder, a WordPress plugin actively installed on over 200,000 sites. The plugin is from the same creators as wpCentral,… Continue Reading →

The Elementor Attacks: How Creative Hackers Combined Vulnerabilities to Take Over WordPress Sites - Wordfence Blog

On May 6, our Threat Intelligence team was alerted to a zero-day vulnerability present in Elementor Pro, a WordPress plugin installed on approximately 1 million sites. That vulnerability was being exploited in conjunction with another vulnerability found in Ultimate Addons… Continue Reading →

Vulnerability in Google WordPress Plugin Grants Attacker Search Console Access - Wordfence Blog

On April 21st, our Threat Intelligence team discovered a vulnerability in Site Kit by Google, a WordPress plugin installed on over 300,000 sites. This flaw allows any authenticated user, regardless of capability, to become a Google Search Console owner for… Continue Reading →

High Severity Vulnerability Patched in Ninja Forms - Wordfence Blog

On April 27, 2020, the Wordfence Threat Intelligence team discovered a Cross-Site Request Forgery(CSRF) vulnerability in Ninja Forms, a WordPress plugin with over 1 million installations. This vulnerability could allow an attacker to trick an administrator into importing a contact… Continue Reading →

High Severity Vulnerability Patched in Real-Time Find and Replace Plugin - Wordfence Blog

On April 22, 2020, our Threat Intelligence team discovered a vulnerability in Real-Time Find and Replace, a WordPress plugin installed on over 100,000 sites. This flaw could allow any user to inject malicious Javascript anywhere on a site if they… Continue Reading →

© 2020 WP News Desk — Powered by WordPress and WP RSS Aggregator | Hosted by WP Engine

Up ↑