With many of us under either lockdown or shelter-in-place orders due to the COVID-19/Corona virus, fear and stress are rampant. This additional stress lowers our critical thinking capabilities and increases our vulnerability. Hackers targeting these human vulnerabilities are using the global pandemic to attempt exploitation through numerous scams and phishing campaigns. We also cover plugin…
On February 28, 2020, the Wordfence Threat Intelligence team became aware of a newly patched stored Cross-Site Scripting (XSS) vulnerability in IMPress for IDX Broker, a WordPress plugin with over 10,000 installations. Although all Wordfence users, including those still using the free version of Wordfence, were already protected from this vulnerability by the Web Application…
On March 12, 2020, our Threat Intelligence team discovered a stored Cross-Site Scripting (XSS) vulnerability in Widget Settings Importer/Exporter, a WordPress plugin with over 40,000 installations. This flaw allowed an authenticated attacker with minimal, subscriber-level permissions to import and activate custom widgets containing arbitrary JavaScript into a site with the plugin installed. We reached out…
A few weeks ago, our Threat Intelligence team discovered a vulnerability in Accordion, a WordPress plugin installed on over 30,000 sites. This flaw allowed any authenticated user with subscriber-level and above permissions the ability to import a new accordion and inject malicious Javascript as part of the accordion. We initially reached out to the plugin’s…
The warning “Site Ahead Contains Harmful Programs” can cause panic for any website owner! What does it mean? How is it going to impact your website and your business? Will you face serious consequences? We are sorry to break this to you that the “Site Ahead Contains Harmful Programs” warning generally appears because the website…
Today we are excited to announce WP Security Audit Log 4.0.3. It features an improved WooCommerce activity log sensor with broader coverage, support for the new WooCommerce 4.0 and the new admin tool, an activity log add-on for bbPress, and many other plugin updates. Let’s dive right in for more details on what is new…
Written by Michael Moore on April 15, 2020 Last Updated On April 14, 2020 New WordPress plugin and theme vulnerabilities were disclosed during the first half of April, so we want to keep you aware. In this post, we cover recent WordPress plugin, theme and core vulnerabilities and what to do if you are running…
This week, we have a look at the WordPress 5.4 launch which incorporates turning distraction free modifying on by default. We additionally have a look at new plugin vulnerabilities found by the Wordfence Threat Intelligence crew, together with these present in Rank Math and a Contact From 7 helper plugin. We evaluation the brand new…
On March 3, 2020, our Threat intelligence staff found various vulnerabilities in WP Lead Plus X, a WordPress plugin with over 70,000 installations designed to permit website house owners to create touchdown and squeeze pages on their websites. These vulnerabilities allowed an authenticated attacker with minimal permissions, corresponding to a subscriber, to create or utterly…
Please contact us for questions or more information.
Send an email to jb@skywaywebsolutions.com
We are located in Tampa, Florida.
