Lucene search
K

689 matches found

Wordfence Blog
Wordfence Blog
added 4 days ago8 views

Wordfence Intelligence Weekly WordPress Vulnerability Report (June 29, 2026 to July 5, 2026)

Last week, there were 246 vulnerabilities disclosed in 179 WordPress Plugins and 40 WordPress Themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 100 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabiliti...

6.3AI score
Exploits0
Wordfence Blog
Wordfence Blog
added 2026/06/25 7:2 p.m.29 views

Wordfence Intelligence Weekly WordPress Vulnerability Report (June 15, 2026 to June 21, 2026)

Last week, there were 146 vulnerabilities disclosed in 127 WordPress Plugins and 1 WordPress Theme that have been added to the Wordfence Intelligence Vulnerability Database, and there were 85 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities ...

6.3AI score
Exploits0
Wordfence Blog
Wordfence Blog
added 2026/06/18 5:31 p.m.17 views

Wordfence Intelligence Weekly WordPress Vulnerability Report (June 8, 2026 to June 14, 2026)

Last week, there were 102 vulnerabilities disclosed in 90 WordPress Plugins and 5 WordPress Themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 68 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities ...

6.1AI score
Exploits0
Wordfence Blog
Wordfence Blog
added 2026/06/18 4:42 p.m.8 views

Critical Unauthenticated Arbitrary File Deletion Vulnerability Patched in Avada Builder WordPress Plugin

On May 13th, 2026, we received a submission for a critical Unauthenticated Arbitrary File Deletion vulnerability in Avada Builder, a premium WordPress plugin with an estimated 1,000,000 active installations. This vulnerability makes it possible for unauthenticated attackers to delete arbitrary...

9.1CVSS6.6AI score0.01193EPSS
Exploits1
Wordfence Blog
Wordfence Blog
added 2026/06/11 5:13 p.m.73 views

Wordfence Intelligence Weekly WordPress Vulnerability Report (June 1, 2026 to June 7, 2026)

Last week, there were 160 vulnerabilities disclosed in 143 WordPress Plugins and 2 WordPress Themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 97 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities...

6.3AI score
Exploits0
Positive Technologies
Positive Technologies
added 2026/06/11 12:0 a.m.14 views

PT-2026-48751

Unauthenticated Cross Site Scripting XSS in WP Google Review Slider = 18.0 versions...

6.3CVSS5.1AI score0.00175EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/11 12:0 a.m.17 views

PT-2026-48750

Unauthenticated Broken Authentication in Booknetic = 4.8.5 versions...

8.1CVSS5.2AI score0.00322EPSS
Exploits0References3
Wordfence Blog
Wordfence Blog
added 2026/06/04 9:5 p.m.49 views

Quarterly WordPress Threat Intelligence Report – Q1 2026

As the leader in WordPress security, Wordfence provides unparalleled security coverage that fully encompasses protection, active monitoring, detection, and response all built around our threat intelligence, demonstrating a strong commitment to security. Our mission is to ensure comprehensive...

5.8AI score
Exploits0
Wordfence Blog
Wordfence Blog
added 2026/06/03 4:59 p.m.12 views

Attackers Actively Exploiting Critical Vulnerability in Everest Forms Pro Plugin

On March 30th, 2026, we publicly disclosed a critical Remote Code Execution vulnerability in Everest Forms Pro, a WordPress plugin with an estimated 4,000 active installations. This vulnerability can be leveraged by unauthenticated attackers to execute arbitrary PHP code on the server, leading to...

9.8CVSS6.7AI score0.40992EPSS
Exploits1
Wordfence Blog
Wordfence Blog
added 2026/05/29 4:23 p.m.31 views

Wordfence Bug Bounty Program Monthly Report – March 2026

In March 2026, the Wordfence Bug Bounty Program received 1718 vulnerability submissions from our growing community of security researchers working to improve the overall security posture of the WordPress ecosystem. These submissions are reviewed, triaged, and processed by the Wordfence Threat...

6.2AI score
Exploits0
Wordfence Blog
Wordfence Blog
added 2026/05/12 9:19 p.m.12 views

1,000,000 WordPress Sites Affected by Arbitrary File Read and SQL Injection Vulnerabilities in Avada Builder WordPress Plugin

On March 21st, 2026, we received a submission for an Arbitrary File Read and an SQL Injection vulnerability in Avada Builder, a WordPress plugin with an estimated 1,000,000 active installations. The arbitrary file read vulnerability can be used by authenticated attackers, with subscriber-level...

