Cyber Patrol Alert!

If you use WordPress and have the GiveWP donation plugin installed, your site users may have their private info accessible as ae speak. Please read the security bulletin email I received below:

Avoid<br><br>From Wordfence:<br><br><br><br><br>Our Threat Intelligence team recently discovered an authentication bypass vulnerability in the GiveWP plugin installed on over 70,000 WordPress sites. The weakness allowed unauthenticated users to bypass API authentication methods and potentially access personally identifiable user information (PII) like names, addresses, IP addresses, and email addresses which should not be publicly accessible. This vulnerability exists in GiveWP versions 2.5.4 and earlier and we recommend immediate updating to version 2.5.5 or later.  <br>Learn more on the <a rel=”noreferrer noopener” href=”https://email.wordfence.com/e2t/c/*W1MHkvN7wjtfQW6XWVtX9069sT0/*W3Ybr304RB5p0W6JKD9P5Zzm0J0/5/f18dQhb0SfHy9dsQqjW7TblHq50RnyCW4cPTbB31XhwfW1FSlRp2P7_nXVcnTGj992gLmW4vvm_w1wKnm7W7mWm9L96Ls77W26p8qz2z8ZWPW97kkZR51BBy7W6bnMQL7mFWwLW96dK7r5s1KtVW7d7cnt25pN_cW50Vv3L5C9dLsW5CRfTD5CGWVmVcj8fQ63mn6SW999f656PVKcrW6N3nBL8xGZPkW1bNlxw11WvlMW5KPDrp1xzf3zW7tKymB2B19dgW9dSlS635rgClW93-zW937RhtbW7NrMZs3ndfYDN5DFWr2HMMmnW4Nyj-n6b-vF0V7785p3y9KYQW3dgtNk5HZpM7W3XYYWm8DsPdsVFbvcb5jMSNlW3ZSpX05C30w7VHj6cL8DRW6zW30YG8Y3J2MbfW3-ht-v3VS7lvVZ7j6_3bPfR6W3WkcPb8HNfW8VFJVBn3rdqk7W8BwDFl5HBS_xW13Zln73W-pfxW6wydXJ392k_pW53NYtc4PLwTVW7pPfkv1tkZXzW4BnpY429HK2MW6q5cfC4J35SnW2N3Dcl51KcZkW6YTZTx1QYXZNW6HrNh87tbJ6bMTFLcNKkSW3W8x2Tv41MWhN-N1MKddsSqHvv111″ target=”_blank”>Wordfence </a>blog… and <a rel=”noreferrer noopener” href=”https://email.wordfence.com/e2t/c/*W1MHkvN7wjtfQW6XWVtX9069sT0/*W72n5Z-7ZcSxzW4zjVfL6bDtVJ0/5/f18dQhb0S1Wc7BfGH_W12NnrQ2qzQhGN34P-n0mWG1nW6TFTWY64WlyXN3Cc9s_h59TyW4T08BS2b2rRsW2PM7JZ6C5mzbW9l7Ypk2g8ddwW4pW3n94qDKrfW8gqPPP4Sp4pSW4vzwYq5SDNMlW5PZJVt9g6gK5W16WcgP7QBrHGW4snTf09bcn5-W1jZkMX3NXD6CVkY35L1dtnNqW6K1t4-3-MNkvN40mdRcDJ3c7M5w2cq2W_FHVv73NV4RS_QqV2mvGr1XSWFwW8SW15H1NDTv6W75Q_hT3KTcJPW6w14qf58FrjvVDRVGs47PNkSN4XjMQHHWpxSW4kSKtl8BtdwSW3h9wnf1X2jfmW5N_pmq2FdhBvW8z31p-3vDdCQVjtM2B6gHv2WW1k4bz75q_zdXW95Gx-t4YTJLfW8HDgzz4_n5s4W8M1XWk1-P4VmW919nj86hLCZHW81YvcV3G9FkBW8GXM154q26RKW42HXxh2ZsgKDW7xMvyC9fLFkdW27NP004-30lwW2m6Y0S5JFDlgW39xlb25bq9twN1hgdJvqgVTFW1mS3NC43vlB2W6Jy30V1bJFb7W7P4DZF6VX9J-W53YMYV7K_N5-W59XFx19h7YcFW40jMTP9dZL2BN22mFmfpvVjLW8kNs0C7SHwCyVbHSzB4khNlRf6fpSzj04″ target=”_blank”>listen to our interview</a> recorded last weekend with Give’s co-founder Matt Cromwell where we discuss the vulnerability and disclosure process as well as Give’s mission of democratizing generosity. <br>Regards,<br>Chloe Chamberland – Wordfence Threat Analyst<br> <br> <br><strong>Managing Numerous Sites?</strong><br>If you’re managing more than one WordPress site, make your life easier with Wordfence Central. All of your sites’ alerts and Wordfence settings can be managed in one place. <a rel=”noreferrer noopener” href=”https://email.wordfence.com/e2t/c/*W1MHkvN7wjtfQW6XWVtX9069sT0/*W94hy0P76w5TJW1x6Qxh3n8B1S0/5/f18dQhb0SbTW8YXN5qW7TblHq50RnyCW4cPTbB31XhwfW1FSlRz64DbVMW4NfVNZ9h3lwCW6YPpb25rq6DgW8lwSkl9cYnPKW5YcH8x7NMjRPW78YZ197JtTqnW8mnw907bjnYCN80-n6tgtfYQW66KBg-1bX2n3W5B4Tv87f-nKSW5KxXB65KDCtZW12tQjH7nVWGLW5J10-t5FHM5wW1v3hGt39HsnFW392D755jPVDHN1Rhn2r4cNXyW75WRHJ8572wSW3n8R2G3n0Q2RW53xcBz57zp9PW3Nk4kF7l0BWjW5xfrNl3HPdG_W5mkyPx1fdV7FW3F-1M335jzHmW7B2LpF6W0dN1W2ZmbNb44jhzZW53FKcN8DGSWGW3bkXc982dF7_W8Nqy0c34ww00W5gSHY56H5W1XN6WglpqVR6H2W4q1Pz52wdL07W1WwplP2MzqtVW7HT3SS95-sWXW2LdjVl8kDtHXVTD2L390crsVW72rlYX7jmsvpW4dFYdG7bfYRJW2kGFfd1NwBMnF1MVsRjBWvhf5Wgr8H03″ target=”_blank”>Try Wordfence Central</a>; it’s free. <br>If you would like to stop receiving WordPress security alerts and product updates from Wordfence, please use the “unsubscribe” link at the bottom of this email. You subscribed to this list via the <a rel=”noreferrer noopener” href=”https://email.wordfence.com/e2t/c/*W1MHkvN7wjtfQW6XWVtX9069sT0/*W6-Wtgg2pLQj2W6V_vff3hbpqY0/5/f18dQhb0SbTX8XYjZnW9fPMNG2qwv31N4cH9bGJFshGVf5btW57mvC2W1BQYgz9dtlPKW5Zh62K6YTq0RW9gRJ8g7NM5Q7W4NKj0n7tZTzlW7ZcsH46WJMgXW9bTNXY954KlMW4P0Yt62d4kjsW1fJ2Yc35_0L5W5LMjl48p1t20W5CxqBH68RlkzW3v7CBP3Wlz2MW5Sh0w01y7l3tW5F_2Jd3XsqW0W5pfw0m1Y1LcWW46yv6z6G2l8bW5V3nx_2BcyM9N1mGWmCXFRyQW63Bw8J4DBwgyW2nqn5Q3gFjFYVQBdt33V1KszW2-CMst4DCCKkW2yB4171qJphWW64KN7w5wLxRTN5WVNh3Pffw3W4XB8hx2Vc3F5N3yZrW5bC0r-W6nX4Kf1wYl-zW8dCK-t7gwD5KN6SSJNccb0fvW3f_5_K4p7yDTN2BPMnkMLT_tW8rBTLd5v6nf6W4Qb81D5L1tSqW19rcTf7fyCsdW7_ch-l4DzkSqW2_yGcp7S0jysW6hR4SS2_zJ0_N6Hk-0dNDyx-MrTzpY1yC3Lf7WSp9g03″ target=”_blank”>Wordfence security plugin for WordPress</a>.