Attackers Actively Exploiting Critical Vulnerability in Everest Forms Pro Plugin

On March 30th, 2026, we publicly disclosed a critical Remote Code Execution vulnerability in Everest Forms Pro, a WordPress plugin with an estimated 4,000 active installations. This vulnerability can be leveraged by unauthenticated attackers to execute arbitrary PHP code on the server, leading to...

PT-2026-26574

Name of the Vulnerable Software and Affected Versions Content Visibility for Divi Builder version 4.01 Description A contributor-controlled expression reaches the eval function through real feature paths. More than 2,000 active installations are reported. Recommendations At the moment, there is n...

Over 100,000 WordPress Sites at Risk from Critical CVSS 10.0 Vulnerability in Wishlist Plugin

Cybersecurity researchers have disclosed a critical unpatched security flaw impacting TI WooCommerce Wishlist plugin for WordPress that could be exploited by unauthenticated attackers to upload arbitrary files. TI WooCommerce Wishlist, which has over 100,000 active installations, is a tool to all...

Get Spooked By Huge Scope and Rewards in the Wordfence Bug Bounty Cybersecurity Month Spooktacular Haunt!

Calling all vulnerability researchers! Get ready to immerse yourselves in the world of WordPress security with the Wordfence Cybersecurity Month Spooktacular Haunt , running from now through November 11th, 2024! What's Happening During This Cybersecurity Month Spooktacular Haunt? In celebration o...

Earn Up to $31,200 Per Vulnerability: Introducing the WordPress Bug Bounty Superhero Challenge!

Today, we’re incredibly excited to launch a new challenge for the Wordfence Bug Bounty Program: the WordPress Superhero Challenge! Through October 14th, we’re introducing a new active installation count range for our bounties for plugins and themes with 5,000,000+ active installations and we are...

Hackers Exploit Zero-Day in WordPress BackupBuddy Plugin in ~5 Million Attempts

A zero-day flaw in a WordPress plugin called BackupBuddy is being actively exploited, WordPress security company Wordfence has disclosed. "This vulnerability makes it possible for unauthenticated users to download arbitrary files from the affected site which can include sensitive information," it...

Critical Bug in WordPress Theme Plugin Opens 200,000 Sites to Hackers

A popular WordPress theme plugin with over 200,000 active installations contains a severe but easy-to-exploit software vulnerability that, if left unpatched, could let unauthenticated remote attackers compromise a wide range of websites and blogs. The vulnerable plugin in question is 'ThemeGrill...

CVE-2018-15877

The Plainview Activity Monitor plugin before 20180826 for WordPress is vulnerable to OS command injection via shell metacharacters in the ip parameter of a wp-admin/admin.php?page=plainviewactivitymonitor&tab=activitytools request. Recent assessments: cdelafuente-r7 at November 27, 2019 2:59pm UT...

WordPress File Upload Plugin 4.3.3 - Stored Cross Site Scripting Vulnerability

Exploit for php platform in category web applications Exploit Title: WordPress Plugin WordPress File Upload 4.3.3 - Stored XSS Exploit Author: ManhNho Vendor Homepage: https://www.iptanus.com/ Software Link: https://downloads.wordpress.org/plugin/wp-file-upload.zip Version: 4.3.3 Tested on: Windo...

WordPress Poll Widget 1.0.7 SQL Injection

Exploit Title : wordpress poll widget version 1.0.7 SQL Injection vulnerability Author : WICS Date : 7/12/2015 Software Link : https://wordpress.org/plugins/polls-widget/ Affected Version: 1.0.7 and below Overview: Poll widget is wordpress plugin which provide fancy user Polling layout to website...

Multiple PHP Vulnerabilities - Remote Compromise Exploit in Circulation

Internet Security Systems Security Alert February 27, 2002 Multiple PHP Vulnerabilities: Remote Compromise Exploit in Circulation Synopsis: ISS X-Force has learned of multiple buffer overflow vulnerabilities present in the PHP Hypertext Preprocessor scripting language. PHP is a popular server-sid...