Today, March 15, 2022, The Wordfence Incident Response team alerted our Threat Intelligence team to an increase in infected websites hosted on...
Website Maintenance Tips
WordPress 5.9.2 Security Update Fixes XSS and Prototype Pollution Vulnerabilities
Last night, just after 6pm Pacific time, on Thursday March 10, 2022, the WordPress core team released WordPress version 5.9.2, which contains...
We’re Now Blocking 10,000 Requests Per Hour in Ukraine From Known Malicious IPs
48 hours ago we deployed our commercial real-time threat intelligence automatically, and for free, to all Ukrainian websites with the .UA top-level...
Ukraine Universities Hacked By Brazilian Via Finland As Russian Invasion Started
The Wordfence team has identified a massive attack on Ukrainian universities that coincided with the invasion of Ukraine by Russia, and resulted in...
Stored Cross-Site Scripting Vulnerability Patched in a WordPress Photo Gallery Plugin
On November 11, 2021 the Wordfence Threat Intelligence team initiated the responsible disclosure process for a vulnerability we discovered in...
Entering a Higher State of Vigilance – Ukraine Under Attack
It appears that Russia has just commenced the invasion of Ukraine. Check your preferred international news outlet, but according to the Ukrainian...
Reflected XSS in Header Footer Code Manager
On February 15, 2022, the Wordfence Threat Intelligence team responsibly disclosed a reflected Cross-Site Scripting (XSS) vulnerability in Header...
Friday Fun: From Idea to Animated Film
It’s Friday, and I thought we’d have fun talking about something a little different. At Wordfence, one of my priorities is fostering a strong...
Vulnerability in UpdraftPlus Allowed Subscribers to Download Sensitive Backups
Update: a previous version of this article indicated that an attacker would need to begin their attack when a backup was in progress, and would need...
Reflected Cross-Site Scripting Vulnerability Patched in WordPress Profile Builder Plugin
On January 4, 2022 the Wordfence Threat Intelligence team initiated the responsible disclosure process for a vulnerability we discovered in “Profile...