Maintenance
Top 9 WordPress Vulnerability Scanners Tested and Reviewed
Vulnerabilities are not just a risk; they are the root cause for an overwhelming 95% of all WordPress hacks. Swiftly updating problematic plugins and themes isn’t a suggestion; it’s a necessity, making the difference between security and malware. Vulnerability scanners are a huge help in that respect. But of course, there are so many that […]
Read More
WPScan Intro: How to Scan for WordPress Vulnerabilities
In this post, we will look at how to use WPScan as a WordPress vulnerability scanner. This security tool provides you with a better understanding of your WordPress website and any vulnerabilities that may be present in your environment. It also happens to be pre-installed in Kali Linux. If you haven’t set it up yet, […]
Read More
Over 100 WordPress Repository Plugins Affected by Shortcode-based Stored Cross-Site Scripting
On August 14, 2023, the Wordfence Threat Intelligence team began a research project to find Stored Cross-Site Scripting (XSS) via Shortcode vulnerabilities in WordPress repository plugins. This type of vulnerability enables threat actors with contributor-level permissions or higher to inject malicious web scripts into pages using plugin shortcodes, which will execute whenever a victim accesses […]
Read More
Critical Unauthenticated Remote Code Execution Found in Backup Migration Plugin
Wordfence just launched its bug bounty program. Through December 20th 2023, all researchers will earn 6.25x our normal bounty rates when Wordfence handles responsible disclosure for our Holiday Bug Extravaganza! The researcher who reported this vulnerability was awarded $2,751.00! Register as a researcher and submit your vulnerabilities today! On November 8th, 2023, Wordfence launched a […]
Read More
Clarifying the Elementor Arbitary File Upload Vulnerability
Recently, a security vulnerability in Elementor, a popular WordPress plugin, made headlines. Two databases rated its severity at a staggering 9.9 and 8.8. This raised immediate concerns, leading to a straightforward action plan: “Stop everything and update Elementor first.” But is it really that simple? Let’s delve into the key questions: Are millions of Elementor […]
Read More
PSA: High Severity File Upload Vulnerability in Elementor Patched
On December 6, 2023, the Wordfence team noticed a changelog entry for version 3.18.1 of Elementor, a WordPress plugin installed on nearly 9 million sites. We did not discover the original vulnerability and only became aware of it after reviewing the changelog containing a partial patch. We immediately released a firewall rule to Wordfence Premium, […]
Read More
Vulnerability Researchers: Check out The Critical Thinking Podcast
Today, The Wordfence Bug Bounty Program was featured on an episode of the Critical Thinking Podcast, a top resource and community for bug bounty researchers. Critical Thinking is a podcast focused on ethical hacking and security analysis and is described as a “by Hackers for Hackers podcast focused on technical content ranging from bug bounty […]
Read More
40 New Domains of Magecart Veteran ATMZOW Found in Google Tag Manager
Hackers like Google Tag Manager: millions of sites use it, and they can inject custom scripts and HTML code via a script from the highly trusted domain googletagmanager.com. In order to create a new container and abuse Google Tag Manager, all they need is a Google account (and we all know how easy it is […]
Read More
Wordfence Intelligence Weekly WordPress Vulnerability Report (November 27, 2023 to December 3, 2023)
Wordfence just launched its bug bounty program. Through December 20th 2023, all researchers will earn 6.25x our normal bounty rates when Wordfence handles responsible disclosure for our Holiday Bug Extravaganza! Register as a researcher and submit your vulnerabilities today! Last week, there were 124 vulnerabilities disclosed in 123 WordPress Plugins and 2 WordPress themes that […]
Read More