WordPress Vulnerability Report: March 2021, Part 3
New WordPress plugin and theme vulnerabilities were disclosed during the third week of March. This post covers the recent WordPress plugin, theme, and core vulnerabilities and what to do if you run one of the vulnerable plugins or themes on your website. The WordPress...SecuPress v2.0 aka Python
SecuPress 2.0 is here! As always, after a while without updating, this 2.0 is finally here. The goal of this version is to open the door to future versions 2.x because this change of major version number means that all the functionalities will be reviewed one by one...Episode 109: This Attack Will Make You Want to Stop Using SMS 2FA
An attack shows how a SMS enablement service was used to bypass SMS 2FA for $16. We discuss the recently patched vulnerabilities in Elementor affecting over 7 million WordPress sites and how easily these cross-site scripting vulnerabilities can be exploited. We also...
Server Side Data Exfiltration via Telegram API
One of the themes commonly highlighted on this blog includes the many creative methods and techniques attackers employ to steal data from compromised websites. Credit card skimmers, credential and password hijackers, SQL injections, and even malware on the server...
Join us for free at the biggest online summit in the WordPress space
This past year has been a rollercoaster of emotions for many of us. Some were thriving while others were barely surviving. One takeaway we can be proud of as a community is how most of us had to be even more creative than usual to get through 2020… With long hours, a...
Activity Log for MainWP 1.7.0: Support for any date and time format & more
Today we are happy to announce update 1.7.0 of the Activity Log for MainWP plugin, the invaluable extension that administrators and agencies use to view the activity logs of all child sites from one central portal – the MainWP dashboard. Just like we did with WP...
WP Activity Log 4.2.1: Improved coverage & foundation work for 4.3
We’re excited to announce the launch of WP Activity Log 4.2.1. Even though this release is not packed with lots of new features, it is still a very important maintenance update. It includes a lot of under the hood changes. This post explains what is new and improved...
Cross-Site Scripting Vulnerabilities in Elementor Impact Over 7 Million Sites
On February 23, 2021, the Wordfence Threat Intelligence team responsibly disclosed a set of stored Cross-Site Scripting vulnerabilities in Elementor, a WordPress plugin which “is now actively installed and used on more than 7M websites” according to a recent...