<br>If you aren’t already a member, you can subscribe to our <a rel=”noreferrer noopener” href=”https://email.wordfence.com/e2t/c/*W1MHkvN7wjtfQW6XWVtX9069sT0/*Vm6Td-75J28mW6G3Zdl7yXdLJ0/5/f18dQhb0Sq5y8XJbp2W7TblHq50RnyCW4cPTbB31XhwfW1FSlVV2P7_nXVbxYmW8pCQ6vW8pMTy33TtWNcW6bprKD6PZs7GW2JzbXL5CsfzYN1nY885YFj8WW3TVJrK7bj21BW5Lnwc44CB5ysW83_Pyq834DLzW8XWFBg2p1zRSW1h4FM-9d60QGW7pTGnR6hqCGTW5KxXB65KDCtZW12tQjH7nVWGLW5J10-t5FHM5wW1v3hGt3bPyFLW3BJL_22tk5vHW2zv-Qb806yj3W70ml3s3rc10sW5Rrh_X88KdxrW79PPgg60H89xW3H5xf55hHcjxVsSthf570qLzW5y3xC-8XJvL5W2FRVPn920f46W33mF6Q57HZSvW5xz69z2YK9F-W5-HP165pTyc9W1Lq1DS7VX3rpW22mXcd9kPs11W4f_s-t5DhyW9W18DsY-11rnNbV4Vjm26NyCyRN7KKWSJH59hHN14Sm1H8XMLgN4QDgwJWWfv3W3Xv6GD9c46YgW2B6bs_3lGykLW6zZSw12B9vRVW7_5JVf36sLG2n1NsfDKBSf81rpY902″ target=”_blank”>WordPress Security and Product Updates mailing list here</a>. You’re welcome to republish this email in part or in full, provided that you mention that the source is <a rel=”noreferrer noopener” href=”https://email.wordfence.com/e2t/c/*W1MHkvN7wjtfQW6XWVtX9069sT0/*W5Mb38w2l2v1RW9fJXw_8rgYR40/5/f18dQhb0Sjvl8YXNmFW7TblHq50RnyCW4cPTbB31XhwfW1FSlSX56qZCNVcnTGj992gLmW4vvm_w1wKnm7W7mWm9L96LsblW61SSZm7mG7sDW51vX4y6HShSCVxYwVC2TlMg5W2mS6Nk1Q4gzxW58RWG123-nGKW265VBJ22-FLhW5qHlRY20Y98hW1Yg1Qd2Y7Dl7W6pzHWB79p90_W2tk5vH2zv-PHW806yj370ml3sW3rc10s5Rrh_XW88Kdxr79PPggW60H89x3H5xf5N5hHcjxsSthfW570qLz5y3xC-W8XJvL52FRVPnW920f4633mF6QW57HZSv5xz69zW2YK9F-5-HP16W5pTyc91Lq1DSW7VX3rp22mXcdW9kPs114f_s-tW5DhyW9256ZzTVrX3l16VzRKMW1fDzPf5DQqVhW61STY28w-Y-GW9hVx-C19rcTfW7fyCsd7_ch-lW4DzkSq2_yGcpW7S0jys6hR4SSW2_zJ0_6Hk-0dMNDyx-rTzpYV1nM7j1V6w7v103″ target=”_blank”>www.wordfence.com</a>. If you would like to get Wordfence for your WordPress website, simply go to your “Plugin” menu, click “add new” and search for “wordfence”.<br><br>Defiant, Inc.   800 5th St STE 4100    Seattle  WA   98104   United States<br><br><br><br><br>I am disabling the plugin in within the hour and looking for options.<br><br>Respectfully,<br><br><br>Adrian ‘Yobi’ Blumberg<br>Volunteer Flow Director: YobiWorks<br>Webmaster: <a rel=”noreferrer noopener” href=”http://amcveterans.org/” target=”_blank”>amcveterans.org</a><br>Liaison: Marine For Life Network<br>Host: In The Fighting Hole-<br>        reformatting<br>Host: The NettNG-new format launch<br>        pending<br>Host: Find Your Medium-Art Day/Night@<br>        1105 Bancroft Ave<br>        San Leandro, CA<br>        1st Sunday 2pm to 6pm<br>        3rd Sunday 5pm to 9pm<br>        Support YobiWorks by becoming a<br>        patron at Patreon!