News
PSA: Critical Unauthenticated Arbitrary File Upload Vulnerability in Royal Elementor Addons and Templates Being Actively Exploited
Today, on October 13, 2023, the Wordfence Threat Intelligence Team became aware of a vulnerability that was recently patched in Royal Elementor Addons and Templates, a WordPress plugin installed on over 200,000 sites, that makes it possible for unauthenticated attackers to upload arbitrary files to vulnerable sites. This allows unauthenticated attackers to upload PHP files […]
Read MoreWordPress 6.3.2 Security Release – What You Need to Know
WordPress Core 6.3.2 was released today, on October 12, 2023. It includes a number of security fixes and additional hardening against commonly exploited vulnerabilities. While all of the vulnerabilities are of Medium severity, several of them are impactful enough to potentially allow site takeover, and thus the 6.3.2 update has the most significant security fixes […]
Read MoreWhat is HSTS: HTTP Strict Transport Security
HSTS or HTTP Strict Transport Security is a protocol that can make it more difficult for attackers to modify or intercept traffic between a user and your website. Understanding what HSTS is and how it functions is crucial for anyone keen on protecting their site, as proper implementation can help to ensure that your website’s […]
Read MoreWordfence Intelligence Weekly WordPress Vulnerability Report (October 2, 2023 to October 8, 2023)
Last week, there were 92 vulnerabilities disclosed in 88 WordPress Plugins and no WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 37 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities in this report now to ensure your site is not affected. Our mission with […]
Read MoreWordPress Phishing Hack: Fix and Protect Your Site
You are here because your website has either been marked as a phishing site, sending out phishing emails to your visitors, or has a bunch of phishing pages on it—that you haven’t added. But, why is any of this happening? Yours is not a phishing website! If you are experiencing these symptoms, the chances are […]
Read MoreHow to find the WordPress login URL
Logging in with your WP login URL is the only way to access your site’s admin panel or WordPress dashboard. The dashboard is where you can customize your pages, or install plugins and update the theme. But, if you’re new to WordPress, you will need to learn how to log in. It’s also possible that […]
Read MorePassword Security & Password Managers
In the spirit of National Cyber Security Awareness Month (NCSAM), let’s talk about a security basic that many people overlook: passwords. These are one of the most fundamental aspects of website security, yet we too often see webmasters taking a lax approach to their sensitive credentials. Weak passwords make it easier for bad actors to […]
Read MoreBackdoor Masquerading as Legitimate Plugin
As part of our product lineup, we offer security monitoring and malware removal services to our Wordfence Care and Response customers. In the event of a security incident, our incident response team will investigate the root cause, find and remove malware from your site, and help with other complications that may arise as a result […]
Read MoreBalada Injector Targets Unpatched tagDiv Plugin, Newspaper Theme & WordPress Admins
In the middle of September 2023, vulnerability advisory resources disclosed the details of an Unauthenticated Stored XSS vulnerability in the tagDiv Composer (the companion plugin for the popular tagDiv premium themes Newspaper and Newsmag). Shortly after that, we started noticing new waves of Balada malware injections on websites that were actively using tagDiv themes. This […]
Read More