Wordfence Intelligence Weekly WordPress Vulnerability Report (May 18, 2026 to May 24, 2026)

Last week, there were 101 vulnerabilities disclosed in 88 WordPress Plugins and 1 WordPress Theme that have been added to the Wordfence Intelligence Vulnerability Database, and there were 69 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities i...

New AI Usage Report: Enterprise AI Risk Is Heavily Concentrated Among a Small Group of AI "Power users"

State of AI Usage Report 2026 full report here by LayerX Security reveals the extent of the enterprise AI visibility gap and why most organizations still don't understand where their AI exposure is actually coming from. The research shows that enterprise AI risk is not distributed evenly across...

rt-toolkit

Red Team Toolkit Curated operator catalog for red team enga...

CVE-2026-43000

creationtimestamp| type| source ---|---|--- 2026-05-15 04:15:00+00:00| seen| https://www.cert.se/2026/05/cert-se-veckobrev-v20.html 2026-05-28 21:13:02+00:00| seen| https://bsky.app/profile/infosec.skyfleet.blue/post/3mmwwsrnh6g2z...

Wordfence Intelligence Weekly WordPress Vulnerability Report (April 27, 2026 to May 3, 2026)

Last week, there were 87 vulnerabilities disclosed in 198 WordPress Plugins and 5 WordPress Themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 61 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities ...

Wordfence Intelligence Weekly WordPress Vulnerability Report (April 20, 2026 to April 26, 2026)

Last week, there were 158 vulnerabilities disclosed in 123 WordPress Plugins and 27 WordPress Themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 69 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilitie...

Integrating Log-Based Security Analytics in Agile Workflows: A Real-World Experience Report

Modern organizations increasingly rely on log data and monitoring signals to protect products against account takeovers and abuse, yet integrating security analytics into fast-moving Agile workflows remains challenging. While it is important to understand how security practices are developed and...

Wordfence Intelligence Weekly WordPress Vulnerability Report (April 13, 2026 to April 19, 2026)

Last week, there were 139 vulnerabilities disclosed in 118 WordPress Plugins and 10 WordPress Themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 85 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilitie...

PT-2026-35169

Name of the Vulnerable Software and Affected Versions bubblewrap versions 0.11.0 through 0.11.1 Description Privilege escalation is possible if the software is installed as setuid root, occurring via ptrace a system call used for process tracing and debugging. Recommendations Update to version...

Modeling Sparse and Bursty Vulnerability Sightings: Forecasting under Data Constraints

Understanding and anticipating vulnerability-related activity is a major challenge in cyber threat intelligence. This work investigates whether vulnerability sightings, such as proof-of-concept releases, detection templates, or online discussions, can be forecast over time. Building on our earlie...

Wordfence Intelligence Weekly WordPress Vulnerability Report (March 30, 2026 to April 5, 2026)

Last week, there were 56 vulnerabilities disclosed in 50 WordPress Plugins that have been added to the Wordfence Intelligence Vulnerability Database, and there were 38 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities in this report now to...

Wordfence Intelligence Weekly WordPress Vulnerability Report (January 26, 2026 to February 1, 2026)

Did you know Wordfence runs aBug Bounty Program for all WordPress plugin and themes at no cost to vendors? Researchers can earn up to $31,200 per vulnerability , for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find a vulnerability, submit the details directly to us, and we...

Wordfence Intelligence Weekly WordPress Vulnerability Report (January 19, 2026 to January 25, 2026)

Did you know Wordfence runs aBug Bounty Program for all WordPress plugin and themes at no cost to vendors? Researchers can earn up to $31,200 per vulnerability , for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find a vulnerability, submit the details directly to us, and we...

Years-Old Vulnerable Apache Struts 2 Versions See 387K Weekly Downloads

Over 387,000 users downloaded vulnerable Apache Struts versions this week. Exclusive Sonatype research reveals a high-risk flaw found by AI. Is your system at risk?...

CVE-2025-12186

The Weekly Planner plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions an...

CVE-2025-12186

The Weekly Planner plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions an...

CVE-2025-12186 Weekly Planner <= 1.0 - Authenticated (Admin+) Stored Cross-Site Scripting

The Weekly Planner plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions an...

EUVD-2025-201361

The Weekly Planner plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions an...

CVE-2025-12186 Weekly Planner <= 1.0 - Authenticated (Admin+) Stored Cross-Site Scripting

The Weekly Planner plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions an...

CVE-2025-12186

CVE-2025-12186 (Weekly Planner WordPress plugin) is a stored XSS vulnerability affecting Weekly Planner versions up to 1.0. The flaw arises from insufficient input sanitization and output escaping in admin/settings, enabling authenticated attackers with administrator-level privileges (including m...