Your WordPress News Dashboard

High Severity Vulnerabilities in PageLayer Plugin Affect Over 200,000 WordPress Sites - Wordfence Blog

A few weeks ago, our Threat Intelligence team discovered several vulnerabilities present in Page Builder: PageLayer – Drag and Drop website builder, a WordPress plugin actively installed on over 200,000 sites. The plugin is from the same creators as wpCentral,… Continue Reading →

WordPress Vulnerability Roundup: May 2020, Part 2 - iThemes

New WordPress plugin and theme vulnerabilities were disclosed during the second half of May, so we want to keep you aware. In this post, we cover recent WordPress plugin, theme and core vulnerabilities and what to do if you are… Continue Reading →

The Elementor Attacks: How Creative Hackers Combined Vulnerabilities to Take Over WordPress Sites - Wordfence Blog

On May 6, our Threat Intelligence team was alerted to a zero-day vulnerability present in Elementor Pro, a WordPress plugin installed on approximately 1 million sites. That vulnerability was being exploited in conjunction with another vulnerability found in Ultimate Addons… Continue Reading →

iThemes Security Pro Roadmap: 3 Big Plans for 2020 - iThemes

We have been hard at work with our heads down lately and felt that we needed to change that. From time to time, we’re going to spend some time putting a post together that talks about each of our products… Continue Reading →

Vulnerability in Google WordPress Plugin Grants Attacker Search Console Access - Wordfence Blog

On April 21st, our Threat Intelligence team discovered a vulnerability in Site Kit by Google, a WordPress plugin installed on over 300,000 sites. This flaw allows any authenticated user, regardless of capability, to become a Google Search Console owner for… Continue Reading →

WordPress Vulnerability Roundup: May 2020, Part 1 - iThemes

New WordPress plugin and theme vulnerabilities were disclosed during the first half of May, so we want to keep you aware. In this post, we cover recent WordPress plugin, theme and core vulnerabilities and what to do if you are… Continue Reading →

One Attacker Outpaces All Others - Wordfence Blog

Starting April 28th, we saw a 30 times increase in cross site scripting attack volume, originating from a single attacker, and targeting over a million WordPress sites. We published research detailing the threat actor and attack volume increase on May… Continue Reading →

WordPress Security Updates: March 2020 Copy - Pagely Blog

These monthly reports are provided for the WordPress community at large from Pagely’s head of security, Robert Rowley. Rowley and the entire security team keep their finger on the pulse […]

WordPress Security Updates: April 2020 - Pagely Blog

These monthly reports are provided for the WordPress community at large from Pagely’s head of security, Robert Rowley. Rowley and the entire security team keep their finger on the pulse […]

Vulnerabilities Patched in Page Builder by SiteOrigin Affects Over 1 Million Sites - Wordfence Blog

On Monday, May 4, 2020, the Wordfence Threat Intelligence team discovered two vulnerabilities present in Page Builder by SiteOrigin, a WordPress plugin actively installed on over 1,000,000 sites. Both of these flaws allow attackers to forge requests on behalf of… Continue Reading →

World Password Day 2020: Let’s Increase Your Password Security - iThemes

Today is World Password Day and we wanted to share some resources you can use to review your password security. World Password Day reminds us of the importance of having a solid password strategy for all your online accounts. These… Continue Reading →

Combined Attack on Elementor Pro and Ultimate Addons for Elementor Puts 1 Million Sites at Risk - Wordfence Blog

On May 6, 2020, our Threat Intelligence team received reports of active exploitation of vulnerabilities in two related plugins, Elementor Pro and Ultimate Addons for Elementor. We have reviewed the log files of compromised sites to confirm this activity. As… Continue Reading →

28,000 GoDaddy Hosting Accounts Compromised - Wordfence Blog

This is a public service announcement (PSA) from the Wordfence team regarding a security issue which may impact some of our customers. On May 4, 2020, GoDaddy, one of the world’s largest website hosting providers, disclosed that the SSH credentials… Continue Reading →

Nearly a Million WP Sites Targeted in Large-Scale Attacks - Wordfence Blog

Our Threat Intelligence Team has been tracking a sudden uptick in attacks targeting Cross-Site Scripting(XSS) vulnerabilities that began on April 28, 2020 and increased over the next few days to approximately 30 times the normal volume we see in our… Continue Reading →

Unpacking The 7 Vulnerabilities Fixed in Today’s WordPress 5.4.1 Security Update - Wordfence Blog

WordPress Core version 5.4.1 has just been released. Since this release is marked as a combined security and bug fix update, we recommend updating as soon as possible. With that said, most of the security fixes themselves are for vulnerabilities… Continue Reading →