7.5CVSS6.5AI score0.00511EPSS
Exploits1
Wordfence Blog
Wordfence Blog
added 2026/04/16 5:50 p.m.18 views

Attackers Actively Exploiting Critical Vulnerability in Ninja Forms – File Upload Plugin

On April 6th, 2026, we publicly disclosed a critical Arbitrary File Upload vulnerability in Ninja Forms – File Upload, a WordPress plugin with an estimated 50,000 active installations. This vulnerability can be leveraged by unauthenticated attackers to upload arbitrary files, including PHP...

9.8CVSS8AI score0.54254EPSS
Exploits7
Wordfence Blog
Wordfence Blog
added 2026/04/16 4:45 p.m.9 views

Wordfence Intelligence Weekly WordPress Vulnerability Report (April 6, 2026 to April 12, 2026)

Last week, there were 157 vulnerabilities disclosed in 141 WordPress Plugins and 23 WordPress Themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 79 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilitie...

6AI score
Exploits0
Patchstack
Patchstack
added 2026/04/13 10:57 a.m.7 views

WordPress Optimole plugin <= 4.2.3 - Reflected Cross-Site Scripting via Page Profiler URL vulnerability

Reflected Cross-Site Scripting via Page Profiler URL vulnerability discovered by WordFence in WordPress Plugin Optimole versions = 4.2.3...

6.1CVSS5.8AI score0.00495EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/04/10 9:26 a.m.5 views

WordPress Quick Playground plugin <= 1.3.1 - Missing Authorization to Unauthenticated Arbitrary File Upload vulnerability

Missing Authorization to Unauthenticated Arbitrary File Upload vulnerability discovered by WordFence in WordPress Plugin Quick Playground versions = 1.3.1...

9.8CVSS5.8AI score0.03092EPSS
Exploits3References1Affected Software1
Patchstack
Patchstack
added 2026/04/09 11:48 p.m.6 views

WordPress Ultimate FAQ Accordion Plugin plugin <= 2.4.7 - Authenticated (Author+) Stored Cross-Site Scripting via FAQ Content vulnerability

Authenticated Author+ Stored Cross-Site Scripting via FAQ Content vulnerability discovered by WordFence in WordPress Plugin Ultimate FAQ versions = 2.4.7...

6.4CVSS5.9AI score0.00227EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/04/07 3:28 a.m.10 views

WordPress WPFunnels plugin <= 3.7.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'wpf_optin_form' Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'wpfoptinform' Shortcode vulnerability discovered by Paolo Tresso - Wordfence in WordPress Plugin WPFunnels versions = 3.7.9...

6.4CVSS5.9AI score0.00199EPSS
Exploits0References1Affected Software1
Wordfence Blog
Wordfence Blog
added 2026/03/31 6:24 p.m.10 views

Wordfence Bug Bounty Program Monthly Report – February 2026

Last month in February 2026, the Wordfence Bug Bounty Program received 1078 vulnerability submissions from our growing community of security researchers working to improve the overall security posture of the WordPress ecosystem. These submissions are reviewed, triaged, and processed by the...

6AI score
Exploits0
Wordfence Blog
Wordfence Blog
added 2026/03/12 7:0 p.m.13 views

Wordfence Intelligence Weekly WordPress Vulnerability Report (March 2, 2026 to March 8, 2026)

Last week, there were 199 vulnerabilities disclosed in 84 WordPress Plugins and 107 WordPress Themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 59 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilitie...

9.9CVSS7.5AI score0.25532EPSS
Exploits7
Wordfence Blog
Wordfence Blog
added 2026/03/10 4:34 p.m.12 views

400,000 WordPress Sites Affected by Unauthenticated SQL Injection Vulnerability in Ally WordPress Plugin

On February 4th, 2026, we received a submission for an SQL Injection vulnerability in Ally, a WordPress plugin estimated to have more than 400,000 active installations. This vulnerability can be leveraged to extract sensitive data from the database, such as password hashes. Props to Drew Webber...

7.5CVSS7AI score0.02289EPSS
Exploits1
Rows per page
Query Builder