Wordfence Intelligence Weekly WordPress Vulnerability Report (March 16, 2026 to March 22, 2026)

Last week, there were 266 vulnerabilities disclosed in 220 WordPress Plugins and 30 WordPress Themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 95 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilitie...

Wordfence Intelligence Weekly WordPress Vulnerability Report (March 9, 2026 to March 15, 2026)

Last week, there were 116 vulnerabilities disclosed in 78 WordPress Plugins and 19 WordPress Themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 66 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities...

Wordfence Intelligence Weekly WordPress Vulnerability Report (March 2, 2026 to March 8, 2026)

Last week, there were 199 vulnerabilities disclosed in 84 WordPress Plugins and 107 WordPress Themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 59 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilitie...

Wordfence Intelligence Weekly WordPress Vulnerability Report (February 23, 2026 to March 1, 2026)

Triple Threat Bug Bounty Challenge Hunt High Threat vulnerabilities and earn triple the incentives! Now through April 6, 2026 , earn three stacked bonuses on all valid submissions from our 'High Threat Vulnerabilities' list: 2x all high threat vulnerability bounties excluding 5,000,000+ installs...

Wordfence Intelligence Weekly WordPress Vulnerability Report (February 16, 2026 to February 22, 2026)

Triple Threat Bug Bounty Challenge Hunt High Threat vulnerabilities and earn triple the incentives! Now through April 6, 2026 , earn three stacked bonuses on all valid submissions from our 'High Threat Vulnerabilities' list: 2x all high threat vulnerability bounties excluding 5,000,000+ installs...

Wordfence Intelligence Weekly WordPress Vulnerability Report (October 27, 2025 to November 2, 2025)

Calling all Vulnerability Researchers and Bug Bounty Hunters! Operation: Maximum Impact Challenge ! Now through November 10, 2025, earn 2X bounty rewards forall in-scope submissions in software with at least 5,000 active installs and fewer than 5 million active installs. Bounties up to $31,200 pe...

Wordfence Intelligence Weekly WordPress Vulnerability Report (September 29, 2025 to October 5, 2025)

Calling all Vulnerability Researchers and Bug Bounty Hunters! Operation: Maximum Impact Challenge ! Now through November 10, 2025, earn 2X bounty rewards forall in-scope submissions in software with at least 5,000 active installs and fewer than 5 million active installs. Bounties up to $31,200 pe...

Wordfence Intelligence Weekly WordPress Vulnerability Report (September 15, 2025 to September 21, 2025)

Calling all Vulnerability Researchers and Bug Bounty Hunters! Operation: Maximum Impact Challenge ! Now through November 10, 2025, earn 2X bounty rewards forall in-scope submissions in software with at least 5,000 active installs and fewer than 5 million active installs. Bounties up to $31,200 pe...

Wordfence Intelligence Weekly WordPress Vulnerability Report (July 28, 2025 to August 3, 2025)

Calling all Vulnerability Researchers and Bug Bounty Hunters! Spring into Summer with Wordfence! Now through September 4, 2025, earn 2X bounty rewards forall in-scope submissions from our 'High Threat' list in software with fewer than 5 million active installs. Bounties up to $31,200 per...

Wordfence Intelligence Weekly WordPress Vulnerability Report (November 4, 2024 to November 10, 2024)

Calling all superheroes and hunters! Introducing the End of Year Holiday Extravaganza and the WordPress Superhero Challenge for the Wordfence Bug Bounty Program! Through December 9th, 2024: All in-scope vulnerability types for WordPress plugins/themes with = 1,000 active installations are in-scop...

Wrap Up the Year with the Biggest Scope and Rewards Yet: Join the Wordfence Bug Bounty Program End of Year Holiday Extravaganza!

The holidays are here, and so is your chance to earn big while helping secure the WordPress ecosystem! For all submissions to our Bug Bounty Program from November 12, 2024, to December 9, 2024 , we’re rolling out our End of Year Holiday Extravaganza promotion to give back to our security...

Over 40,000 WordPress Sites Affected by Privilege Escalation Vulnerability Patched in Post Grid and Gutenberg Blocks Plugin

📢 Did you know Wordfence runs aBug Bounty Program for all WordPress plugins and themes at no cost to vendors? Through October 7th, 2024, XSS vulnerabilities in all plugins and themes with =1,000 Active Installs are in scope for all researchers. In addition, through October 14th, 2024 , r esearche...

XWiki extension license information is public, exposing instance id and license holder details

Impact The licensor application includes the document Licenses.Code.LicenseJSON that provides information for admins regarding active licenses. This document is public and thus exposes this information publicly. The information includes the instance's id as well as first and last name and email o...

WordPress GigPress 2.3.8 SQL Injection Vulnerability

WordPress GigPress plugin version 2.3.8 suffers from a remote SQL injection vulnerability. Title: SQLi vulnerabilities in WordPress plugin "GigPress" Author: Adrián M. F. - adrimf85atgmaildotcom Date: 2015-05-25 Vendor Homepage: https://wordpress.org/plugins/gigpress/ Active installs: 20,000+...