Top Five Attacking IPs This Month: Their Locations May Not Be Where You Think

WordFence –  WordFence –  At Wordfence, we see large amounts of threat actor data, and often that data tells unexpected stories. Taking a look at just the top five attacking…

Cross-Site Scripting Vulnerability In Download Manager Plugin

WordFence –  WordFence –  On May 30, 2022, Security Researcher Rafie Muhammad reported a reflected Cross-Site Scripting (XSS) vulnerability to us that they discovered in Download Manager, a WordPress plugin…

Critical Privilege Escalation Vulnerability in Jupiter and JupiterX Premium Themes

WordFence –  WordFence –  On April 5, 2022, the Wordfence Threat Intelligence team initiated the responsible disclosure process for a set of vulnerabilities in the Jupiter and JupiterX Premium themes…

PHP Object Injection Vulnerability in Booking Calendar Plugin

WordFence –  WordFence –  On April 18, 2022, the Wordfence Threat Intelligence team initiated the responsible disclosure process for an Object Injection vulnerability in the Booking Calendar plugin for WordPress,…

Critical Remote Code Execution Vulnerability in Elementor

WordFence –  WordFence –  On March 29, 2022, the Wordfence Threat Intelligence team initiated the disclosure process for a critical vulnerability in the Elementor plugin that allowed any authenticated user…

Critical Authentication Bypass Vulnerability Patched in SiteGround Security Plugin

WordFence –  WordFence –  On March 10, 2022 the Wordfence Threat Intelligence team initiated the responsible disclosure process for a vulnerability we discovered in “SiteGround Security”, a WordPress plugin that…

Reflected XSS in Spam protection, AntiSpam, FireWall by CleanTalk

WordFence –  WordFence –  On February 15, 2022, the Wordfence Threat Intelligence team finished research on two separate vulnerabilities in Spam protection, AntiSpam, FireWall by CleanTalk, a WordPress plugin with…

Ukraine Universities Hacked By Brazilian Via Finland As Russian Invasion Started

WordFence –  WordFence –  The Wordfence team has identified a massive attack on Ukrainian universities that coincided with the invasion of Ukraine by Russia, and resulted in at least 30…

Stored Cross-Site Scripting Vulnerability Patched in a WordPress Photo Gallery Plugin

WordFence –  WordFence –  On November 11, 2021 the Wordfence Threat Intelligence team initiated the responsible disclosure process for a vulnerability we discovered in “Photoswipe Masonry Gallery”, a WordPress plugin…

Reflected XSS in Header Footer Code Manager

WordFence –  WordFence –  On February 15, 2022, the Wordfence Threat Intelligence team responsibly disclosed a reflected Cross-Site Scripting (XSS) vulnerability in Header Footer Code Manager, a WordPress plugin with…