Attackers Actively Exploiting Critical Vulnerability in Everest Forms Pro Plugin

On March 30th, 2026, we publicly disclosed a critical Remote Code Execution vulnerability in Everest Forms Pro, a WordPress plugin with an estimated 4,000 active installations. This vulnerability can be leveraged by unauthenticated attackers to execute arbitrary PHP code on the server, leading to...

Attackers Actively Exploiting Critical Vulnerability in Ninja Forms – File Upload Plugin

On April 6th, 2026, we publicly disclosed a critical Arbitrary File Upload vulnerability in Ninja Forms – File Upload, a WordPress plugin with an estimated 50,000 active installations. This vulnerability can be leveraged by unauthenticated attackers to upload arbitrary files, including PHP...

Wordfence Bug Bounty Program Monthly Report – February 2026

Last month in February 2026, the Wordfence Bug Bounty Program received 1078 vulnerability submissions from our growing community of security researchers working to improve the overall security posture of the WordPress ecosystem. These submissions are reviewed, triaged, and processed by the...

Wordfence Bug Bounty Program Monthly Report – October 2025

Last month in October 2025, the Wordfence Bug Bounty Program received 486 vulnerability submissions from our growing community of security researchers working to improve the overall security posture of the WordPress ecosystem. These submissions are reviewed, triaged, and processed by the Wordfenc...

Wordfence Bug Bounty Program Monthly Report – September 2025

Last month in September 2025, the Wordfence Bug Bounty Program received 374 vulnerability submissions from our growing community of security researchers working to improve the overall security posture of the WordPress ecosystem. These submissions are reviewed, triaged, and processed by the...

Attackers Actively Exploiting Critical Vulnerability in Service Finder Bookings Plugin

📢 Calling all Vulnerability Researchers and Bug Bounty Hunters!📢 🚀 Operation: Maximum Impact Challenge ! Now through November 10, 2025, earn 2X bounty rewards forall in-scope submissions in software with at least 5,000 active installs and fewer than 5 million active installs. Bounties up to $31,2...

Attackers Actively Exploiting Critical Vulnerability in Alone Theme

📢 Calling all Vulnerability Researchers and Bug Bounty Hunters!📢 🌞 Spring into Summer with Wordfence! Now through August 4, 2025, earn 2X bounty rewards forall in-scope submissions from our ‘High Threat’ list in software with fewer than 5 million active installs. Bounties up to $31,200 per...

10,000 WordPress Sites Affected by Critical Vulnerabilities in HT Contact Form WordPress Plugin

📢 Calling all Vulnerability Researchers and Bug Bounty Hunters!📢 🌞 Spring into Summer with Wordfence! Now through August 4, 2025, earn 2X bounty rewards forall in-scope submissions from our ‘High Threat’ list in software with fewer than 5 million active installs. Bounties up to $31,200 per...

Recently Disclosed SureTriggers Critical Privilege Escalation Vulnerability Under Active Exploitation

On May 2nd, 2025 the Wordfence Threat Intelligence team added a new critical vulnerability to the Wordfence Intelligence vulnerability database in the OttoKit: All-in-One Automation Platform Formerly SureTriggers plugin publicly disclosed by a third-party CNA on April 30th, 2025. This vulnerabili...

WordPress Core Cross Site Scripting / SQL Injection

Description: SQL Injection via Links LIMIT clause Affected Versions: WordPress Core 6.0.2 Researcher: FVD CVE ID: Pending CVSS Score: 8.0 High CVSS Vector:CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H Fully Patched Version: 6.0.2 The WordPress Link functionality, previously known as “Bookmarks”, i...

WordPress Core 6.0.2 Security & Maintenance Release – What You Need to Know

On August 30, 2022, the WordPress core team released WordPress version 6.0.2, which contains patches for 3 vulnerabilities, including a High Severity SQLi vulnerability in the Links functionality as well as two Medium Severity Cross-Site Scripting vulnerabilities. These patches have been backport...

WordPress Wordfence Firewall 5.1.2 Cross Site Scripting

WordPress Wordfence Firewall plugin version 5.1.2 suffers from a cross site scripting vulnerability. =============================================== Product: Wordfence Firewall Plugin For Wordpress Vendor: Wordfence Vulnerable Versions: 5.1.2 Tested Version: 5.1.2 Advisory Publication: June 30,...

WordPress Wordfence Firewall 5.1.2 Cross Site Scripting Vulnerability

WordPress Wordfence Firewall plugin version 5.1.2 suffers from a cross site scripting vulnerability. Product: Wordfence Firewall Plugin For Wordpress Vendor: Wordfence Vulnerable Versions: 5.1.2 Tested Version: 5.1.2 Advisory Publication: June 30, 2014 without technical details Vendor Notificatio...