Winter brings a number of holidays in a short period of time, and many organizations shut down or run a skeleton crew for a week or more at the end of the year and beginning of the new year. This makes it easier for would-be attackers to find success as systems are not as closely … Read more
On December 23, 2022, the Wordfence Threat Intelligence team initiated the responsible disclosure process for a set of 11 vulnerabilities in Royal Elementor Addons, a WordPress plugin with over 100,000 installations. The plugin developers responded on December 26, and we sent over the full disclosure that day. We released a firewall rule protecting against these … Read more
The Wordfence Threat Intelligence team has been tracking exploits targeting a Critical Severity Arbitrary File Upload vulnerability in YITH WooCommerce Gift Cards Premium, a plugin with over 50,000 installations according to the vendor. The vulnerability, reported by security researcher Dave Jong and publicly disclosed on November 22, 2022, impacts plugin versions up to and including … Read more
In an ideal world, vulnerabilities would not exist. A request would be sent to a server, properly validated, and only the intended information would be provided by the server. Of course, this is not a perfect world, and vulnerabilities can be introduced unintentionally, or even found due to previously unknown weaknesses within the programming language. … Read more
The Wordfence Threat Intelligence team has recently concluded an investigation of online marketplaces, colloquially known “shops” by threat actors, selling access to compromised services. While contemporary threat actors primarily coordinate and conduct business through Telegram channels, compromised services and accounts are effectively a commodity, and access to them has become fundamental to the operation of … Read more