High Severity Vulnerability Patched in Ninja Forms - Wordfence Blog

On April 27, 2020, the Wordfence Threat Intelligence team discovered a Cross-Site Request Forgery(CSRF) vulnerability in Ninja Forms, a WordPress plugin with over 1 million installations. This vulnerability could allow an attacker to trick an administrator into importing a contact… Continue Reading →

WordPress Vulnerability Roundup: April 2020, Part 2 - iThemes

New WordPress plugin and theme vulnerabilities were disclosed during the second half of April, so we want to keep you aware. In this post, we cover recent WordPress plugin, theme and core vulnerabilities and what to do if you are… Continue Reading →

Pagely Security Updates - Pagely Blog

This article covers our public notifications related to major security issues our clients and the WordPress community should know about. We are always focused on prevention and the mitigation of […]

High-Severity Vulnerabilities Patched in LearnPress - Wordfence Blog

On March 16, 2020, LearnPress – WordPress LMS Plugin, a WordPress plugin with over 80,000 installations, patched a high-severity vulnerability that allowed subscriber-level users to elevate their permissions to those of an “LP Instructor”, a custom role with capabilities similar… Continue Reading →

High Severity Vulnerability Patched in Real-Time Find and Replace Plugin - Wordfence Blog

On April 22, 2020, our Threat Intelligence team discovered a vulnerability in Real-Time Find and Replace, a WordPress plugin installed on over 100,000 sites. This flaw could allow any user to inject malicious Javascript anywhere on a site if they… Continue Reading →

Critical Vulnerabilities Patched in MapPress Maps Plugin - Wordfence Blog

On April 1, 2020, the Wordfence Threat Intelligence Team discovered two vulnerabilities in MapPress Maps for WordPress, a WordPress plugin with over 80,000 installations. One vulnerability that allowed stored Cross-Site Scripting (XSS) was present in both the free and pro… Continue Reading →

Unpatched High-Severity Vulnerability in Widget Settings Importer/Exporter Plugin - Wordfence Blog

On March 12, 2020, our Threat Intelligence team discovered a stored Cross-Site Scripting (XSS) vulnerability in Widget Settings Importer/Exporter, a WordPress plugin with over 40,000 installations. This flaw allowed an authenticated attacker with minimal, subscriber-level permissions to import and activate… Continue Reading →

WordPress Vulnerability Roundup: April 2020, Part 1 - iThemes

New WordPress plugin and theme vulnerabilities were disclosed during the first half of April, so we want to keep you aware. In this post, we cover recent WordPress plugin, theme and core vulnerabilities and what to do if you are… Continue Reading →

Top 5 WordPress Security Threats - WP Dev Shed

WordPress is the world’s most popular content management system (CMS). Today, WordPress powers over 35% of all websites online. With such a great number of website installations, WordPress is the most targeted CMS by hackers. Article Quick Links: WordPress SpamBackdoorsWP-VCD… Continue Reading →

Vulnerability Patched in Accordion Plugin - Wordfence Blog

A few weeks ago, our Threat Intelligence team discovered a vulnerability in Accordion, a WordPress plugin installed on over 30,000 sites. This flaw allowed any authenticated user with subscriber-level and above permissions the ability to import a new accordion and… Continue Reading →

Critical Vulnerabilities in the WP Lead Plus X WordPress Plugin - Wordfence Blog

On March 3, 2020, our Threat intelligence team discovered a number of vulnerabilities in WP Lead Plus X, a WordPress plugin with over 70,000 installations designed to allow site owners to create landing and squeeze pages on their sites. These… Continue Reading →

WordPress Security Updates: March 2020 - Pagely Blog

These monthly reports are provided for the WordPress community at large from Pagely’s head of security, Robert Rowley. Rowley and the entire security team keep their finger on the pulse […]

High Severity Vulnerability Leads to Closure of Plugin with Over 100,000 Installations - Wordfence Blog

On April 1, 2020, the Wordfence Threat Intelligence team discovered a stored Cross Site Scripting (XSS) vulnerability in Contact Form 7 Datepicker, a WordPress plugin installed on over 100,000 sites. As the plugin developer’s github page indicated that the plugin… Continue Reading →

The Dangers of Unlicensed WordPress Plugins and Themes - Pagely Blog

One of the greatest things about WordPress is the open source community behind it. Thanks to the multitude of plugins and themes available, even the most basic of users can […]

Pagely Security Updates: Jan 2020 Copy - Pagely Blog

WordPress Security and Maintenance Releases: 5.2.4, 5.3.1, and 5.3.2 Pagely customers were spared issues from bugs introduced in the 5.3.0 release as, due to the proximity to the holidays, we […]

« Older posts

© 2020 WP News Desk — Powered by WordPress and WP RSS Aggregator | Hosted by WP Engine

Up ↑