On January 4, 2022, the Wordfence Threat Intelligence team began the responsible disclosure process for several Remote Code Execution vulnerabilities in PHP Everywhere, a WordPress plugin installed on over 30,000 websites. One of these vulnerabilities allowed any authenticated user of any level, even subscribers and customers, to execute code on a site with the plugin … Read more
Today I’m incredibly excited to announce that we are launching two new products: Wordfence Care and Wordfence Response. Let’s start with a fun animation that explains our new product suite! In the post below, I’ll describe in detail the two incredible new products we are launching and why they are essential for business owners and … Read more
Note: To receive disclosures like this in your inbox the moment they’re published, you can subscribe to our WordPress Security Mailing List. On November 1, 2021 the Wordfence Threat Intelligence team initiated the responsible disclosure process for a vulnerability we discovered in “Preview E-mails for WooCommerce”, a WordPress plugin that is an extension for WooCommerce, … Read more
Yesterday GoDaddy disclosed a massive data breach impacting over 1.2 Million customers. Today, we received confirmation from GoDaddy that multiple brands that resell GoDaddy Managed WordPress were impacted. The brands impacted include: tsoHost Media Temple 123Reg Domain Factory Heart Internet Host Europe According to Dan Rice, VP of Corporate Communications at GoDaddy, “The GoDaddy brands … Read more
There is an update available here: GoDaddy Breach Widens to tsoHost, Media Temple, 123Reg, Domain Factory, Heart Internet, and Host Europe This morning, GoDaddy disclosed that an unknown attacker had gained unauthorized access to the system used to provision the company’s Managed WordPress sites, impacting up to 1.2 million of their WordPress customers. Note that this … Read more
