Threat Alerts / May 28, 2020

Vulnerability found in PageLayer WordPress Plugin affecting more than 200,000 websites

The vulnerability was discovered by the Wordfence team on April 30 in PageLayer WordPress plugin which allowed any authenticated user with subscriber-level and above permissions the ability to update and modify posts with malicious content, amongst many other things. The plugin is installed on more than 200,000 websites.
Threat Alerts / May 28, 2020

WordPress Vulnerabilities Digest - May 2020 Part 2

New WordPress plugin vulnerabilities were disclosed over the last couple of weeks. The WordPress plugins mentioned below have various types of vulnerabilities ranging from low risk to critical risk.
Threat Alerts / May 13, 2020

WordPress Vulnerabilities Digest - May 2020

New WordPress plugin and theme vulnerabilities were disclosed over the last couple of weeks. The WordPress plugins and themes mentioned below have various types of vulnerabilities ranging from low risk to high risk. There are no critical level vulnerabilities in the list.
Threat Alerts / May 13, 2020

Vulnerability found in Google Site Kit WordPress Plugin

The critical vulnerability was discovered by the Wordfence team on April 21st in Google Site Kit WordPress plugin which grants the attacker Search Console Access. The plugin was installed on 300,000 websites.
Threat Alerts / May 06, 2020

Elementor Pro and Ultimate Addons for Elementor Puts One Million Sites at Risk

Wordfence team reported active exploitation of vulnerabilities in two related plugins, Elementor Pro and Ultimate Addons for Elementor. They are alerting everyone so that the required steps to protect your sites would be taken, as this is an actively exploited attack.