Security breach in a WordPress Plugin «Wordfence Security» (Part II)

Security breach in a WordPress Plugin «Wordfence Security» (Part II) On the basis of the simulated situation we discussed in our previous article, one of our clients found himself in a similar problem. A couple of days ago our client, when attempting to upload a file, received the following error message:   The editing template files and plugin files on the server were also disabled. Checking which plugins are already installed, we’ve noticed that a “Wordfence Security” plugin was...


Security Breach in a WordPress Plugin «Wordfence Security» (Part I)

Security Breach in a WordPress Plugin «Wordfence Security» A short side note: This article was made after we shared the breach with the developers of the plugin and received a response from him (the quoted response is in part II of the article). The article details a simulated hacker attack situation, based on the exploitation of a newly found vulnerability in a popular plugin for WordPress - «Wordfence Security» Website Configuration As an example we’ll take a website built on CMS...