From the author
January 22, 2014
Version 4.0.1 Updates:
- Real-time WordPress Security Network Launched.
- If another site is attacked and blocks the attacker, your site also blocks the attacker. Shared data among Wordfence sites.
- See our home page on www.wordfence.com for a live map of attacks being blocked. Then blog about us!!
- Fixed bug where wfBrowscapCache.php is reported as malicious.
- Big improvement in scanning speed and efficiency of URL's and IP addresses.
- Fixed preg_replace() warning by using newer preg_replace_callback() func.
December 12, 2013
The newest version of WordPress, version 3.8, also known as "Parker" was released a few minutes ago. We've released an updated version of Wordfence which is fully compatible and includes several fixes and improvements, so upgrade your WordPress and Wordfence now.
Wordfence also now includes the ability to verify the core files of WordPress 3.8 and as always will verify the integrity of your core files for all previous versions of WordPress too.
We've seen new exploits in the wild for the following themes and plugins. If any are listed, make sure you've upgraded to the newest version and that the theme or plugin is being maintained by it's author:
- WordPress Download Manager. The current version is 2.5.8 and this contains a cross site scripting vulnerability which does not appear to have been fixed yet. The XSS security hold exists in the form used to create a new download package where the title input field is not sanitized.
- The Page Flip Image Gallery plugin contains a remote file upload vulnerability which was published on the 7th of December and appears to exist in the current version of this popular plugin. Please contact the author for further information.