WordFence – WordFence – On June 16, 2022, the Wordfence Threat Intelligence team noticed a back-ported security update in Ninja Forms, a WordPress plugin with over one million active installations.…
Category: WordPress Security
Cross-Site Scripting Vulnerability In Download Manager Plugin
WordFence – WordFence – On May 30, 2022, Security Researcher Rafie Muhammad reported a reflected Cross-Site Scripting (XSS) vulnerability to us that they discovered in Download Manager, a WordPress plugin…
The Cybersecurity CIA Triad: What You Need to Know as a WordPress Site Owner
WordFence – WordFence – One of the core concepts of cybersecurity is known as the CIA Triad. There are three pillars to the triad, with each pillar being designed to…
Critical Privilege Escalation Vulnerability in Jupiter and JupiterX Premium Themes
WordFence – WordFence – On April 5, 2022, the Wordfence Threat Intelligence team initiated the responsible disclosure process for a set of vulnerabilities in the Jupiter and JupiterX Premium themes…
Millions of Attacks Target Tatsu Builder Plugin
WordFence – WordFence – The Wordfence Threat Intelligence team has been tracking a large-scale attack against a Remote Code Execution vulnerability in Tatsu Builder, which is tracked by CVE-2021-25094 and…
PHP Object Injection Vulnerability in Booking Calendar Plugin
WordFence – WordFence – On April 18, 2022, the Wordfence Threat Intelligence team initiated the responsible disclosure process for an Object Injection vulnerability in the Booking Calendar plugin for WordPress,…
Critical Remote Code Execution Vulnerability in Elementor
WordFence – WordFence – On March 29, 2022, the Wordfence Threat Intelligence team initiated the disclosure process for a critical vulnerability in the Elementor plugin that allowed any authenticated user…
Critical Authentication Bypass Vulnerability Patched in SiteGround Security Plugin
WordFence – WordFence – On March 10, 2022 the Wordfence Threat Intelligence team initiated the responsible disclosure process for a vulnerability we discovered in “SiteGround Security”, a WordPress plugin that…
Reflected XSS in Spam protection, AntiSpam, FireWall by CleanTalk
WordFence – WordFence – On February 15, 2022, the Wordfence Threat Intelligence team finished research on two separate vulnerabilities in Spam protection, AntiSpam, FireWall by CleanTalk, a WordPress plugin with…
Increase In Malware Sightings on GoDaddy Managed Hosting
WordFence – WordFence – Today, March 15, 2022, The Wordfence Incident Response team alerted our Threat Intelligence team to an increase in infected websites hosted on GoDaddy’s Managed WordPress service,…