Swift Insights
1,000,000 Sites Affected by OptinMonster Vulnerabilities
Note: To receive disclosures like this in your inbox the moment they’re published, you can subscribe to our WordPress Security Mailing List. On September 28, 2021 the Wordfence Threat Intelligence team initiated the responsible disclosure process for several...
Site Deletion Vulnerability in Hashthemes Plugin
Note: To receive disclosures like this in your inbox the moment they’re published, you can subscribe to our WordPress Security Mailing List. On August 25, 2021, the Wordfence Threat Intelligence team initiated the disclosure process for a vulnerability in Hashthemes...
Vulnerability Patched in Sassy Social Share Plugin
Note: To receive disclosures like this in your inbox the moment they’re published, you can subscribe to our WordPress Security Mailing List. In 2010, Steffan Esser gave a presentation in Las Vegas that rocked the PHP world. He had discovered a new kind of...
It’s Not You. It’s Them. On Hacking and Responsible Disclosure.
A story was recently posted to Hacker News celebrating a hack of IoT devices at a school that let a student and their friends rickroll the school via a video system. On the one hand, this guy is my personal hero and I want to be them. But I’m a cybersecurity...
Multiple Vulnerabilities in Brizy Page Builder Plugin Allow Site Takeover
Note: To receive disclosures like this in your inbox the moment they’re published, you can subscribe to our WordPress Security Mailing List. On August 19, 2021, the Wordfence Threat Intelligence team initiated the Responsible Disclosure process for Brizy – Page...
Wordfence Helps Enable Education in Uganda
I want to share something very exciting and truly wonderful with you all today. Wordfence just completed a project where we partnered with Far Away Friends, a Denver-based non-profit working in partnership with local leaders in Uganda, to bring light and electricity...
High Severity Vulnerability Patched in Access Demo Importer Plugin
Note: To receive disclosures like this in your inbox the moment they’re published, you can subscribe to our WordPress Security Mailing List. On August 9, 2021, the Wordfence Threat Intelligence team attempted to initiate the responsible disclosure process for a...
PHP_SELFish Part 2 – Reflected XSS in Easy Social Icons
Today’s post is part two of a two part blog post. It describes a cross site scripting vulnerability in the Easy Social Icons plugin that exploits the PHP_SELF variable. In yesterday’s post, we described another plugin, underConstruction, suffering from a similar...
Are You Losing Sales to Abandoned Shopping Carts?
Are you certain that people are browsing your ecommerce website, but you're just not seeing the sales you'd expect? Statistics show that on average, about 72% of shopping carts are abandoned - that is shoppers add things to their shopping cart, but never check out....
Best Way to Add Video to your Website
A question that often comes up from clients who are managing their own sites is "What is the best way to add video to my website?" While adding video to Wordpress is quite straightforward, and Divi makes it very easy to do, our general recommendation is to embed it...