Today, the Wordfence team is launching a Malware Hash Feed as part of our Wordfence Intelligence API. This gives our Enterprise users another way to rapidly and definitively identify malware targeting web applications. As the world’s foremost WordPress security provider, Wordfence has an expertly curated database of nearly three and a half million unique malicious … Read more
On October 17, 2022, the Wordfence Threat Intelligence team began monitoring for activity targeting CVE-2022-42889, or “Text4Shell” on our network of 4 million websites. We started seeing activity targeting this vulnerability on October 18, 2022. Text4Shell is a vulnerability in the Apache Commons Text library versions 1.5 through 1.9 that can be used to achieve … Read more
Through all the trends, evolutions, and reinventions of the internet and ecommerce, it’s easy to lose sight of what made the online world such a powerful business tool: access, connection, and reach. If you have an ecommerce site, every online shopper on the planet can walk into your store. Consider the size and impact of … Read more
The Wordfence Threat Intelligence team has been monitoring exploit attempts targeting two zero-day vulnerabilities in Microsoft Exchange Server tracked as CVE-2022-41040 and CVE-2022-41082, collectively known as ProxyNotShell. These vulnerabilities are actively being exploited in the wild. At the time of writing, we have observed 1,658,281 exploit attempts across our network of 4 million protected websites. … Read more
The WordPress 6.0.3 Security Update contains patches for a large number of vulnerabilities, most of which are low in severity or require a highly privileged user account or additional vulnerable code in order to exploit. As with every WordPress core release containing security fixes, the Wordfence Threat Intelligence team analyzed the code changes in detail … Read more
