On Monday the WordPress plugin Yellow Pencil Visual Theme Customizer was closed in the WordPress.org plugin repository. The plugin is quite popular, with an active install base of over 30,000 websites. On Tuesday the details of an unpatched vulnerability in the plugin were posted by a security researcher. We are now seeing a high volume of attempts to exploit the vulnerability.
In today’s post we provide details on the vulnerability, the attack campaign that is currently exploiting it and how to protect your site.
You can read the full post on the official Wordfence blog…
Mark Maunder – Wordfence Founder & CEO
Introducing Wordfence Central
Wordfence Central is a powerful and efficient way to manage the security for multiple sites in one place. Learn More
If you would like to stop receiving WordPress security alerts and product updates from Wordfence, please use the “unsubscribe” link at the bottom of this email. You subscribed to this list via the Wordfence security plugin for WordPress.
If you aren’t already a member, you can subscribe to our WordPress Security and Product Updates mailing list here. You’re welcome to republish this email in part or in full, provided that you mention that the source is www.wordfence.com. If you would like to get Wordfence for your WordPress website, simply go to your “Plugin” menu, click “add new” and search for “wordfence”.