Lucene search
K
WordfenceMost viewed

522 matches found

Wordfence Blog
Wordfence Blog
added 2023/07/11 5:42 p.m.13 views

Dissecting a Clever Malware Sample for Optimized Detection and Protection

As part of our product lineup, we offer security monitoring and malware removal services to our Wordfence Care and Response customers. In case of a security incident, our incident response team will investigate the root cause, find and remove malware from your site, and help with other...

7.3AI score
Exploits0
Wordfence Blog
Wordfence Blog
added 2021/11/24 8:41 p.m.13 views

AWS Attacks Targeting WordPress Increase 5X

The Wordfence Threat Intelligence team has been tracking a huge increase in malicious login attempts against WordPress sites in our network. Since November 17, 2021, the number of attacks targeting login pages has doubled. We’ve seen a global increase in attacks against WordPress sites during the...

7.2AI score
Exploits0
Wordfence Blog
Wordfence Blog
added 2021/10/28 2:3 p.m.13 views

PSA: Widespread Remote Working Scam Underway

Ive just gotten off the phone with a victim of the scam that Im about to describe. This is impacting a lot of folks, so please do spread the word. Its infuriating. Ill be around to reply to your comments below, but please do not engage in victim-blaming, because until youve actually been hit by o...

6.8AI score
Exploits0
Wordfence Blog
Wordfence Blog
added 2021/07/15 3:46 p.m.13 views

Critical SQL Injection Vulnerability Patched in WooCommerce

Update: The article originally credited Tommy DeVoss dawgyg for the discovery. Weve since been contacted by Tommy, who let us know that the credit should go to another researcher, Josh from DOS Development Operations Security On July 14, 2021, WooCommerce released an emergency patch for a SQL...

8.4AI score
Exploits0
Wordfence Blog
Wordfence Blog
added 2021/07/13 8:42 p.m.13 views

Common WordPress Vulnerabilities and Prevention Through Secure Coding Best Practices

WordPress has experienced exponential growth in the past several years and now holds over 42% of the CMS market share for all major sites. There are over 50,000 plugins available to download in the WordPress repository. That does not include the thousands of premium or open source plugins availab...

6.9AI score
Exploits0
Wordfence Blog
Wordfence Blog
added 2026/06/03 4:59 p.m.12 views

Attackers Actively Exploiting Critical Vulnerability in Everest Forms Pro Plugin

On March 30th, 2026, we publicly disclosed a critical Remote Code Execution vulnerability in Everest Forms Pro, a WordPress plugin with an estimated 4,000 active installations. This vulnerability can be leveraged by unauthenticated attackers to execute arbitrary PHP code on the server, leading to...

9.8CVSS6.7AI score0.40992EPSS
Exploits1
Wordfence Blog
Wordfence Blog
added 2026/06/02 4:36 p.m.12 views

Attackers Actively Exploiting Critical Vulnerability in Burst Statistics Plugin

On May 13th, 2026, we publicly disclosed a critical Authentication Bypass vulnerability in Burst Statistics, a WordPress plugin with 200,000 active installations. This vulnerability can be leveraged by unauthenticated attackers, with knowledge of an administrator username, to impersonate that...

9.8CVSS5.8AI score0.14608EPSS
Exploits10
Wordfence Blog
Wordfence Blog
added 2026/05/12 9:19 p.m.12 views

1,000,000 WordPress Sites Affected by Arbitrary File Read and SQL Injection Vulnerabilities in Avada Builder WordPress Plugin

On March 21st, 2026, we received a submission for an Arbitrary File Read and an SQL Injection vulnerability in Avada Builder, a WordPress plugin with an estimated 1,000,000 active installations. The arbitrary file read vulnerability can be used by authenticated attackers, with subscriber-level...

