Wordpress Related News

Join the discussions about using Wordpress as a blogging platform and content management system for your website or blog.
User avatar
LMD
Contributing Member
Posts: 483
Joined: Sat Jan 04, 2020 4:40 pm
Reputation: 196
Location: Where my wife tells me to be
Has thanked: 20 times
Been thanked: 24 times
Contact:

Re: Wordpress Related News

Post by LMD »

Here's one I don't see that often.
The Wordfence Web Application Firewall has blocked 114 attacks over the last 10 minutes. Below is a sample of these recent attacks:

April 30, 2020 11:24pm xxx.xx.xx.xxx (Poland) Blocked for Directory Traversal - wp-config.php in query string: file=../../../../../../wp-config.php
Another one, exactly the same way, but with a different IP, hit another site I look after. Sheesh!



Advertisement
Advertisement
User avatar
LMD
Contributing Member
Posts: 483
Joined: Sat Jan 04, 2020 4:40 pm
Reputation: 196
Location: Where my wife tells me to be
Has thanked: 20 times
Been thanked: 24 times
Contact:

Combined Attack on Elementor Pro and Ultimate Addons for Elementor Puts 1 Million Sites at Risk

Post by LMD »

Detailing active exploitation of vulnerabilities in two related plugins: Elementor Pro and Ultimate Addons for Elementor. We have reviewed the log files of compromised sites to confirm this activity.
More here at WordFence blog: https://www.wordfence.com/blog/2020/05/ ... e=hs_email
Last edited by J. H. Rasmussen on Thu May 07, 2020 8:42 pm, edited 1 time in total.
Reason: Moved post to thread Wordpress Related News.



User avatar
LMD
Contributing Member
Posts: 483
Joined: Sat Jan 04, 2020 4:40 pm
Reputation: 196
Location: Where my wife tells me to be
Has thanked: 20 times
Been thanked: 24 times
Contact:

Re: Wordpress Related News

Post by LMD »

And, yet another security issue with, yet another plugin...
Moments ago, our Threat Intelligence team published a report detailing vulnerabilities found in the “Page Builder by SiteOrigin” plugin, which is installed on over 1 million WordPress sites.

These two flaws two allow attackers to forge requests on behalf of a site administrator and execute malicious code in that administrator’s browser.
More on this here: https://www.wordfence.com/blog/2020/05/ ... i=87716683



User avatar
LMD
Contributing Member
Posts: 483
Joined: Sat Jan 04, 2020 4:40 pm
Reputation: 196
Location: Where my wife tells me to be
Has thanked: 20 times
Been thanked: 24 times
Contact:

Re: Wordpress Related News

Post by LMD »

I'm not a reseller - just a user of the plugin. So, I get these notices when there are "up-ticks" in threats, or specific plugins that can be, or are compromised, and should be either updated (if the authors are aware and have updated their plugin) or removed (if the authors are lazy, or not responsive to maintaining their free plugins). Of the site's I manage, there are about 4 that are regular targets of failed login attempts, password recovery attempts, and sometimes some nasty other things like this, which is one example of the multiple attempts to hack:
The Wordfence Web Application Firewall has blocked 101 attacks over the last 10 minutes. Below is a sample of these recent attacks:

May 10, 2020 4:21pm 94.23.103.179 (Czech Republic) Blocked for Directory Traversal - wp-config.php in query string: file=../../../../../../wp-config.php
Unless these clients that are being targeted, are visiting questionable sites, have compromised systems, or something else I am not privy to, the random attacks can seemingly appear very focused. Normally when these attacks take place, the offending IPs are blocked for 2 months (which is the maximum default block), unless I manually block each IP forever, but I'm not paid enough for that level of scrutiny. ;)

Maybe the paid plugin allows for more IP blocking options. :shrug:

Anyhow, this just came in:
This morning the Wordfence Threat Intelligence Team published an update about an intensifying attack campaign. The number of attacks from this single threat actor is outpacing all other attacks on WordPress vulnerabilities, combined.

You can find details of this campaign, it’s growth, malware payloads and indicators of compromise on the official Wordfence blog.
More on this: https://www.wordfence.com/blog/2020/05/ ... i=87850880



Accrete
Administrator
Posts: 1116
Joined: Fri Nov 08, 2019 12:44 am
Latest blog post: Have You Read the Webmaster Guidelines Yourself?
Answers: 1
Reputation: 732
Location: Canada
Has thanked: 22 times
Been thanked: 95 times
Contact:

WordPress 5.4.2 Security and Maintenance Release

Post by Accrete »

Time to make sure your Wordpress install auto updated (if you set to do that) and make sure your plugins are compatible:
WordPress 5.4.2 is now available!

