Ukrainian Website Threat Landscape Throughout 2022

The Russian invasion of Ukraine began on February 20, 2022. By mid-March it was clear the cyber-war had begun, and the attacks have been consistent ever since. Prior to this, on March 1, 2022, Wordfence reported on an attack campaign on Ukrainian university websites. In response, we deployed our real-time threat intelligence to all sites … Read more

The Month in WordPress – July 2022

July 2022 brought a lot of exciting announcements and proposals for the WordPress project, from an updated timeline for the WordPress 6.1 release, to design updates on WordPress.org. Read on to learn more about the latest news from the community. WordPress 6.1 development cycle is now published Mark your calendars! The WordPress 6.1 development cycle … Read more

Cross-Site Request Forgery Vulnerability Patched in Ecwid Ecommerce Shopping Cart Plugin

On June 24, 2022, the Wordfence Threat Intelligence team initiated the responsible disclosure process for a Cross-Site Request Forgery vulnerability we discovered in Ecwid Ecommerce Shopping Cart, a WordPress plugin installed on over 30,000 sites. This vulnerability made it possible for attackers to modify some of the plugin’s more advanced settings via a forged request. … Read more

High Severity Vulnerability Patched in Download Manager Plugin

On July 8, 2022 the Wordfence Threat Intelligence team initiated the responsible disclosure process for a vulnerability we discovered in “Download Manager,” a WordPress plugin that is installed on over 100,000 sites. This flaw makes it possible for an authenticated attacker to delete arbitrary files hosted on the server, provided they have access to create … Read more

Generated by Feedzy