7.5CVSS6.5AI score0.00511EPSS
Exploits1
Wordfence Blog
Wordfence Blog
added 2026/03/10 4:34 p.m.12 views

400,000 WordPress Sites Affected by Unauthenticated SQL Injection Vulnerability in Ally WordPress Plugin

On February 4th, 2026, we received a submission for an SQL Injection vulnerability in Ally, a WordPress plugin estimated to have more than 400,000 active installations. This vulnerability can be leveraged to extract sensitive data from the database, such as password hashes. Props to Drew Webber...

7.5CVSS7AI score0.02289EPSS
Exploits1
Wordfence Blog
Wordfence Blog
added 2025/12/19 5:57 p.m.12 views

Wordfence Intelligence Weekly WordPress Vulnerability Report (December 8, 2025 to December 14, 2025)

Last week, there were 246 vulnerabilities disclosed in 226 WordPress Plugins and 9 WordPress Themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 81 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities...

9.8CVSS6.2AI score0.02056EPSS
Exploits2
Wordfence Blog
Wordfence Blog
added 2025/12/03 5:10 p.m.12 views

Attackers Actively Exploiting Critical Vulnerability in Sneeit Framework Plugin

On June 10th, 2025, we received a submission for a Remote Code Execution vulnerability in Sneeit Framework, a WordPress plugin with an estimated 1,700 active installations. The plugin is bundled in multiple premium themes. This vulnerability can be leveraged to execute code remotely. The vendor...

9.8CVSS9AI score0.43399EPSS
Exploits3
Wordfence Blog
Wordfence Blog
added 2025/12/02 5:31 p.m.12 views

Attackers Actively Exploiting Critical Vulnerability in King Addons for Elementor Plugin

On July 24th, 2025, we received a submission for a Privilege Escalation vulnerability in King Addons for Elementor, a WordPress plugin with more than 10,000 active installations. This vulnerability makes it possible for an unauthenticated attacker to grant themselves administrative privileges by...

9.8CVSS7AI score0.09142EPSS
Exploits4
Wordfence Blog
Wordfence Blog
added 2025/10/23 7:38 p.m.12 views

Mass Exploit Campaign Targeting Arbitrary Plugin Installation Vulnerabilities

📢 Calling all Vulnerability Researchers and Bug Bounty Hunters!📢 🚀 Operation: Maximum Impact Challenge ! Now through November 10, 2025, earn 2X bounty rewards forall in-scope submissions in software with at least 5,000 active installs and fewer than 5 million active installs. Bounties up to $31,2...

9.8CVSS9.5AI score0.54754EPSS
Exploits10
Wordfence Blog
Wordfence Blog
added 2025/08/11 4:26 p.m.12 views

40,000 WordPress Sites Affected by Arbitrary File Read Vulnerability in UiCore Elements WordPress Plugin

📢 Calling all Vulnerability Researchers and Bug Bounty Hunters!📢 🌞 Spring into Summer with Wordfence! Now through September 4, 2025, earn 2X bounty rewards forall in-scope submissions from our ‘High Threat’ list in software with fewer than 5 million active installs. Bounties up to $31,200 per...

7.5CVSS8AI score0.00474EPSS
Exploits1
Wordfence Blog
Wordfence Blog
added 2025/07/29 2:24 p.m.12 views

Attackers Actively Exploiting Critical Vulnerability in Alone Theme

📢 Calling all Vulnerability Researchers and Bug Bounty Hunters!📢 🌞 Spring into Summer with Wordfence! Now through August 4, 2025, earn 2X bounty rewards forall in-scope submissions from our ‘High Threat’ list in software with fewer than 5 million active installs. Bounties up to $31,200 per...

9.8CVSS7.7AI score0.47529EPSS
Exploits3
Wordfence Blog
Wordfence Blog
added 2025/06/19 4:56 p.m.12 views

Attackers Actively Exploiting Critical Vulnerability in Motors Theme

📢 Calling all Vulnerability Researchers and Bug Bounty Hunters! 📢 🌞 Spring into Summer with Wordfence! Now through August 4, 2025, earn 2X bounty rewards forall in-scope submissions from our ‘High Threat’ list in software with fewer than 5 million active installs. Bounties up to $31,200 per...

