WPScan is on track to post a record-breaking year for WordPress plugin vulnerabilities submitted to its database, according to a collaborative mid-year security report the company published with Wordfence. In the first half of 2021, WPScan has recorded 602 new vulnerabilities, quickly surpassing the 514 reported during all of 2020. The report is based on…
Wordfence has been authorized by the Common Vulnerabilities and Exposures (CVE®) Program as a CNA (CVE Numbering Authority), which allows the company to directly assign CVE numbers for new vulnerabilities in WordPress core, plugins, and themes. The authority is granted by Mitre Corporation, a federally-funded US non-profit that manages research and development centers. Wordfence anticipates…
It has been nearly two weeks since the WordPress security team disclosed an unauthenticated privilege escalation vulnerability in a REST API endpoint in 4.7 and 4.7.1. The vulnerability was patched silently and disclosure was delayed for a week to give WordPress site owners a head start on updating to 4.7.2. Last week hundreds of thousands…
A little more than two months ago, Derek Munson, who goes by the username Drumology2001 published a thread in the WordPress.org support forums. While performing maintenance on several WordPress sites on his virtual private server, Munson discovered a number of them running outdated versions. Versions ranged from 3.9 to 4.1 with at least one site…
By utilizing the power of graphical processing units and partnering with Netriver, Wordfence can simulate a password cracking attempt using a library that contains more than 260 million passwords. The library is made up of previous hacks on major websites and services. For example, if your password was leaked during the LinkdIn hack in 2012,…
With the release of WordPress 3.8.2, some users are reporting on the WordPress.org support forum that the update disabled XML-RPC causing mobile apps to break. Many of those who are reporting the issue have one thing in common: they’re using the Wordfence Security plugin. With over 1.5 million downloads, Wordfence Security is a popular plugin…
Security company Wordfence is reporting that the large distributed brute force attack on WordPress sites is starting to subside. On the morning of February 10th, employees noticed a large increase in the volume of attacks. Their real-time activity map was showing so much activity, they had to throttle the amount of data displayed. I asked…