WEST PALM BEACH, FL - This morning, the Wordfence Threat Intelligence Team published details about a critical vulnerability discovered in two themes by Elegant Themes, Divi and Extra, as well as the Divi Builder plugin. Combined, these products are installed on an estimated 700,000 sites. Elegant Themes provides some of the most popular WordPress themes in the world and includes a visual page builder. We initially reached out to Elegant Themes on July 23, 2020 and, … [Read more...]
It’s Only A Matter of Time Until You Need to Be Licensed to Operate A Web Server
PALM BEACH, FL – I have been thinking about this off and on for a few years now, but I have never really posted or written about it. That is because it is an awful prediction that I hate the idea of, but I think it is going to eventually happen. Here it goes…. I predict that to operate a web server sometime in the near future, you will be required to have a license, or have passed a basic course in IT security or Cybersecurity intrusion mitigation. Not at the single site … [Read more...]
WordPress Vulnerability for Sites Running WooCommerce with “Shop Manager” Role
NEW YORK, NY – If you're running a WordPress website and are utilizing the popular WooCommerce plugin, a shopping cart used by roughly four-million sites, there is a new vulnerability which requires that your WooCommerce plugin be up to date, or users marked as “Shop Managers” could hijack your site and virtually wipe out all data by compromising your administrator account. This new vulnerability was first reported to WordPress and WooCommerce in August when it was … [Read more...]
Big Deal: Another Popular WordPress Plugin Purchased by Nefarious User
NEW YORK - A few months ago in September, I wrote about a plugin (Display Widgets Plugin) which was sold to someone who used it to compromise over 200,000 websites as that’s about how many installs it had and sites it targeted with compromising intentions. Well, it was a big deal then and it’s an even bigger deal now because it has come to light that this same tactic of acquisition has been used yet again, with (Captcha Plugin) to compromise 300,000 sites. According to … [Read more...]
New Threat to WordPress Sites Designed to Bypass All Ordinary Security Measures
NEW YORK, NY - It seems like a new security threat is born each day; maybe that is because there is. For those who operate WordPress sites, including myself, there is a new threat to consider that is designed to bypass ordinary security measures; a simple back door, you have already left wide-open, by choice. WordPress Plugins are great additions to any WordPress site as they create all sorts of easy plug-and-play options and make often complicated features simple to … [Read more...]