9.8CVSS7.7AI score0.18241EPSS
Exploits3
Wordfence Blog
Wordfence Blog
added 2025/05/21 4:31 p.m.12 views

Sophisticated & Stealthy Formjacking Malware Targets E-Commerce Checkout Pages

📢In case you missed it, Wordfence just published itsannual WordPress security report for 2024. Read it now to learn more about the evolving risk landscape of WordPress so you can keep your sites protected in 2025 and beyond. The Wordfence Threat Intelligence team recently uncovered a sophisticate...

6.9AI score
Exploits0
Wordfence Blog
Wordfence Blog
added 2024/05/14 2:54 p.m.12 views

Revolutionizing WordPress Bug Bounty and Security: Latest Enhancements to the Wordfence Bug Bounty Program

We are excited to share some updates on our Bug Bounty Program today! It has been over six months since the launch of our program, during which weve awarded approximately $242,000 in bounties. Since then, our team has triaged around 2,140 vulnerability submissions, with about 1,320 deemed in-scop...

7.1AI score
Exploits0
Wordfence Blog
Wordfence Blog
added 2023/08/15 12:53 p.m.12 views

Threat Actors Using Obfuscation in Attempt to Evade Detection

As part of our product lineup, we offer security monitoring and malware removal services to our Wordfence Care and Response customers. In the event of a security incident, our incident response team will investigate the root cause, find and remove malware from your site, and help with other...

7.4AI score
Exploits0
Wordfence Blog
Wordfence Blog
added 2023/01/24 4:6 p.m.12 views

The Wordfence 2022 State of WordPress Security Report

Today, the Wordfence Threat Intelligence team is releasing our 2022 State of WordPress Security Report as a free White Paper. In our report, we look at changes in the threat landscape, analyze impactful trends, and provide recommendations based on our findings. While most of our recommendations...

0.9AI score
Exploits0
Wordfence Blog
Wordfence Blog
added 2022/12/20 4:25 p.m.12 views

How Much is Your Hacked Site Worth?

The Wordfence Threat Intelligence team has recently concluded an investigation of online marketplaces, colloquially known as “shops” by threat actors, selling access to compromised services. While contemporary threat actors primarily coordinate and conduct business through Telegram channels,...

1.2AI score
Exploits0
Wordfence Blog
Wordfence Blog
added 2022/12/12 5:28 p.m.12 views

Spikes in Attacks Serve as a Reminder to Update Plugins

The Wordfence Threat Intelligence team continually monitors trends in the attack data we collect. Occasionally an unusual trend will arise from this data, and we have spotted one such trend standing out over the Thanksgiving holiday in the U.S. and the first weekend in December. Attack attempts...

Exploits0
Wordfence Blog
Wordfence Blog
added 2022/11/15 5:0 p.m.12 views

Not Just for the Government: Using the NIST Framework to Secure WordPress

When setting up a WordPress website, it is easy to focus on the look and feel of the website, while overlooking the important aspect of security. This makes sense, because the security of a website is largely invisible until something goes wrong. Installing a cybersecurity plugin like Wordfence...

7.4AI score
Exploits0
Wordfence Blog
Wordfence Blog
added 2022/10/25 4:6 p.m.12 views

Wordfence Intelligence Launches New Malware Hash Feed!

Today, the Wordfence team is launching a Malware Hash Feed as part of our Wordfence Intelligence API. This gives our Enterprise users another way to rapidly and definitively identify malware targeting web applications. As the world’s foremost WordPress security provider, Wordfence has an expertly...

7.1AI score
Exploits0
Wordfence Blog
Wordfence Blog
added 2021/08/13 9:50 p.m.12 views

WordPress Malware Camouflaged As Code

In today’s post we discuss emerging techniques that attackers are using to hide the presence of malware. In the example we discuss below, the attacker’s goal is to make everything look routine to an analyst so that they do not dig deeper and discover the presence of malware and what it is doing. ...

