Lucene search
K

20 matches found

Wordfence Blog
Wordfence Blog
added 2026/06/18 4:42 p.m.8 views

Critical Unauthenticated Arbitrary File Deletion Vulnerability Patched in Avada Builder WordPress Plugin

On May 13th, 2026, we received a submission for a critical Unauthenticated Arbitrary File Deletion vulnerability in Avada Builder, a premium WordPress plugin with an estimated 1,000,000 active installations. This vulnerability makes it possible for unauthenticated attackers to delete arbitrary...

9.1CVSS6.6AI score0.01193EPSS
Exploits1
Wordfence Blog
Wordfence Blog
added 2026/05/29 4:23 p.m.31 views

Wordfence Bug Bounty Program Monthly Report – March 2026

In March 2026, the Wordfence Bug Bounty Program received 1718 vulnerability submissions from our growing community of security researchers working to improve the overall security posture of the WordPress ecosystem. These submissions are reviewed, triaged, and processed by the Wordfence Threat...

6.2AI score
Exploits0
Wordfence Blog
Wordfence Blog
added 2026/03/10 4:34 p.m.12 views

400,000 WordPress Sites Affected by Unauthenticated SQL Injection Vulnerability in Ally WordPress Plugin

On February 4th, 2026, we received a submission for an SQL Injection vulnerability in Ally, a WordPress plugin estimated to have more than 400,000 active installations. This vulnerability can be leveraged to extract sensitive data from the database, such as password hashes. Props to Drew Webber...

7.5CVSS7AI score0.02289EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2026/03/10 12:0 a.m.4 views

PT-2026-24548

Name of the Vulnerable Software and Affected Versions The Ally – Web Accessibility & Usability plugin for WordPress versions prior to 4.1.0 Description The Ally – Web Accessibility & Usability plugin for WordPress is susceptible to SQL Injection through the URL path. This occurs because of...

7.5CVSS5.8AI score0.02289EPSS
Exploits1References33
Wordfence Blog
Wordfence Blog
added 2025/12/02 7:47 p.m.14 views

100,000 WordPress Sites Affected by Remote Code Execution Vulnerability in Advanced Custom Fields: Extended WordPress Plugin

On November 18th, 2025, we received a submission for an unauthenticated Remote Code Execution vulnerability in Advanced Custom Fields: Extended, a WordPress plugin with more than 100,000 active installations. This vulnerability can be leveraged to execute code remotely. Props to dudekmar who...

9.8CVSS9AI score0.73557EPSS
Exploits10
Wordfence Blog
Wordfence Blog
added 2025/10/17 1:24 p.m.7 views

Wordfence Bug Bounty Program Monthly Report – September 2025

Last month in September 2025, the Wordfence Bug Bounty Program received 374 vulnerability submissions from our growing community of security researchers working to improve the overall security posture of the WordPress ecosystem. These submissions are reviewed, triaged, and processed by the...

8.1AI score
Exploits0
Wordfence Blog
Wordfence Blog
added 2025/10/14 3:56 p.m.7 views

4,000,000 WordPress Sites Affected by Arbitrary File Read Vulnerability in Slider Revolution WordPress Plugin

Calling all Vulnerability Researchers and Bug Bounty Hunters! Operation: Maximum Impact Challenge ! Now through November 10, 2025, earn 2X bounty rewards forall in-scope submissions in software with at least 5,000 active installs and fewer than 5 million active installs. Bounties up to $31,200 pe...

6.5CVSS6.7AI score0.00496EPSS
Exploits0
Wordfence Blog
Wordfence Blog
added 2025/08/25 4:31 p.m.9 views

15,000 WordPress Sites Affected by Privilege Escalation Vulnerability in Dokan Pro WordPress Plugin

📢 Calling all Vulnerability Researchers and Bug Bounty Hunters!📢 🌞 Spring into Summer with Wordfence! Now through September 4, 2025, earn 2X bounty rewards forall in-scope submissions from our ‘High Threat’ list in software with fewer than 5 million active installs. Bounties up to $31,200 per...

8.8CVSS8.3AI score0.00414EPSS
Exploits0
Wordfence Blog
Wordfence Blog
added 2025/08/22 4:3 p.m.9 views

Wordfence Bug Bounty Program Monthly Report – July 2025

Last month in July 2025, the Wordfence Bug Bounty Program received 325 vulnerability submissions from our growing community of security researchers working to improve the overall security posture of the WordPress ecosystem. These submissions are reviewed, triaged, and processed by the Wordfence...

9.4AI score
Exploits0
Wordfence Blog
Wordfence Blog
added 2025/08/04 7:11 p.m.10 views

WordPress SQLsplorer Challenge: Bigger Scope and Bounties for All Researchers in the Wordfence Bug Bounty Program

From now through September 22, 2025 , we’re running our SQLsplorer Challenge , focused on SQL Injection vulnerabilities. During this challenge, we’re expanding the scope of the Wordfence Bug Bounty Program to encourage deeper research into SQL Injection vulnerabilities and broader participation...

8.7AI score
Exploits0
Wordfence Blog
Wordfence Blog
added 2025/07/09 4:5 p.m.7 views

200,000 WordPress Sites Affected by Arbitrary File Deletion Vulnerability in SureForms WordPress Plugin

📢 Calling all Vulnerability Researchers and Bug Bounty Hunters!📢 🌞 Spring into Summer with Wordfence! Now through August 4, 2025, earn 2X bounty rewards forall in-scope submissions from our ‘High Threat’ list in software with fewer than 5 million active installs. Bounties up to $31,200 per...

