Swift Insights
Critical Privilege Escalation Vulnerability in Jupiter and JupiterX Premium Themes
On April 5, 2022, the Wordfence Threat Intelligence team initiated the responsible disclosure process for a set of vulnerabilities in the Jupiter and JupiterX Premium themes and the required JupiterX Core companion plugin for WordPress, which included a critical...
Millions of Attacks Target Tatsu Builder Plugin
The Wordfence Threat Intelligence team has been tracking a large-scale attack against a Remote Code Execution vulnerability in Tatsu Builder, which is tracked by CVE-2021-25094 and was publicly disclosed on March 24, 2022 by an independent security researcher. The...
Have you been maintaining your websites AODA compliance?
Was your website created to be AODA compliant? Is it still compliant? Did you know that any time you make a content update to the website – that is add text, a picture, a video, etc. – there are things you should be doing to maintain your AODA compliance? AODA is the...
PHP Object Injection Vulnerability in Booking Calendar Plugin
On April 18, 2022, the Wordfence Threat Intelligence team initiated the responsible disclosure process for an Object Injection vulnerability in the Booking Calendar plugin for WordPress, which has over 60,000 installations. We received a response the same day and sent...
Critical Remote Code Execution Vulnerability in Elementor
On March 29, 2022, the Wordfence Threat Intelligence team initiated the disclosure process for a critical vulnerability in the Elementor plugin that allowed any authenticated user to upload arbitrary PHP code. Elementor is one of the most popular WordPress plugins and...
5 Search Engine Optimization (seo) Tips
It's amazing how many sites we take on that don't have even the basics of Search Engine Optimization applied. If you're hoping for business from the googles, its worth having at least the basics applied to help people find your website. Here's 5 SEO tips.Identify a...
Critical Authentication Bypass Vulnerability Patched in SiteGround Security Plugin
Reflected XSS in Spam protection, AntiSpam, FireWall by CleanTalk
On February 15, 2022, the Wordfence Threat Intelligence team finished research on two separate vulnerabilities in Spam protection, AntiSpam, FireWall by CleanTalk, a WordPress plugin with over 100,000 installations. These were both reflected Cross-Site scripting...
Increase In Malware Sightings on GoDaddy Managed Hosting
Today, March 15, 2022, The Wordfence Incident Response team alerted our Threat Intelligence team to an increase in infected websites hosted on GoDaddy’s Managed WordPress service, which includes MediaTemple, tsoHost, 123Reg, Domain Factory, Heart Internet, and Host...
Misleading Domain Name Registry Mail
Misleading Domain Name Mail Tip/Warning Just a tip/reminder that if you get official-looking physical mail from a company called "Domain Registry", "Domain Registry of Canada", or something along those lines stating, that your domain name is about to expire, you can...