7.5AI score
Exploits0
Wordfence Blog
Wordfence Blog
added 2026/04/23 3:44 p.m.11 views

Wordfence Intelligence Weekly WordPress Vulnerability Report (April 13, 2026 to April 19, 2026)

Last week, there were 139 vulnerabilities disclosed in 118 WordPress Plugins and 10 WordPress Themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 85 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilitie...

6AI score
Exploits0
Wordfence Blog
Wordfence Blog
added 2026/03/09 5:13 p.m.11 views

30,000 WordPress Sites Affected by Authentication Bypass Vulnerability in Tutor LMS Pro WordPress Plugin

On December 30th, 2025, we received a submission for an Authentication Bypass vulnerability in Tutor LMS Pro, a WordPress plugin estimated to have more than 30,000 active installations. The vulnerability makes it possible for an unauthenticated attacker to gain access to any account on a site...

9.8CVSS7AI score0.00655EPSS
Exploits0
Wordfence Blog
Wordfence Blog
added 2025/10/29 3:46 p.m.11 views

Rogue WordPress Plugin Conceals Multi-Tiered Credit Card Skimmers in Fake PNG Files

The Wordfence Threat Intelligence Team recently discovered a sophisticated malware campaign targeting WordPress e-commerce sites, specifically those using the WooCommerce plugin. This malware exhibits advanced features including custom encryption methods, fake images used to conceal malicious...

7.2AI score
Exploits0
Wordfence Blog
Wordfence Blog
added 2025/08/07 4:24 p.m.11 views

Pushing Boundaries With Claude Code

Claude Code stormed onto the programming scene when Anthropic launched it in February of this year. It moved, what Andrej Karpathy has called "The Autonomy Slider" from around a three to a solid eight. What this means is that you can give Claude Code direction, it will come up with a plan to...

7AI score
Exploits0
Wordfence Blog
Wordfence Blog
added 2025/06/09 3:47 p.m.11 views

33,000 WordPress Sites Affected by Privilege Escalation Vulnerability in RealHomes WordPress Theme

🌞Spring Into Summer Challenge: Critical Threats = Critical Rewards. 🌞 🔥 Now through August 4, 2025, earn 2X bounty rewards for all in-scope submissions from our'High Threat' list in software with fewer than 5 million active installs. Submit bold. Earn big! 🔥 On May 4th, 2025, we received a...

8.8CVSS7.1AI score0.04474EPSS
Exploits1
Wordfence Blog
Wordfence Blog
added 2025/01/21 8:34 p.m.11 views

Wordfence Bug Bounty Researchers: Unlock More Earning Potential With New “Refer A Researcher” Program

Today, we at Wordfence are excited to announce a groundbreaking addition to our Wordfence Bug Bounty Program: the Refer-A-Researcher Program! Refer new researchers to our program and earn commissions when they submit valid vulnerabilities. This is a great opportunity to earn even more with the...

6.6AI score
Exploits0
Wordfence Blog
Wordfence Blog
added 2024/09/04 4:8 p.m.11 views

WordPress XSSplorer Challenge: An Expanded Scope for All Researchers in the Wordfence Bug Bounty Program

From now through October 7th, 2024, we are expanding the scope of our Bug Bounty Program to include all Cross-Site Scripting XSS vulnerabilities—both Reflected and Stored—in any WordPress plugin or theme with at least 1,000 active installations for all researchers. This temporary scope expansion...

5.8AI score
Exploits0
Wordfence Blog
Wordfence Blog
added 2023/04/14 10:17 p.m.11 views

Post Action Report: Bad Firewall Rule Released to WPEngine Customers Wednesday

On Wednesday afternoon a small percentage of WPEngine websites using a paid version of Wordfence experienced a 500 Internal Server Error or white screen on their sites due to an erroneous firewall rule that we released. If you have experienced this issue, please check your email which contains...

6.9AI score
Exploits0
Wordfence Blog
Wordfence Blog
added 2026/06/17 5:28 p.m.10 views

Attackers Actively Exploiting Sensitive Information Exposure Vulnerability in Gravity SMTP Plugin

On March 30th, 2026, we publicly disclosed a Sensitive Information Exposure vulnerability in Gravity SMTP, a WordPress plugin with an estimated 100,000 active installations. This vulnerability can be leveraged by unauthenticated attackers to retrieve detailed system configuration data and,...