<br><br>emails:<br><a rel=”noreferrer noopener” href=”mailto:regionauts@gmail.com” target=”_blank”>regionauts@gmail.com</a><br>yobi@yobiworks.art<br><br>cell: 510-703-1088<br><br>LinkedIn: <a rel=”noreferrer noopener” href=”https://www.linkedin.com/in/adrianblumberg” target=”_blank”>https://www.linkedin.com/in/adrianblumberg</a><br>Hide quoted text<br><br>———- Forwarded message ———<br>From: <strong>Wordfence</strong> <<a rel=”noreferrer noopener” href=”mailto:list@wordfence.com” target=”_blank”>list@wordfence.com</a>><br>Date: Thu, Sep 26, 2019, 13:12<br>Subject: [WordPress Security] Authentication Bypass Vulnerability in GiveWP Plugin<br>To: <<a rel=”noreferrer noopener” href=”mailto:regionauts@gmail.com” target=”_blank”>regionauts@gmail.com</a>><br><br><br><br><br><br><br><br>Our Threat Intelligence team recently discovered an authentication bypass vulnerability in the GiveWP plugin installed on over 70,000 WordPress sites. The weakness allowed unauthenticated users to bypass API authentication methods and potentially access personally identifiable user information (PII) like names, addresses, IP addresses, and email addresses which should not be publicly accessible. This vulnerability exists in GiveWP versions 2.5.4 and earlier and we recommend immediate updating to version 2.5.5 or later.  <br>Learn more on the <a rel=”noreferrer noopener” href=”https://email.wordfence.com/e2t/c/*W1MHkvN7wjtfQW6XWVtX9069sT0/*W3Ybr304RB5p0W6JKD9P5Zzm0J0/5/f18dQhb0SfHy9dsQqjW7TblHq50RnyCW4cPTbB31XhwfW1FSlRp2P7_nXVcnTGj992gLmW4vvm_w1wKnm7W7mWm9L96Ls77W26p8qz2z8ZWPW97kkZR51BBy7W6bnMQL7mFWwLW96dK7r5s1KtVW7d7cnt25pN_cW50Vv3L5C9dLsW5CRfTD5CGWVmVcj8fQ63mn6SW999f656PVKcrW6N3nBL8xGZPkW1bNlxw11WvlMW5KPDrp1xzf3zW7tKymB2B19dgW9dSlS635rgClW93-zW937RhtbW7NrMZs3ndfYDN5DFWr2HMMmnW4Nyj-n6b-vF0V7785p3y9KYQW3dgtNk5HZpM7W3XYYWm8DsPdsVFbvcb5jMSNlW3ZSpX05C30w7VHj6cL8DRW6zW30YG8Y3J2MbfW3-ht-v3VS7lvVZ7j6_3bPfR6W3WkcPb8HNfW8VFJVBn3rdqk7W8BwDFl5HBS_xW13Zln73W-pfxW6wydXJ392k_pW53NYtc4PLwTVW7pPfkv1tkZXzW4BnpY429HK2MW6q5cfC4J35SnW2N3Dcl51KcZkW6YTZTx1QYXZNW6HrNh87tbJ6bMTFLcNKkSW3W8x2Tv41MWhN-N1MKddsSqHvv111″ target=”_blank”>Wordfence blog</a>… and <a rel=”noreferrer