Securing Port 443: The Gateway To A New Universe

WordFence –  WordFence –  At Wordfence our business is to secure over 4 million WordPress websites and keep them secure. My background is in network operations, and then I transitioned…

PSA: Critical Vulnerability Patched in Ninja Forms WordPress Plugin

WordFence –  WordFence –  On June 16, 2022, the Wordfence Threat Intelligence team noticed a back-ported security update in Ninja Forms, a WordPress plugin with over one million active installations.…

Top Five Attacking IPs This Month: Their Locations May Not Be Where You Think

WordFence –  WordFence –  At Wordfence, we see large amounts of threat actor data, and often that data tells unexpected stories. Taking a look at just the top five attacking…

Cross-Site Scripting Vulnerability In Download Manager Plugin

WordFence –  WordFence –  On May 30, 2022, Security Researcher Rafie Muhammad reported a reflected Cross-Site Scripting (XSS) vulnerability to us that they discovered in Download Manager, a WordPress plugin…

The Cybersecurity CIA Triad: What You Need to Know as a WordPress Site Owner

WordFence –  WordFence –  One of the core concepts of cybersecurity is known as the CIA Triad. There are three pillars to the triad, with each pillar being designed to…

Critical Privilege Escalation Vulnerability in Jupiter and JupiterX Premium Themes

WordFence –  WordFence –  On April 5, 2022, the Wordfence Threat Intelligence team initiated the responsible disclosure process for a set of vulnerabilities in the Jupiter and JupiterX Premium themes…

Millions of Attacks Target Tatsu Builder Plugin

WordFence –  WordFence –  The Wordfence Threat Intelligence team has been tracking a large-scale attack against a Remote Code Execution vulnerability in Tatsu Builder, which is tracked by CVE-2021-25094 and…

PHP Object Injection Vulnerability in Booking Calendar Plugin

WordFence –  WordFence –  On April 18, 2022, the Wordfence Threat Intelligence team initiated the responsible disclosure process for an Object Injection vulnerability in the Booking Calendar plugin for WordPress,…

Critical Remote Code Execution Vulnerability in Elementor

WordFence –  WordFence –  On March 29, 2022, the Wordfence Threat Intelligence team initiated the disclosure process for a critical vulnerability in the Elementor plugin that allowed any authenticated user…

Critical Authentication Bypass Vulnerability Patched in SiteGround Security Plugin

WordFence –  WordFence –  On March 10, 2022 the Wordfence Threat Intelligence team initiated the responsible disclosure process for a vulnerability we discovered in “SiteGround Security”, a WordPress plugin that…