Unauthenticated XSS Vulnerability Patched in HTML Email Template Designer Plugin

WordFence –  WordFence –  On December 23, 2021 the Wordfence Threat Intelligence team initiated the responsible disclosure process for a vulnerability we discovered in “WordPress Email Template Designer – WP…

84,000 WordPress Sites Affected by Three Plugins With The Same Vulnerability

WordFence –  WordFence –  On November 5, 2021 the Wordfence Threat Intelligence team initiated the responsible disclosure process for a vulnerability we discovered in “Login/Signup Popup”, a WordPress plugin that…

WordPress 5.8.3 Security Release

WordFence –  WordFence –  On January 6, 2022, the WordPress core team released WordPress version 5.8.3, which contains security patches for 4 high-severity vulnerabilities. These patches were backported to every…

1.6 Million WordPress Sites Hit With 13.7 Million Attacks In 36 Hours From 16,000 IPs

WordFence –  WordFence –  Today, on December 9, 2021, our Threat Intelligence team noticed a drastic uptick in attacks targeting vulnerabilities that make it possible for attackers to update arbitrary…

Credit Card Swipers Injected into WordPress Plugins

As the holiday season is approaching, more and more people to rush to finish their Christmas shopping without being aware of the fact that cybercriminals don’t take time off for…

Authentication Bypass Vulnerability Patched in User Registration Plugin

WordFence –  WordFence –  Note: To receive disclosures like this in your inbox the moment they’re published, you can subscribe to our WordPress Security Mailing List. On September 16, 2021…

XSS Vulnerability Patched in Plugin Designed to Enhance WooCommerce

WordFence –  WordFence –  Note: To receive disclosures like this in your inbox the moment they’re published, you can subscribe to our WordPress Security Mailing List. On November 11, 2021…

AWS Attacks Targeting WordPress Increase 5X

WordFence –  WordFence –  The Wordfence Threat Intelligence team has been tracking a huge increase in malicious login attempts against WordPress sites in our network. Since November 17, 2021, the…

GoDaddy Breach Widens to tsoHost, Media Temple, 123Reg, Domain Factory, Heart Internet, and Host Europe

WordFence –  WordFence –  Yesterday GoDaddy disclosed a massive data breach impacting over 1.2 Million customers. Today, we received confirmation from GoDaddy that multiple brands that resell GoDaddy Managed WordPress…

GoDaddy Breached – Plaintext Passwords Used – 1.2M Affected

WordFence –  WordFence –  This morning, GoDaddy disclosed that an unknown attacker had gained unauthorized access to the system used to provision the company’s Managed WordPress sites, impacting up to…