7.5CVSS5.6AI score0.39704EPSS
Exploits2
Wordfence Blog
Wordfence Blog
added 2026/05/05 6:4 p.m.10 views

Attackers Actively Exploiting Critical Vulnerability in Breeze Cache Plugin

On April 22nd, 2026, we publicly disclosed a critical Arbitrary File Upload vulnerability in Breeze Cache, a WordPress plugin with an estimated 400,000 active installations. This vulnerability can be leveraged by unauthenticated attackers to upload arbitrary files, including PHP backdoors, and...

9.8CVSS6.8AI score0.36512EPSS
Exploits8
Wordfence Blog
Wordfence Blog
added 2026/03/31 6:24 p.m.10 views

Wordfence Bug Bounty Program Monthly Report – February 2026

Last month in February 2026, the Wordfence Bug Bounty Program received 1078 vulnerability submissions from our growing community of security researchers working to improve the overall security posture of the WordPress ecosystem. These submissions are reviewed, triaged, and processed by the...

6AI score
Exploits0
Wordfence Blog
Wordfence Blog
added 2026/01/07 5:25 p.m.10 views

10,000 WordPress Sites Protected Against Site Reset and Privilege Escalation Vulnerability in Demo Importer Plus WordPress Plugin

On November 27th, 2025, we received a submission for a Site Reset and Privilege Escalation vulnerability in Demo Importer Plus, a WordPress plugin with more than 10,000 active installations. This vulnerability can be leveraged to trigger a full site reset and assign the administrator role to the...

8.8CVSS6AI score0.00302EPSS
Exploits1
Wordfence Blog
Wordfence Blog
added 2025/11/19 5:13 p.m.10 views

Attackers Actively Exploiting Critical Vulnerability in Post SMTP Plugin

On October 11th, 2025, we received a submission for an Account Takeover via Email Log Disclosure vulnerability in Post SMTP, a WordPress plugin with more than 400,000 active installations. This vulnerability makes it possible for an unauthenticated attacker to view email logs, including password...

9.8CVSS6.3AI score0.51507EPSS
Exploits1
Wordfence Blog
Wordfence Blog
added 2025/08/04 7:11 p.m.10 views

WordPress SQLsplorer Challenge: Bigger Scope and Bounties for All Researchers in the Wordfence Bug Bounty Program

From now through September 22, 2025 , we’re running our SQLsplorer Challenge , focused on SQL Injection vulnerabilities. During this challenge, we’re expanding the scope of the Wordfence Bug Bounty Program to encourage deeper research into SQL Injection vulnerabilities and broader participation...

8.7AI score
Exploits0
Wordfence Blog
Wordfence Blog
added 2025/06/23 3:55 p.m.10 views

A Deep Dive into a Modular Malware Family

📢 Calling all Vulnerability Researchers and Bug Bounty Hunters!📢 🌞 Spring into Summer with Wordfence! Now through August 4, 2025, earn 2X bounty rewards forall in-scope submissions from our 'High Threat' list in software with fewer than 5 million active installs. Bounties up to $31,200 per...

6.5AI score
Exploits0
Wordfence Blog
Wordfence Blog
added 2025/06/18 9:1 p.m.10 views

100,000 WordPress Sites Affected by Privilege Escalation via MCP in AI Engine WordPress Plugin

🌞Spring Into Summer Challenge: Critical Threats = Critical Rewards. 🌞 🔥 Now through August 4, 2025, earn 2X bounty rewards for all in-scope submissions from our ‘High Threat’ list in software with fewer than 5 million active installs. Submit bold. Earn big! 🔥 On May 21st, 2025, our Wordfence Thre...

