XSS Injection Campaign Exploits WordPress AMP Plugin

News broke last week disclosing a number of vulnerabilities in the AMP For WP plugin, installed on over 100,000 WordPress sites. WordPress contributor Sybre Waaijer identified the security issue and confidentially disclosed it to the WordPress plugins team. To exploit the flaw, an attacker needs to have a minimum of subscriber-level access on a vulnerable site. This…

Service Vulnerability: MelbourneIT Fixes NFS Permissions Problem

In February, we wrote about a vulnerability on three shared hosting services.  Following our Vulnerability Disclosure Policy, we had alerted them about vulnerable permissions on shared drives on their servers. They fixed the problem, making things safer both for their customers and for their customers’ site visitors. During the past month we noticed the same kind…

A Feeding Frenzy to Deface WordPress Sites

In this report we share data on the ongoing flood of WordPress REST-API exploits we are seeing in the wild. We include data on 20 different site defacement campaigns we are currently tracking. We show how attackers have switched to the REST-API exploit and how it has increased their success rates. We have also seen an…

Hacking 27% of the Web via WordPress Auto-Update

At Wordfence, we continually look for security vulnerabilities in the third party plugins and themes that are widely used by the WordPress community. In addition to this research, we regularly examine WordPress core and the related wordpress.org systems. Recently we discovered a major vulnerability that could have caused a mass compromise of the majority of…