Latest Articles
Update: Download Manager Plugin Vulnerability Patched July 27, 2022
The Wordfence Threat Intelligence team initiated the responsible disclosure process for a vulnerability they discovered on July 8, 2022 in “Download Manager,” a WordPress plugin that is installed on over 100,000+ sites. This flaw makes it possible for an authenticated attacker to delete arbitrary files hosted on the server, provided they have access to create […]
Download Manager Plugin Vulnerability Risk on 10,000 WordPress Sites
Security Researcher Rafie Muhammad reported a reflected Cross-Site Scripting (XSS) vulnerability to Wordfence that they discovered in Download Manager, a WordPress plugin installed on over 100,000 sites. On request, we assigned a vulnerability identifier of CVE-2022-1985, on May 30, 2022. Even though Wordfence provides protection against this vulnerability, we strongly recommend ensuring that your site […]
Security Alert: Jupiter & JupiterX Premium Themes has Critical Privilege Escalation Vulnerability - May 2022
Affected Software: Jupiter Theme and JupiterX Core Plugin Fully Patched Versions: Jupiter Theme 6.10.2 and JupiterX Core Plugin 2.0.8 The Wordfence Threat Intelligence team initiated the responsible disclosure process on April 5, 2022, for a set of High threat vulnerabilities in the Jupiter & JupiterX themes, and their required JupiterX Core companion plugin for WordPress, which included […]
Emergency Update: Google Chrome Needs To Be Updated To Version(99.0.4844.84)
The Tech Giant "Google" has issued an emergency security warning to their billions of chrome users to update ASAP as it is confirmed that attackers are already exploiting. Google has issued an urgent security update for their billions of Chrome users from their official blog published at March 25, as it confirms that attackers are […]
Woocommerce 6.3 Has Been Released, What's New?
Woocommerce has officially announced the release of WooCommerce version 6.3. They even mentioned that this release should be backwards compatible with the previous version. It is always recommended to take a backup of your site and make sure that the theme and any other installed plugins are compatible or not before updating. Woocommerce v6.3 release […]
How To Update WordPress Theme For Beginners
When we are New to WordPress we might spend too much time searching for the options or settings to change as we think. We just need to understand the WordPress Navigations by exploring it. Now Let's See How We Can Update a WordPress Theme From the Dashboard. There are two methods to update a WordPress […]
Header Footer Code Manager has Reflected Cross-Site Scripting Vulnerability
Wordfence Threat Intelligence team responsibly disclosed a reflected Cross-Site Scripting (XSS) vulnerability in Header Footer Code Manager, a WordPress plugin with over 300,000 installations on February 15, 2022. Header Footer Code Manager plugin publisher quickly acknowledged wordfence initial contact and wordfence did sent the full disclosure details the same day, on February 15, 2022. A […]
Updraftplus Vulnerability Allowed Subscribers to Download Sensitive Backups
Update: a previous version of this article indicated that an attacker would need to begin their attack when a backup was in progress and would need to guess the appropriate timestamp to download a backup. Since the article was originally published, wordfence have found that it is possible to obtain a full log containing a […]
Alert: Vulnerability on Essential Addons For Elementor WordPress Plugin - Updated 31 Jan, 2022
Essential Addons for Elementor WordPress plugin affected by a critical Remote Code Execution (RCE) vulnerability that severely impacts v5.0.4 and older. Vulnerability Fixed Patch update - 31 January, 2022 Essential Addons for Elementor is a free and popular WordPress plugin and it is an addon for the Famous Elementor Page Builder. The vulnerability was discovered […]
Is Elementor Free to Download?
