A ransomware attack on Colonial Pipeline affected fuel availability in 17 southeastern US states, and Bloomberg reported that Colonial Pipeline paid $5 million to DarkSide, a Russian ransomware service provider. The Biden Administration issued an executive order to increase US cybersecurity defenses. WordPress 5.7.2 was released to patch a critical object injection vulnerability in PHPMailer. A critical vulnerability was patched in the External Media plugin, used by over 8K sites. Vulnerabilities were discovered in all …

Read more

wordpress 5.7.2 security patch 1024x536 gzeVEv

On May 13, 2021 01:00 UTC, WordPress core released a security patch for a Critical Object Injection vulnerability in PHPMailer, the component that WordPress uses to send emails by default. If your site is set to allow auto updating of minor point releases, your site has probably already updated to WordPress 5.7.2. While we do recommend updating WordPress immediately if you haven’t already, at this time we do not believe that most WordPress sites are …

Read more

Critical Vulnerability Patched in External Media Plugin 1024x536 5B4zkO

On February 2, 2021, our Threat Intelligence team responsibly disclosed the details of a vulnerability in External Media, a WordPress plugin used by over 8,000 sites. This flaw made it possible for authenticated users, such as subscribers, to upload arbitrary files on any site running the plugin. This vulnerability could be used to achieve remote code execution and take over a WordPress site. We initially reached out to the plugin’s developer on February 2, 2021. …

Read more

think like a hacker ep116 1024x536 bZB75t

A vulnerability discovered in Packagist, which is used by Composer to manage PHP package requests, could have allowed attackers to trick Composer into downloading backdoored source code, potentially affecting all WordPress sites. Packagist reports that it’s not aware of any exploits. A SQL injection vulnerability was patched in the CleanTalk AntiSpam plugin installed on over 100k sites. Vulnerabilities were discovered in Exim mail server, including 3 RCE vulnerabilities. We’re seeing some of the first trickle-down …

Read more

SQL Injection Patched Cleantalk 1024x536 fYrarX

On March 4, 2021, the Wordfence Threat Intelligence team initiated responsible disclosure for a Time-Based Blind SQL Injection vulnerability discovered in Spam protection, AntiSpam, FireWall by CleanTalk, a WordPress plugin installed on over 100,000 sites. This vulnerability could be used to extract sensitive information from a site’s database, including user emails and password hashes, all without logging into the site. We initially reached out to the plugin’s developer on March 4, 2021 and sent over …

Read more

think like a hacker ep 115 1024x536 76vOwg

Apple patches a gatekeeper bypass vulnerability that has been exploited in the wild on MacOS. Though this vulnerability requires some social engineering to exploit, it is believed to have been actively exploited since January 9, 2021. Some Digital Ocean customers were affected by a data breach exposing personally identifiable information. A WordPress trac conversation considers blocking Federated Learning of Cohorts as a security release, and Creative Commons Search is coming to WordPress.org in a few …

Read more

Severe Unpatched Vulnerabilities Leads to Closure of Store Locator Plus Plugin 1024x536 y903xX

On March 5, 2021, the Wordfence Threat Intelligence team wrapped up an investigation that led to the discovery of a privilege escalation vulnerability along with several additional vulnerabilities in Store Locator Plus, a WordPress plugin installed on over 9,000 sites. We initially reached out to the plugin’s developer on March 5, 2021. We received no response for a week before we attempted to make contact again. After receiving no response for 20 days, and after …

Read more

think like a hacker ep114 1024x536 pQFt6o

Attacks on unpatched SolarWinds systems continue. We’re now learning of a supply chain attack that started in late January 2021 affecting 29,000 customers of Codecov, as well as a zero-day under active attack affecting customers of PulseSecure VPN. Customers of these three services are well known enterprise and government organizations. In the WordPress space, there are two add-on plugins experiencing active attacks: Kaswara Modern WPBakery Page Builder Addons and The Plus Addons for Elementor. Vulnerabilities …

Read more

PSA Remove Kaswara Modern WPBakery Page Builder Addons Plugin Immediately 1024x536 qggPiW

Today, April 21, 2021, the Wordfence Threat Intelligence team became aware of a critical 0-day vulnerability that is being actively exploited in Kaswara Modern WPBakery Page Builder Addons, a premium plugin that we estimate has over 10,000 installations. This vulnerability was reported this morning to WPScan by “Robin Goodfellow.” The exploited flaw makes it possible for unauthenticated attackers to upload malicious PHP files to a WordPress site and ultimately achieve remote code execution to take …

Read more

Severe Vulnerabilities Patched in Redirection for Contact Form 7 Plugin 1024x536 H6CZap

On February 11, 2021, our Threat Intelligence team responsibly disclosed several vulnerabilities in Redirection for Contact Form 7, a WordPress plugin used by over 200,000 sites. One of these flaws made it possible for unauthenticated attackers to generate arbitrary nonces for any function. The second flaw made it possible for authenticated attackers to install arbitrary plugins and inject PHP Objects. The third flaw made it possible for authenticated attackers to delete arbitrary posts on a …

Read more