noopener” href=”https://email.wordfence.com/e2t/c/*W1MHkvN7wjtfQW6XWVtX9069sT0/*W72n5Z-7ZcSxzW4zjVfL6bDtVJ0/5/f18dQhb0S1Wc7BfGH_W12NnrQ2qzQhGN34P-n0mWG1nW6TFTWY64WlyXN3Cc9s_h59TyW4T08BS2b2rRsW2PM7JZ6C5mzbW9l7Ypk2g8ddwW4pW3n94qDKrfW8gqPPP4Sp4pSW4vzwYq5SDNMlW5PZJVt9g6gK5W16WcgP7QBrHGW4snTf09bcn5-W1jZkMX3NXD6CVkY35L1dtnNqW6K1t4-3-MNkvN40mdRcDJ3c7M5w2cq2W_FHVv73NV4RS_QqV2mvGr1XSWFwW8SW15H1NDTv6W75Q_hT3KTcJPW6w14qf58FrjvVDRVGs47PNkSN4XjMQHHWpxSW4kSKtl8BtdwSW3h9wnf1X2jfmW5N_pmq2FdhBvW8z31p-3vDdCQVjtM2B6gHv2WW1k4bz75q_zdXW95Gx-t4YTJLfW8HDgzz4_n5s4W8M1XWk1-P4VmW919nj86hLCZHW81YvcV3G9FkBW8GXM154q26RKW42HXxh2ZsgKDW7xMvyC9fLFkdW27NP004-30lwW2m6Y0S5JFDlgW39xlb25bq9twN1hgdJvqgVTFW1mS3NC43vlB2W6Jy30V1bJFb7W7P4DZF6VX9J-W53YMYV7K_N5-W59XFx19h7YcFW40jMTP9dZL2BN22mFmfpvVjLW8kNs0C7SHwCyVbHSzB4khNlRf6fpSzj04″ target=”_blank”>listen to our interview</a> recorded last weekend with Give’s co-founder Matt Cromwell where we discuss the vulnerability and disclosure process as well as Give’s mission of democratizing generosity. <br>Regards,<br>Chloe Chamberland – Wordfence Threat Analyst<br> <br> <br><strong>Managing Numerous Sites?</strong><br>If you’re managing more than one WordPress site, make your life easier with Wordfence Central. All of your sites’ alerts and Wordfence settings can be managed in one place. <a rel=”noreferrer noopener” href=”https://email.wordfence.com/e2t/c/*W1MHkvN7wjtfQW6XWVtX9069sT0/*W94hy0P76w5TJW1x6Qxh3n8B1S0/5/f18dQhb0SbTW8YXN5qW7TblHq50RnyCW4cPTbB31XhwfW1FSlRz64DbVMW4NfVNZ9h3lwCW6YPpb25rq6DgW8lwSkl9cYnPKW5YcH8x7NMjRPW78YZ197JtTqnW8mnw907bjnYCN80-n6tgtfYQW66KBg-1bX2n3W5B4Tv87f-nKSW5KxXB65KDCtZW12tQjH7nVWGLW5J10-t5FHM5wW1v3hGt39HsnFW392D755jPVDHN1Rhn2r4cNXyW75WRHJ8572wSW3n8R2G3n0Q2RW53xcBz57zp9PW3Nk4kF7l0BWjW5xfrNl3HPdG_W5mkyPx1fdV7FW3F-1M335jzHmW7B2LpF6W0dN1W2ZmbNb44jhzZW53FKcN8DGSWGW3bkXc982dF7_W8Nqy0c34ww00W5gSHY56H5W1XN6WglpqVR6H2W4q1Pz52wdL07W1WwplP2MzqtVW7HT3SS95-sWXW2LdjVl8kDtHXVTD2L390crsVW72rlYX7jmsvpW4dFYdG7bfYRJW2kGFfd1NwBMnF1MVsRjBWvhf5Wgr8H03″ target=”_blank”>Try Wordfence Central</a>; it’s free. <br>If you would like to stop receiving WordPress security alerts and product updates from Wordfence, please use the “unsubscribe” link at the bottom of this email. You subscribed to this list via the <a rel=”noreferrer