Elementor is one of the Top Suggested Page Builders in the WordPress world, most WordPress developers suggest using Elementor as it is easy to use with its Simple Drag & Drop Feature, and saves everyone's Time and Effort. Is Elementor Free? Yes, Elementor is Free and it's available on WordPress Repository/Library. You can easily create […]
3 Plugins with Same Vulnerability Allows Attacker to Take Over
These three WordPress plugins with the same vulnerability give the attacker to access your login and e-commerce add-ons by taking over the site completely. The Wordfence Threat Intelligence team started a process to disclose a vulnerability researchers on Nov. 5, 2021, had found in “Login/Signup Popup,” a WordPress plug-in installed on more than 20,000 sites, Wordfence’s Chloe […]
Yoast SEO Gets Into Shopify Planning to Launch End of January
Yoast.com has officially announced that they are planning to launch Yoast SEO by the end of January 18, 2022 They have mentioned that, Shopify is growing fast, and they have decided to get profit from the growth of that specific platform building a SEO app. Also the price point in shopify is different from the […]
First Important Step To Do After Installing WordPress
First and the Most Important step to do after installing wordpress from your hosting provider is to check the permalink structure. After a successful wordpress installation, we need to check the permalink structure before adding any theme or plugin is the best practice to avoid SEO errors in future. Why Permalink structure is Important? Permalink […]
How to Install Elementor on Your WordPress Website For Beginners
If you want to create a new website that should be Easy to Build and also Easy to Manage by yourself for longrun then Elementor Page builder is the best choice to add on your wordpress website. Elementor is one of the highest installed wordpress plugin with 5+ Million Active Installations till now.And it is […]
1.6 Million WordPress Sites Cyberattack From 16,000+ IP Addresses - Dec 2021
As many as 1.6 million WordPress sites have been targeted by an active large-scale attack campaign originating from 16,000 IP addresses by exploiting weaknesses in four plugins and 15 Epsilon Framework themes. WordPress security company Wordfence, which disclosed details of the attacks, said Thursday it had detected and blocked more than 13.7 million attacks aimed […]
GoDaddy Data Breach Affected 1.2 Million Customer Accounts
GoDaddy announced on Monday a security breach that could affect up to 1.2 million customers, exposing their e-mail addresses and customer numbers. The exposure of email addresses presents a risk of phishing attacks, a scheme in which a hacker sends a target an e-mail and tricks them into sending over sensitive information by clicking a link that deploys […]
Is Image Alt Text Important For SEO?
Do you know that images without an alt text can impact negatively on your website's SEO? Search engine's like Google and Bing finds hard to understand image files if they don't have an alt text while crawling web pages. Is Image Alt Text Or Alt Attribute Important For SEO? The Answer is Yes What is […]
Vulnerability in Smash Balloon Social Post Feed plugin versions 4.0.0 and earlier - Update Now
The Smash Balloon Social Post Feed plugin has a vulnerability in versions 4.0.0 and earlier. We recommend updating to version 4.0.1 During an internal audit of the Smash Balloon Social Post Feed plugin (also known as Custom Facebook Feed), Jetpack discovered several sensitive AJAX endpoints were accessible to any users with an account on the vulnerable site, […]
Dangerous Site Deletion Vulnerability in Hashthemes Plugin - Oct 26, 2021
n August 25, 2021, the Wordfence Threat Intelligence team initiated the disclosure process for a vulnerability in Hashthemes Demo Importer, a WordPress plugin with over 7,000 installations. This vulnerability allowed any authenticated user to completely reset a site, permanently deleting nearly all database content as well as all uploaded media. As wordfence team did not receive […]
OptinMonster Vulnerabilities - 1,000,000 Sites Affected - Oct 27, 2021
On September 28, 2021 the Wordfence Threat Intelligence team initiated the responsible disclosure process for several vulnerabilities Wordfence discovered in OptinMonster, a WordPress plugin installed on over 1,000,000 sites. These flaws made it possible for an unauthenticated attacker, meaning any site visitor, to export sensitive information and add malicious JavaScript to WordPress sites, among many other […]
How to add Previous Next Links on Oxygen Post Template
Adding Previous and Next Links on Oxygen Single Post Template is Really Simple Add two code blocks One for Previous Post Link and Other for Next Post Link For Previous Post Link Code For Next Post Link Code This is the simple and easiest way to add Next and Previous Post Link on Oxygen Single […]
WooCommerce Core Security Issue Alert - Critical vulnerability - July 2021
Security Update Alert on Woocommerce versions 3.3 to 5.5 on July 15, 2021 Update Woocommerce to the latest version (5.5.1) or the highest number possible There has been a critical vulnerability identified in WooCommerce (versions 3.3 to 5.5) and the WooCommerce Blocks feature plugin (versions 2.5 to 5.5). What actions should I take with my store? Stores hosted on WordPress.com and WordPress VIP […]
High Vulnerabilities Patched in Simple 301 Redirects by BetterLinks Plugin
On April 8, 2021, the Wordfence Threat Intelligence team initiated the responsible disclosure process for several vulnerabilities discovered in Simple 301 Redirects by BetterLinks, a WordPress plugin installed on over 300,000 sites. One of these flaws made it possible for unauthenticated users to update redirects for the site allowing an attacker to redirect all site traffic […]
Elementor New Pricing Plan 2020 - From March 9
Elementor Page Builder is one of the Best most user friendly WordPress Page Builder plugin that was on the top from 2019.If you are a WordPress Developer or Designer you would probably know that, but if you are new to wordpress then Elementor is the best free page builder and we can create almost a […]