8.8CVSS7.7AI score0.00617EPSS
Exploits0
Wordfence Blog
Wordfence Blog
added 2021/12/09 8:39 p.m.10 views

1.6 Million WordPress Sites Hit With 13.7 Million Attacks In 36 Hours From 16,000 IPs

Today, on December 9, 2021, our Threat Intelligence team noticed a drastic uptick in attacks targeting vulnerabilities that make it possible for attackers to update arbitrary options on vulnerable sites. This led us into an investigation which uncovered an active attack targeting over a million...

7.3AI score
Exploits0
Wordfence Blog
Wordfence Blog
added 4 days ago9 views

Wordfence Intelligence Weekly WordPress Vulnerability Report (June 29, 2026 to July 5, 2026)

Last week, there were 250 vulnerabilities disclosed in 181 WordPress Plugins and 41 WordPress Themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 101 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabiliti...

6.3AI score
Exploits0
Wordfence Blog
Wordfence Blog
added 2026/05/20 10:4 p.m.9 views

How a Webmail Log File Became a Root-Level Backdoor

THREAT ANALYSIS May 2026 · Forensic Case Study A forensic breakdown of how an attacker turned CyberPanel's SnappyMail logging into a persistent webshell that survived every WordPress cleanup attempt. A WordPress site owner reported redirect malware on their site. They found that clicking anywhere...

6.2AI score
Exploits0
Wordfence Blog
Wordfence Blog
added 2026/05/14 6:20 p.m.9 views

Wordfence Intelligence Weekly WordPress Vulnerability Report (May 4, 2026 to May 10, 2026)

Last week, there were 78 vulnerabilities disclosed in 62 WordPress Plugins and 2 WordPress Themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 59 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities i...

6AI score
Exploits0
Wordfence Blog
Wordfence Blog
added 2026/04/16 4:45 p.m.9 views

Wordfence Intelligence Weekly WordPress Vulnerability Report (April 6, 2026 to April 12, 2026)

Last week, there were 157 vulnerabilities disclosed in 141 WordPress Plugins and 23 WordPress Themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 79 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilitie...

6AI score
Exploits0
Wordfence Blog
Wordfence Blog
added 2025/10/20 4:41 p.m.9 views

Malware Using Variable Functions and Cookies For Obfuscation

📢 Calling all Vulnerability Researchers and Bug Bounty Hunters!📢 🚀 Operation: Maximum Impact Challenge ! Now through November 10, 2025, earn 2X bounty rewards forall in-scope submissions in software with at least 5,000 active installs and fewer than 5 million active installs. Bounties up to $31,2...

8AI score
Exploits0
Wordfence Blog
Wordfence Blog
added 2025/09/09 3:38 p.m.9 views

The Price of ‘Free’: How Nulled Plugins Are Used to Weaken Your Defense

The Wordfence Threat Intelligence Team has discovered a new malware campaign that highlights the hidden risks associated with "nulled plugins", or premium plugins that have been tampered with by third parties. This campaign is particularly concerning because it doesn't just infect websites: it...

7.2AI score
Exploits0
Wordfence Blog
Wordfence Blog
added 2025/08/25 4:31 p.m.9 views

15,000 WordPress Sites Affected by Privilege Escalation Vulnerability in Dokan Pro WordPress Plugin

📢 Calling all Vulnerability Researchers and Bug Bounty Hunters!📢 🌞 Spring into Summer with Wordfence! Now through September 4, 2025, earn 2X bounty rewards forall in-scope submissions from our ‘High Threat’ list in software with fewer than 5 million active installs. Bounties up to $31,200 per...

8.8CVSS8.3AI score0.00414EPSS
Exploits0
Wordfence Blog
Wordfence Blog
added 2025/08/22 4:3 p.m.9 views

Wordfence Bug Bounty Program Monthly Report – July 2025

Last month in July 2025, the Wordfence Bug Bounty Program received 325 vulnerability submissions from our growing community of security researchers working to improve the overall security posture of the WordPress ecosystem. These submissions are reviewed, triaged, and processed by the Wordfence...

9.4AI score
Exploits0
Total number of security vulnerabilities522