8.1CVSS7.3AI score0.00984EPSS
Exploits0
Wordfence Blog
Wordfence Blog
added 2025/07/01 4:33 p.m.6 views

600,000 WordPress Sites Affected by Arbitrary File Deletion Vulnerability in Forminator WordPress Plugin

📢 Calling all Vulnerability Researchers and Bug Bounty Hunters!📢 🌞 Spring into Summer with Wordfence! Now through August 4, 2025, earn 2X bounty rewards forall in-scope submissions from our ‘High Threat’ list in software with fewer than 5 million active installs. Bounties up to $31,200 per...

8.8CVSS7.2AI score0.10538EPSS
Exploits0
Wordfence Blog
Wordfence Blog
added 2025/05/19 5:32 p.m.19 views

22,000 WordPress Sites Affected by Privilege Escalation Vulnerability in Motors WordPress Theme

📢In case you missed it, Wordfence just published itsannual WordPress security report for 2024. Read it now to learn more about the evolving risk landscape of WordPress so you can keep your sites protected in 2025 and beyond. On May 2nd, 2025, we received a submission for a Privilege Escalation...

9.8CVSS7.7AI score0.18241EPSS
Exploits3
Wordfence Blog
Wordfence Blog
added 2025/05/14 7:29 p.m.16 views

10,000 WordPress Sites Affected by Remote Code Execution Vulnerability in UiPress lite WordPress Plugin

📢In case you missed it, Wordfence just published itsannual WordPress security report for 2024. Read it now to learn more about the evolving risk landscape of WordPress so you can keep your sites protected in 2025 and beyond. On March 29th, 2025, we received a submission for a Remote Code Executio...

8.8CVSS8.8AI score0.00881EPSS
Exploits0
Wordfence Blog
Wordfence Blog
added 2025/05/12 6:24 p.m.28 views

82,000 WordPress Sites Affected by Arbitrary File Upload Vulnerability in TheGem WordPress Theme

📢In case you missed it, Wordfence just published itsannual WordPress security report for 2024. Read it now to learn more about the evolving risk landscape of WordPress so you can keep your sites protected in 2025 and beyond. On May 4th, 2025, we received a submission for an Arbitrary File Upload...

8.8CVSS7.9AI score0.01055EPSS
Exploits1
Wordfence Blog
Wordfence Blog
added 2025/03/03 6:13 p.m.47 views

Enhancing the Wordfence Bug Bounty Program: New Incentives & a Stronger Focus on High-Impact Research

Last year was a year of growth and refinement for the Wordfence Threat Intelligence team. In December of 2023, we launched our Bug Bounty Program, rewarding security researchers for identifying and reporting in-scope vulnerabilities to further our mission of Securing the Web while contributing to...

7.3AI score
Exploits0
Wordfence Blog
Wordfence Blog
added 2024/12/12 3:38 p.m.54 views

Wordfence Intelligence Weekly WordPress Vulnerability Report (December 2, 2024 to December 8, 2024)

Time to wrap up this year and kick-off the new year with a bang! We’re wrapping up the year with ourEnd of Year Holiday Extravaganza , High-Risk Bonus Blitz Challenge , and Superhero Challenge for the Wordfence Bug Bounty Program. Through January 6th, 2025: All in-scope vulnerability types for...

10CVSS9.9AI score0.15043EPSS
Exploits23
Wordfence Blog
Wordfence Blog
added 2024/11/13 4:45 p.m.29 views

Wrap Up the Year with the Biggest Scope and Rewards Yet: Join the Wordfence Bug Bounty Program End of Year Holiday Extravaganza!

The holidays are here, and so is your chance to earn big while helping secure the WordPress ecosystem! For all submissions to our Bug Bounty Program from November 12, 2024, to December 9, 2024 , we’re rolling out our End of Year Holiday Extravaganza promotion to give back to our security...

7.3AI score
Exploits0
Wordfence Blog
Wordfence Blog
added 2024/10/30 4:54 p.m.17 views

10,000 WordPress Sites Affected by Arbitrary File Upload Vulnerability in AI Power: Complete AI Pack WordPress Plugin

🦸 👻 Calling all superheroes and haunters! Introducing theCybersecurity Month Spooktacular Haunt and the WordPress Superhero Challenge for the Wordfence Bug Bounty Program! Through November 11th, 2024: All in-scope vulnerability types for WordPress plugins/themes with = 1,000 active installations...

9.8CVSS8.7AI score0.1313EPSS
Exploits0
Wordfence Blog
Wordfence Blog
added 2024/08/19 3:19 p.m.113 views

$4,998 Bounty Awarded and 100,000 WordPress Sites Protected Against Unauthenticated Remote Code Execution Vulnerability Patched in GiveWP WordPress Plugin

📢 Did you know Wordfence runs a Bug Bounty Program for all WordPress plugin and themes at no cost to vendors? Through October 14th, researchers can earn up to $31,200, for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find a vulnerability, submit the details directly to us, an...

10CVSS8.6AI score0.74283EPSS
Exploits11
Rows per page
Query Builder