Episode 71: Hackers Targeting COVID-19 Fears

Episode 71: Hackers Targeting COVID-19 Fears

With many of us under either lockdown or shelter-in-place orders due to the COVID-19/Corona virus, fear and stress are rampant. This additional stress lowers our critical thinking capabilities and increases our vulnerability. Hackers targeting these human vulnerabilities are using the global pandemic to attempt exploitation through numerous scams and phishing campaigns. We also cover plugin…

Vulnerabilities Patched in IMPress for IDX Broker

Vulnerabilities Patched in IMPress for IDX Broker

On February 28, 2020, the Wordfence Threat Intelligence team became aware of a newly patched stored Cross-Site Scripting (XSS) vulnerability in IMPress for IDX Broker, a WordPress plugin with over 10,000 installations. Although all Wordfence users, including those still using the free version of Wordfence, were already protected from this vulnerability by the Web Application…

Unpatched High-Severity Vulnerability in Widget Settings Importer/Exporter Plugin

Unpatched High-Severity Vulnerability in Widget Settings Importer/Exporter Plugin

On March 12, 2020, our Threat Intelligence team discovered a stored Cross-Site Scripting (XSS) vulnerability in Widget Settings Importer/Exporter, a WordPress plugin with over 40,000 installations. This flaw allowed an authenticated attacker with minimal, subscriber-level permissions to import and activate custom widgets containing arbitrary JavaScript into a site with the plugin installed. We reached out…

Vulnerability Patched in Accordion Plugin

Vulnerability Patched in Accordion Plugin

A few weeks ago, our Threat Intelligence team discovered a vulnerability in Accordion, a WordPress plugin installed on over 30,000 sites. This flaw allowed any authenticated user with subscriber-level and above permissions the ability to import a new accordion and inject malicious Javascript as part of the accordion. We initially reached out to the plugin’s…

WordPress 5.4 Released, Zoom Conferencing Safety & Security

WordPress 5.4 Released, Zoom Conferencing Safety & Security

This week, we have a look at the WordPress 5.4 launch which incorporates turning distraction free modifying on by default. We additionally have a look at new plugin vulnerabilities found by the Wordfence Threat Intelligence crew, together with these present in Rank Math and a Contact From 7 helper plugin. We evaluation the brand new…

Critical Vulnerabilities within the WP Lead Plus X WordPress Plugin

Critical Vulnerabilities in the WP Lead Plus X WordPress Plugin

On March 3, 2020, our Threat intelligence staff found various vulnerabilities in WP Lead Plus X, a WordPress plugin with over 70,000 installations designed to permit website house owners to create touchdown and squeeze pages on their websites. These vulnerabilities allowed an authenticated attacker with minimal permissions, corresponding to a subscriber, to create or utterly…

X
X