On January 4, 2022, the Wordfence Threat Intelligence team began the responsible disclosure process for several Remote Code Execution vulnerabilities in PHP Everywhere, a WordPress plugin installed on over 30,000 websites. One of these vulnerabilities allowed any authenticated user of any level, even subscribers and customers, to execute code on a site with the plugin … Read more
Today I’m incredibly excited to announce that we are launching two new products: Wordfence Care and Wordfence Response. Let’s start with a fun animation that explains our new product suite! In the post below, I’ll describe in detail the two incredible new products we are launching and why they are essential for business owners and … Read more
Note: To receive disclosures like this in your inbox the moment they’re published, you can subscribe to our WordPress Security Mailing List. On November 1, 2021 the Wordfence Threat Intelligence team initiated the responsible disclosure process for a vulnerability we discovered in “Preview E-mails for WooCommerce”, a WordPress plugin that is an extension for WooCommerce, … Read more
Today, on December 9, 2021, our Threat Intelligence team noticed a drastic uptick in attacks targeting vulnerabilities that make it possible for attackers to update arbitrary options on vulnerable sites. This led us into an investigation which uncovered an active attack targeting over a million WordPress sites. Over the past 36 hours, the Wordfence network … Read more
Note: To receive disclosures like this in your inbox the moment they’re published, you can subscribe to our WordPress Security Mailing List. On September 16, 2021 the Wordfence Threat Intelligence team initiated the responsible disclosure process for a vulnerability we discovered in “RegistrationMagic – Custom Registration Forms, User Registration and User Login”, a WordPress plugin … Read more