This security and maintenance release features 23 fixes and enhancements. Plus, it adds a number of security fixes—see the list below.

These bugs affect WordPress versions 5.4.1 and earlier; version 5.4.2 fixes them, so you’ll want to upgrade.

If you haven’t yet updated to 5.4, there are also updated versions of 5.3 and earlier that fix the bugs for you.
Continued: WordPress 5.4.2 Security and Maintenance Release
June 10, 2020


Yours truly,
Accrete Web Solutions

SEO troubleshooting and review services available. - Pm me.

Accrete
Administrator
Posts: 1116
Joined: Fri Nov 08, 2019 12:44 am
Latest blog post: Have You Read the Webmaster Guidelines Yourself?
Answers: 1
Reputation: 732
Location: Canada
Has thanked: 22 times
Been thanked: 95 times
Contact:

KingComposer patches XSS flaw

Post by Accrete »

If your Wordpress site uses KingComposer plugin is has a XSS flaw that needs to be fixed:
A reflected cross-site scripting (XSS) vulnerability impacting 100,000 websites has been patched in the KingComposer WordPress plugin.

KingComposer is a drag-and-drop page builder for WordPress-based domains that removes the need to program or directly code websites powered by the content management system (CMS)...
Read more here: KingComposer patches XSS flaw impacting 100,000 WordPress websites
The vulnerability could be exploited to execute malicious payloads in visitor browsers.
July 10, 2020


Yours truly,
Accrete Web Solutions

SEO troubleshooting and review services available. - Pm me.

Accrete
Administrator
Posts: 1116
Joined: Fri Nov 08, 2019 12:44 am
Latest blog post: Have You Read the Webmaster Guidelines Yourself?
Answers: 1
Reputation: 732
Location: Canada
Has thanked: 22 times
Been thanked: 95 times
Contact:

Fake WordPress Plugin SiteSpeed Serves Malicious Ads & Backdoors

Post by Accrete »

If you are using a SiteSpeed plugin on your Wordpress site you better read this to make sure you are not using the fake one serving malicious ads and backdoors:
Fake WordPress plugins appear to be trending as an effective way of establishing a foothold on compromised websites.

During a recent investigation, we discovered a fake component which was masquerading as a legitimate plugin. Named SiteSpeed, it contained a lot of interesting malicious capabilities...
Source: https://securityboulevard.com/2020/07/f ... backdoors/
Last edited by J. H. Rasmussen on Thu Jul 16, 2020 8:34 pm, edited 1 time in total.
Reason: Added what i assume was the source link.


Yours truly,
Accrete Web Solutions

SEO troubleshooting and review services available. - Pm me.

Accrete
Administrator
Posts: 1116
Joined: Fri Nov 08, 2019 12:44 am
Latest blog post: Have You Read the Webmaster Guidelines Yourself?
Answers: 1
Reputation: 732
Location: Canada
Has thanked: 22 times
Been thanked: 95 times
Contact:

WordPress plugin Comments – wpDiscuz

Post by Accrete »

If you are using wpDiscuz plugin in your Wordpress installation you need to read this and patch it:

WordPress plugin Comments – wpDiscuz, which is installed on over 70,000 sites, has issued a patch.

Researchers are warning of a critical vulnerability in a WordPress plugin called Comments – wpDiscuz, which is installed on more than 70,000 websites. The flaw gives unauthenticated attackers the ability to upload arbitrary files (including PHP files) and ultimately execute remote code on vulnerable website servers.

Comments – wpDiscuz enables WordPress websites to add custom comment forms and fields to sites, and serves as an alternative to services like Disqus. Researchers with Wordfence, who discovered the flaw, have notified the plugin’s developer, gVectors, which issued a patch on July 23...
Critical Security Flaw in WordPress Plugin Allows RCE
July 29, 2020


Yours truly,
Accrete Web Solutions

SEO troubleshooting and review services available. - Pm me.

Post Reply

Return to “WordPress”

Who is online

Users browsing this forum: No members and 4 guests