At Wordfence, we see large amounts of threat actor data, and often that data tells unexpected stories. Taking a look at just the top five attacking...
Website Maintenance Tips
Cross-Site Scripting Vulnerability In Download Manager Plugin
On May 30, 2022, Security Researcher Rafie Muhammad reported a reflected Cross-Site Scripting (XSS) vulnerability to us that they discovered in...
The Cybersecurity CIA Triad: What You Need to Know as a WordPress Site Owner
One of the core concepts of cybersecurity is known as the CIA Triad. There are three pillars to the triad, with each pillar being designed to...
Critical Privilege Escalation Vulnerability in Jupiter and JupiterX Premium Themes
On April 5, 2022, the Wordfence Threat Intelligence team initiated the responsible disclosure process for a set of vulnerabilities in the Jupiter...
Millions of Attacks Target Tatsu Builder Plugin
The Wordfence Threat Intelligence team has been tracking a large-scale attack against a Remote Code Execution vulnerability in Tatsu Builder, which...
Have you been maintaining your websites AODA compliance?
Was your website created to be AODA compliant? Is it still compliant? Did you know that any time you make a content update to the website – that is...
PHP Object Injection Vulnerability in Booking Calendar Plugin
On April 18, 2022, the Wordfence Threat Intelligence team initiated the responsible disclosure process for an Object Injection vulnerability in the...
Critical Remote Code Execution Vulnerability in Elementor
On March 29, 2022, the Wordfence Threat Intelligence team initiated the disclosure process for a critical vulnerability in the Elementor plugin that...
Critical Authentication Bypass Vulnerability Patched in SiteGround Security Plugin
Reflected XSS in Spam protection, AntiSpam, FireWall by CleanTalk
On February 15, 2022, the Wordfence Threat Intelligence team finished research on two separate vulnerabilities in Spam protection, AntiSpam,...