Don’t Miss WP Engine’s All-Virtual DE{CODE} 2021!
Born out of the idea that the best developers in the world are those who never stop learning, we’re excited to kick off WP Engine’s second-annual DE{CODE} event this Thursday, March 4th, at 10 a.m. CST! DE{CODE} is a 100% virtual, developer-focused conference aimed at...Critical Vulnerability Patched in WooCommerce Upload Files
On December 29, 2020, the Wordfence Threat Intelligence team was alerted to a potential 0-day vulnerability in the WooCommerce Upload Files plugin, an add-on for WooCommerce with over 5,000 installations. Please note that this is a separate plugin from the main...
Trojan Spyware and BEC Attacks
When it comes to an organization’s security, business email compromise (BEC) attacks are a big problem. One primary reason impacts are so significant is that attacks often use a human victim to authorize a fraudulent transaction to bypass existing security controls...The Month in WordPress: February 2021
You don’t have to be rich to have an online presence. You don’t have to find loopholes in proprietary platforms and hope that they never change their terms of service. You own all of the content that you create on a WordPress site and have the liberty to move it to a...
WordPress Vulnerability Roundup: March 2021, Part 1
New WordPress plugin and theme vulnerabilities were disclosed during the first week of March. This post covers the recent WordPress plugin, theme, and core vulnerabilities and what to do if you run one of the vulnerable plugins or themes on your website. The WordPress...
Medium Severity Vulnerability Patched in User Profile Picture Plugin
On February 15, 2021, our Threat Intelligence team initiated the responsible disclosure process for a vulnerability that we discovered in User Profile Picture, a WordPress plugin installed on over 60,000 sites. The vulnerability made it possible for authenticated...
WordPress 5.7 Release Candidate 2
The second release candidate for WordPress 5.7 is now available! You can test the WordPress 5.7 release candidate in two ways: Try the WordPress Beta Tester plugin (choose the “Bleeding edge” channel and Beta/RC Only” stream options)Or download the...