Episode 90: WPBakery Plugin Vulnerability Exposes Over 4 Million Sites

A vulnerability discovered by the Wordfence Threat Intelligence team in the WPBakery plugin exposes over 4 million sites. High severity vulnerabilities were discovered in the Post Grid and Team Showcase plugins. The online avatar service Gravatar, has been exposed to a user enumeration technique, which could be abused to collect data on its users’ profiles,

2020-11-06T14:02:00+00:00November 6th, 2020|Security|

Trump Campaign Site Hacked – What We Know & Lessons Learned

On October 27, 2020 at approximately 4:50pm Mountain Time, Donald Trump’s campaign website, www.donaldjtrump.com, was defaced. The attackers left a message claiming they had compromising information on President Trump. The defacement page contained two Monero cryptocurrency wallet IDs encouraging visitors to “vote” by sending cryptocurrency to the wallets, indicating that if the first wallet received

2020-11-06T14:01:59+00:00November 6th, 2020|Security|

Emergency WP 5.5.3 Release

The WordPress core team has released an emergency release of WordPress 5.5.3, just one day after the release of version 5.5.2. This emergency release was done to remedy an issue introduced in WordPress 5.5.2 making it impossible to install WordPress on a brand new website without a database connection configured. In preparing for this emergency

2020-11-06T14:01:59+00:00November 6th, 2020|Security|

Object Injection Vulnerability in Welcart e-Commerce Plugin

On October 6, 2020, our Threat Intelligence team discovered a High-Severity Object Injection vulnerability in Welcart e-Commerce, a WordPress plugin with over 20,000 installations that claims top market share in Japan. After we finished our investigation, we contacted the plugin’s publisher, Collne Inc. on October 9, 2020. Full disclosure was sent on October 12, 2020,

2020-11-06T14:01:58+00:00November 6th, 2020|Security|

Vulnerability Exposes Over 4 Million Sites Using WPBakery

On July 27th, our Threat Intelligence team discovered a vulnerability in WPBakery, a WordPress plugin installed on over 4.3 million sites. This flaw made it possible for authenticated attackers with contributor-level or above permissions to inject malicious JavaScript in posts. We initially reached out to the plugin’s team on July 28, 2020 through their support

2020-10-24T11:03:09+01:00October 7th, 2020|Security|

High-Severity Vulnerabilities Patched in Discount Rules for WooCommerce

On August 20, 2020, the Wordfence Threat Intelligence team was made aware of several vulnerabilities that had been patched in Discount Rules for WooCommerce, a WordPress plugin installed on over 40,000 sites. We released a firewall rule to protect against these vulnerabilities the same day. During our investigation, we also discovered a separate set of

2020-10-04T12:53:18+01:00September 25th, 2020|Security|

Critical Vulnerabilities Patched in XCloner Backup and Restore Plugin

On August 14, our Threat Intelligence team discovered several vulnerabilities present in XCloner Backup and Restore, a WordPress plugin installed on over 30,000 sites. This flaw gave authenticated attackers, with subscriber-level or above capabilities, the ability to modify arbitrary files, including PHP files. Doing so would allow an attacker to achieve remote code execution on

2020-10-04T12:52:17+01:00September 19th, 2020|Security|