PSA: Critical Vulnerability Patched in Ninja Forms WordPress Plugin

WordFence –  WordFence –  On June 16, 2022, the Wordfence Threat Intelligence team noticed a back-ported security update in Ninja Forms, a WordPress plugin with over one million active installations.…

Cross-Site Scripting Vulnerability In Download Manager Plugin

WordFence –  WordFence –  On May 30, 2022, Security Researcher Rafie Muhammad reported a reflected Cross-Site Scripting (XSS) vulnerability to us that they discovered in Download Manager, a WordPress plugin…

The Cybersecurity CIA Triad: What You Need to Know as a WordPress Site Owner

WordFence –  WordFence –  One of the core concepts of cybersecurity is known as the CIA Triad. There are three pillars to the triad, with each pillar being designed to…

Critical Privilege Escalation Vulnerability in Jupiter and JupiterX Premium Themes

WordFence –  WordFence –  On April 5, 2022, the Wordfence Threat Intelligence team initiated the responsible disclosure process for a set of vulnerabilities in the Jupiter and JupiterX Premium themes…

Millions of Attacks Target Tatsu Builder Plugin

WordFence –  WordFence –  The Wordfence Threat Intelligence team has been tracking a large-scale attack against a Remote Code Execution vulnerability in Tatsu Builder, which is tracked by CVE-2021-25094 and…

PHP Object Injection Vulnerability in Booking Calendar Plugin

WordFence –  WordFence –  On April 18, 2022, the Wordfence Threat Intelligence team initiated the responsible disclosure process for an Object Injection vulnerability in the Booking Calendar plugin for WordPress,…

Critical Remote Code Execution Vulnerability in Elementor

WordFence –  WordFence –  On March 29, 2022, the Wordfence Threat Intelligence team initiated the disclosure process for a critical vulnerability in the Elementor plugin that allowed any authenticated user…

Critical Authentication Bypass Vulnerability Patched in SiteGround Security Plugin

WordFence –  WordFence –  On March 10, 2022 the Wordfence Threat Intelligence team initiated the responsible disclosure process for a vulnerability we discovered in “SiteGround Security”, a WordPress plugin that…

Reflected XSS in Spam protection, AntiSpam, FireWall by CleanTalk

WordFence –  WordFence –  On February 15, 2022, the Wordfence Threat Intelligence team finished research on two separate vulnerabilities in Spam protection, AntiSpam, FireWall by CleanTalk, a WordPress plugin with…

Increase In Malware Sightings on GoDaddy Managed Hosting

WordFence –  WordFence –  Today, March 15, 2022, The Wordfence Incident Response team alerted our Threat Intelligence team to an increase in infected websites hosted on GoDaddy’s Managed WordPress service,…