23-03-2023 Update NU: Critical Authentication Bypass in WooCommerce Payments Allows Site Takeover The Wordfence Threat Intelligence team regularly monitors plugin updates and reviews any indicating that a potential security issue may have been addressed. Today, March 23, 2023, we noticed that the “WooCommerce Payments – Fully Integrated Solution Built and Supported by Woo” plugin updated to version 5.6.2 with a changelog entry... Lees meer 14-03-2023 Vulnerability in Cozmolabs Profile Builder Plugin On Tuesday, February 7th, 2023, prominent WordPress vulnerability researcher István Márton, also known as Lana Codes, reached out to the Wordfence Threat Intelligence team to responsibly disclose an information disclosure vulnerability in Cozmolabs Profile Builder, a WordPress plugin designed to enhance the user profile and registrati... Lees meer 02-03-2023 Last week there were 136 vulnerabilities disclosed in WordPress based software Last week, there were 136 vulnerabilities disclosed in WordPress based software that have been added to the Wordfence Intelligence Community Edition Vulnerability Database, and there were 33 Vulnerability Researchers that contributed to WordPress Security. The most common vulnerability disclosed was Cross-Site Request Forgery. [lees verder bij Wor... Lees meer 28-02-2023 WordPress-sites van makelaars actief aangevallen via lek in Houzez-theme WordPress-sites van makelaars en vastgoedbedrijven zijn het doelwit van aanvallen waarbij gebruik wordt gemaakt van twee kwetsbaarheden in het Houzez-theme. Houzez biedt een theme speciaal gericht op vastgoed, zoals de verhuur of verkoop van woningen. Volgens de ontwikkelaars maken meer dan 35.000 klanten gebruik van het theme. [Lees verder op Sec... Lees meer 27-02-2023 All In One SEO Pack Vulnerabilities Impacting 3 Million Sites Patched On January 26, 2023, the Wordfence Team responsibly disclosed two vulnerabilities in All In One SEO Pack, a WordPress plugin installed on over 3 Million sites which provides search engine optimization tools designed to help content creators optimize their sites and reach more users. [lees verder bij WordFence] Lees meer 14-02-2023 Massive AdSense Fraud Campaign Uncovered The threat actors behind the black hat redirect malware campaign have scaled up their campaign to use more than 70 bogus domains mimicking URL shorteners and infect over 10,800 websites. "The main objective is still ad fraud by artificially increasing traffic to pages which contain the AdSense ID which contain Google ads for revenue generation," S... Lees meer 06-02-2023 High-Severity XSS Vulnerability in Metform Elementor Contact Form Builder On January 4, 2023, independent security researcher Mohammed Chemouri reached out to the Wordfence Vulnerability Disclosure program to responsibly disclose and request a CVE ID for a vulnerability in Metform Elementor Contact Form Builder, a WordPress plugin with over 100,000 installations. The vulnerability, an unauthenticated stored cross-site s... Lees meer 26-01-2023 WordPress-sites via hergebruikte wachtwoorden besmet met malafide plug-ins Er is een "golf" van aanvallen gaande waarbij WordPress-sites via hergebruikte wachtwoorden worden besmet met malafide plug-ins. Dat claimt Jetpack, onderdeel van Automattic, het bedrijf achter WordPress.com. Zodra aanvallers toegang hebben verkregen installeren ze als eerste de "core-stab plug-in". gevolgd door andere plug-ins waarmee er controle ... Lees meer 25-01-2023 Over 4,500 WordPress Sites Hacked to Redirect Visitors to Sketchy Ad Pages A massive campaign has infected over 4,500 WordPress websites as part of a long-running operation that's been believed to be active since at least 2017. According to GoDaddy-owned Sucuri, the infections involve the injection of obfuscated JavaScript hosted on a malicious domain named "track[.]violetlovelines[.]com" that's designed to redirect visi... Lees meer 10-01-2023 Eleven Vulnerabilities in Royal Elementor Addons On December 23, 2022, the Wordfence Threat Intelligence team initiated the responsible disclosure process for a set of 11 vulnerabilities in Royal Elementor Addons, a WordPress plugin with over 100,000 installations. The plugin developers responded on December 26, and we sent over the full disclosure that day. [lees verder bij Wordfence] Lees meer 1 2 3 4 5 6 7 8 9 archief
