Wordfence Intelligence Weekly WordPress Vulnerability Report (February 9, 2026 to February 15, 2026)

Triple Threat Bug Bounty Challenge Hunt High Threat vulnerabilities and earn triple the incentives! Now through April 6, 2026 , earn three stacked bonuses on all valid submissions from our ' High Threat Vulnerabilities' list: 2x all high threat vulnerability bounties excluding 5,000,000+ installs...

Wordfence Intelligence Weekly WordPress Vulnerability Report (November 10, 2025 to November 16, 2025)

Calling all Vulnerability Researchers and Bug Bounty Hunters! The LFInder Challenge:Refine your LFI hunting skills with an expanded scope. Now through November 24, 2025, all LFI vulnerabilities in software with at least 25 active installs are considered in-scope for all researchers, regardless of...

Wordfence Intelligence Weekly WordPress Vulnerability Report (November 3, 2025 to November 9, 2025)

Calling all Vulnerability Researchers and Bug Bounty Hunters! The LFInder Challenge:Refine your LFI hunting skills with an expanded scope. Now through November 24, 2025, all LFI vulnerabilities in software with at least 25 active installs are considered in-scope for all researchers, regardless of...

Wordfence Intelligence Weekly WordPress Vulnerability Report (October 20, 2025 to October 26, 2025)

Calling all Vulnerability Researchers and Bug Bounty Hunters! Operation: Maximum Impact Challenge ! Now through November 10, 2025, earn 2X bounty rewards forall in-scope submissions in software with at least 5,000 active installs and fewer than 5 million active installs. Bounties up to $31,200 pe...

Wordfence Intelligence Weekly WordPress Vulnerability Report (September 29, 2025 to October 5, 2025)

Calling all Vulnerability Researchers and Bug Bounty Hunters! Operation: Maximum Impact Challenge ! Now through November 10, 2025, earn 2X bounty rewards forall in-scope submissions in software with at least 5,000 active installs and fewer than 5 million active installs. Bounties up to $31,200 pe...

EUVD-2025-26942

Malicious code in bioql PyPI...

CVE-2025-58835

Improper Validation of Specified Quantity in Input vulnerability in calliko Bonus for Woo bonus-for-woo allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Bonus for Woo: from n/a through = 7.6.6...

CVE-2025-58835

Improper Validation of Specified Quantity in Input vulnerability in calliko Bonus for Woo bonus-for-woo allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Bonus for Woo: from n/a through = 7.6.6...

CVE-2025-58835

CVE-2025-58835 concerns Bonus for Woo (WordPress) with improper validation of a specified quantity in input, enabling access to functionality not properly constrained by ACLs. Affected versions are n/a through 7.4.1. Public sources indicate remediation via upgrading to a newer version (per PT-202...

CVE-2025-58835 WordPress Bonus for Woo plugin <= 7.6.6 - Other vulnerability Type vulnerability

Improper Validation of Specified Quantity in Input vulnerability in calliko Bonus for Woo bonus-for-woo allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Bonus for Woo: from n/a through = 7.6.6...

CVE-2025-58835 WordPress Bonus for Woo plugin <= 7.6.6 - Other vulnerability Type vulnerability

Improper Validation of Specified Quantity in Input vulnerability in calliko Bonus for Woo bonus-for-woo allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Bonus for Woo: from n/a through = 7.6.6...

WordPress Bonus for Woo plugin <= 7.6.6 - Other Vulnerability Type vulnerability

Other Vulnerability Type vulnerability discovered by Martino Spagnuolo r3verii in WordPress Plugin Bonus for Woo versions = 7.6.6...

PT-2025-36174

Name of the Vulnerable Software and Affected Versions: Bonus for Woo versions n/a through 7.4.1 Description: An improper validation of the specified quantity in input exists in Bonus for Woo, potentially allowing access to functionality not properly constrained by Access Control Lists ACLs...

WordPress plugin Bonus for Woo 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

MAL-2025-41841 Malicious code in @espace-client-axafr/bonus-euro-plus (npm)

The package communicates with a domain associated with malicious activity...

Malicious code in @espace-client-axafr/bonus-euro-plus (npm)

The package communicates with a domain associated with malicious activity...

WordPress SQLsplorer Challenge: Bigger Scope and Bounties for All Researchers in the Wordfence Bug Bounty Program

From now through September 22, 2025 , we’re running our SQLsplorer Challenge , focused on SQL Injection vulnerabilities. During this challenge, we’re expanding the scope of the Wordfence Bug Bounty Program to encourage deeper research into SQL Injection vulnerabilities and broader participation...

CVE-2023-5140

The Bonus for Woo WordPress plugin before 5.8.3 does not sanitise and escape some parameters before outputting them back in pages, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

CVE-2025-32809

W. W. Norton InQuizitive through 2025-04-08 allows students to conduct stored XSS attacks against educators via a bonus description, feedback.choicefb, or questionid...

CVE-2025-32809

InQuizitive (W. W. Norton) is affected by CVE-2025-32809 through 2025-04-08, which allows stored cross-site scripting via user-supplied data in bonus description, feedback.choice_fb[], or question_id. The issue is described across multiple sources as a stored XSS vulnerability; exploitation appea...