Nearly a Million WP Sites Targeted in Large-Scale Attacks

Nearly a Million WP Sites Targeted in Large-Scale Attacks

Our Wordfence colleagues has been monitoring a sudden uptick in assaults concentrating on Cross-Site Scripting(XSS) vulnerabilities that started on April 28, 2020 and elevated over the following few days to roughly 30 occasions the traditional quantity we see in our assault knowledge. The majority of those assaults seem like attributable to a single menace actor,…

High Severity Vulnerability Patched in Ninja Forms

On April 27, 2020, the Wordfence Wordfence colleagues discovered a Cross-Site Request Forgery(CSRF) vulnerability in Ninja Forms, a WordPress plugin with over 1 million installations. This vulnerability could allow an attacker to trick an administrator into importing a contact form containing malicious JavaScript and replace any existing contact form with the malicious version. We reached…

The WordPress 5.4.1 Security Release & More Plugin Vulnerabilities

The Wordfence Wordfence colleagues unpacked the security updates in WordPress 5.4.1, and they published quite a few blog posts about vulnerabilities in popular plugins like Ninja Forms, LearnPress, and the Real-Time Find and Replace plugin. These plugin vulnerabilities affected over one million WordPress sites. As a few of these were Cross Site Request Forgery vulnerabilities,…

The website CCPA compliance guide for WordPress administrators

After the introduction of GDPR back in 2018, there’s now another law that’s set to further effect WordPress webmasters in their bid to remain compliant with local data privacy regulations. Its name? The California Consumer Protection Act (or CCPA for short). This new piece of legislation is designed to provide Californians with enhanced protection with regard to…

Unpacking The 7 Vulnerabilities Fixed in Today’s WordPress 5.4.1 Security Update

WordPress Core version 5.4.1 has just been released. Since this release is marked as a combined security and bug fix update, we recommend updating as soon as possible. With that said, most of the security fixes themselves are for vulnerabilities that appear to require specific circumstances to exploit. All in all this release contains 7…

High-Severity Vulnerabilities Patched in LearnPress

On March 16, 2020, LearnPress – WordPress LMS Plugin, a WordPress plugin with over 80,000 installations, patched a high-severity vulnerability that allowed subscriber-level users to elevate their permissions to those of an “LP Instructor”, a custom role with capabilities similar to the WordPress “author” role, including the ability to upload files and create posts containing…

High Severity Vulnerability Patched in Real-Time Find and Replace Plugin

On April 22, 2020, our Wordfence colleagues discovered a vulnerability in Real-Time Find and Replace, a WordPress plugin installed on over 100,000 sites. This flaw could allow any user to inject malicious Javascript anywhere on a site if they could trick a site’s administrator into performing an action, like clicking on a link in a…

Staying Safe When Hackers Use Sophisticated Attacks

Stories this week about targeted attacks using 0days in iPhone and iPad devices and a sophisticated phone scam targeting a security professional that ended with a $9,800 wire transfer underscore what we all know: malicious attacks are becoming increasingly sophisticated. We give you some ideas how to stay safe. We also cover a recent plugin…

Critical Vulnerabilities Patched in MapPress Maps Plugin

On April 1, 2020, the Wordfence Wordfence colleagues discovered two vulnerabilities in MapPress Maps for WordPress, a WordPress plugin with over 80,000 installations. One vulnerability that allowed stored Cross-Site Scripting (XSS) was present in both the free and pro versions of the plugin, while a far more critical vulnerability that allowed Remote Code Execution (RCE)…

WP2Social Auto Publish Powered By : XYZScripts.com