News
Wordfence Firewall Blocks Bizarre Large-Scale XSS Campaign
The Wordfence Threat Intelligence team has been monitoring an increase in attacks targeting a Cross-Site Scripting vulnerability in Beautiful Cookie Consent Banner, a WordPress plugin installed on over 40,000 sites. The vulnerability, which was fully patched in January in version 2.10.2, offers unauthenticated attackers the ability to add malicious JavaScript to a website, potentially allowing […]
Read More
What is a Keylogger?
Welcome to the world of keyloggers, where every keystroke you make may be watched, recorded, and potentially used against you! Now that we’ve got your attention, let’s dive into the somewhat unsettling realm of these sneaky little digital spies. In this blog post, we’ll uncover the mysteries behind keyloggers — what they are, how they […]
Read More
11 Best WordPress Anti Spam Plugins to Combat Spam
Dealing with spam can be like receiving an endless stream of unsolicited flyers and brochures in your mailbox every single day. No matter how often you discard them, more pop-up in your mailbox. Unfortunately, letting spam build up is simply not an option. The most efficient solution lies in finding a plugin that can automatically […]
Read More
W3 Eden Addresses Authenticated Stored XSS Vulnerability in Download Manager WordPress Plugin
On April 25, 2023, our Wordfence Threat Intelligence team identified and began the responsible disclosure process for a stored Cross-Site Scripting (XSS) vulnerability in W3 Eden’s Download Manager plugin, which is actively installed on more than 100,000 WordPress websites, making it one of the most popular download management plugins. The vulnerability enables threat actors with […]
Read More
How to fix website defacement?
Website defacement is a neon sign flashing “I’ve been hacked!” to every visitor to your site. It’s a highly visible and alarming breach of security that can leave you feeling embarrassed, frustrated, and vulnerable. However, there are steps you can take to prevent your site from getting hacked and protect your online presence. This article will […]
Read More
Vulnerability in Essential Addons for Elementor Leads to Mass Infection
On May 11th, 2023, the very popular WordPress plugin Essential Addons for Elementor released a patch for a critical privilege escalation vulnerability, initially discovered by PatchStack. The technical details of this vulnerability can be found on their recent blog post. Over one million websites use this plugin and the fallout from this has been absolutely […]
Read More
Wordfence Intelligence Weekly WordPress Vulnerability Report (May 8, 2023 to May 14, 2023)
Last week, there were 139 vulnerabilities disclosed in 105 WordPress Plugins and 2 WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 47 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities in this report now to ensure your site is not affected. Our mission with […]
Read More
PSA: Attackers Actively Exploiting Critical Vulnerability in Essential Addons for Elementor
On May 11 2023, Essential Addons for Elementor, a WordPress plugin with over one million active installations, released a patch for a critical vulnerability that made it possible for any unauthenticated user to reset arbitrary user passwords, including user accounts with administrative-level access. This vulnerability was discovered and responsibly disclosed by security researcher Rafie Muhammed. […]
Read More
WordPress 6.2.1 Security & Maintenance Release
On May 16, 2023, the WordPress core team released a crucial update — WordPress 6.2.1. This latest security and maintenance release addresses a number of bug fixes and vulnerability patches, including an unauthenticated Directory Traversal vulnerability, unauthenticated Cross-Site Scripting vulnerability, and several other lower-severity vulnerabilities. To mitigate risk, we highly recommend verifying that your WordPress […]
Read More