noopener” href=”https://email.wordfence.com/e2t/c/*W1MHkvN7wjtfQW6XWVtX9069sT0/*W6-Wtgg2pLQj2W6V_vff3hbpqY0/5/f18dQhb0SbTX8XYjZnW9fPMNG2qwv31N4cH9bGJFshGVf5btW57mvC2W1BQYgz9dtlPKW5Zh62K6YTq0RW9gRJ8g7NM5Q7W4NKj0n7tZTzlW7ZcsH46WJMgXW9bTNXY954KlMW4P0Yt62d4kjsW1fJ2Yc35_0L5W5LMjl48p1t20W5CxqBH68RlkzW3v7CBP3Wlz2MW5Sh0w01y7l3tW5F_2Jd3XsqW0W5pfw0m1Y1LcWW46yv6z6G2l8bW5V3nx_2BcyM9N1mGWmCXFRyQW63Bw8J4DBwgyW2nqn5Q3gFjFYVQBdt33V1KszW2-CMst4DCCKkW2yB4171qJphWW64KN7w5wLxRTN5WVNh3Pffw3W4XB8hx2Vc3F5N3yZrW5bC0r-W6nX4Kf1wYl-zW8dCK-t7gwD5KN6SSJNccb0fvW3f_5_K4p7yDTN2BPMnkMLT_tW8rBTLd5v6nf6W4Qb81D5L1tSqW19rcTf7fyCsdW7_ch-l4DzkSqW2_yGcp7S0jysW6hR4SS2_zJ0_N6Hk-0dNDyx-MrTzpY1yC3Lf7WSp9g03″ target=”_blank”>Wordfence security plugin for WordPress</a>.<br>If you aren’t already a member, you can subscribe to our <a rel=”noreferrer noopener” href=”https://email.wordfence.com/e2t/c/*W1MHkvN7wjtfQW6XWVtX9069sT0/*Vm6Td-75J28mW6G3Zdl7yXdLJ0/5/f18dQhb0Sq5y8XJbp2W7TblHq50RnyCW4cPTbB31XhwfW1FSlVV2P7_nXVbxYmW8pCQ6vW8pMTy33TtWNcW6bprKD6PZs7GW2JzbXL5CsfzYN1nY885YFj8WW3TVJrK7bj21BW5Lnwc44CB5ysW83_Pyq834DLzW8XWFBg2p1zRSW1h4FM-9d60QGW7pTGnR6hqCGTW5KxXB65KDCtZW12tQjH7nVWGLW5J10-t5FHM5wW1v3hGt3bPyFLW3BJL_22tk5vHW2zv-Qb806yj3W70ml3s3rc10sW5Rrh_X88KdxrW79PPgg60H89xW3H5xf55hHcjxVsSthf570qLzW5y3xC-8XJvL5W2FRVPn920f46W33mF6Q57HZSvW5xz69z2YK9F-W5-HP165pTyc9W1Lq1DS7VX3rpW22mXcd9kPs11W4f_s-t5DhyW9W18DsY-11rnNbV4Vjm26NyCyRN7KKWSJH59hHN14Sm1H8XMLgN4QDgwJWWfv3W3Xv6GD9c46YgW2B6bs_3lGykLW6zZSw12B9vRVW7_5JVf36sLG2n1NsfDKBSf81rpY902″ target=”_blank”>WordPress Security and Product Updates mailing list here</a>. You’re welcome to republish this email in part or in full, provided that you mention that the source is <a rel=”noreferrer noopener” href=”https://email.wordfence.com/e2t/c/*W1MHkvN7wjtfQW6XWVtX9069sT0/*W5Mb38w2l2v1RW9fJXw_8rgYR40/5/f18dQhb0Sjvl8YXNmFW7TblHq50RnyCW4cPTbB31XhwfW1FSlSX56qZCNVcnTGj992gLmW4vvm_w1wKnm7W7mWm9L96LsblW61SSZm7mG7sDW51vX4y6HShSCVxYwVC2TlMg5W2mS6Nk1Q4gzxW58RWG123-nGKW265VBJ22-FLhW5qHlRY20Y98hW1Yg1Qd2Y7Dl7W6pzHWB79p90_W2tk5vH2zv-PHW806yj370ml3sW3rc10s5Rrh_XW88Kdxr79PPggW60H89x3H5xf5N5hHcjxsSthfW570qLz5y3xC-W8XJvL52FRVPnW920f4633mF6QW57HZSv5xz69zW2YK9F-5-HP16W5pTyc91Lq1DSW7VX3rp22mXcdW9kPs114f_s-tW5DhyW9256ZzTVrX3l16VzRKMW1fDzPf5DQqVhW61STY28w-Y-GW9hVx-C19rcTfW7fyCsd7_ch-lW4DzkSq2_yGcpW7S0jys6hR4SSW2_zJ0_6Hk-0dMNDyx-rTzpYV1nM7j1V6w7v103″ target=”_blank”>www.wordfence.com</a>. If you would like to get Wordfence for your WordPress website, simply go to your “Plugin” menu, click “add new” and search for “wordfence”.<br><br>Defiant, Inc.   800 5th St STE 4100    Seattle  WA   98104   United States<br>

Liked it? Take a second to support A.Yobi B. on Patreon!