522 matches found
Dissecting a Clever Malware Sample for Optimized Detection and Protection
As part of our product lineup, we offer security monitoring and malware removal services to our Wordfence Care and Response customers. In case of a security incident, our incident response team will investigate the root cause, find and remove malware from your site, and help with other...
AWS Attacks Targeting WordPress Increase 5X
The Wordfence Threat Intelligence team has been tracking a huge increase in malicious login attempts against WordPress sites in our network. Since November 17, 2021, the number of attacks targeting login pages has doubled. We’ve seen a global increase in attacks against WordPress sites during the...
PSA: Widespread Remote Working Scam Underway
Ive just gotten off the phone with a victim of the scam that Im about to describe. This is impacting a lot of folks, so please do spread the word. Its infuriating. Ill be around to reply to your comments below, but please do not engage in victim-blaming, because until youve actually been hit by o...
Critical SQL Injection Vulnerability Patched in WooCommerce
Update: The article originally credited Tommy DeVoss dawgyg for the discovery. Weve since been contacted by Tommy, who let us know that the credit should go to another researcher, Josh from DOS Development Operations Security On July 14, 2021, WooCommerce released an emergency patch for a SQL...
Common WordPress Vulnerabilities and Prevention Through Secure Coding Best Practices
WordPress has experienced exponential growth in the past several years and now holds over 42% of the CMS market share for all major sites. There are over 50,000 plugins available to download in the WordPress repository. That does not include the thousands of premium or open source plugins availab...
Attackers Actively Exploiting Critical Vulnerability in Everest Forms Pro Plugin
On March 30th, 2026, we publicly disclosed a critical Remote Code Execution vulnerability in Everest Forms Pro, a WordPress plugin with an estimated 4,000 active installations. This vulnerability can be leveraged by unauthenticated attackers to execute arbitrary PHP code on the server, leading to...
Attackers Actively Exploiting Critical Vulnerability in Burst Statistics Plugin
On May 13th, 2026, we publicly disclosed a critical Authentication Bypass vulnerability in Burst Statistics, a WordPress plugin with 200,000 active installations. This vulnerability can be leveraged by unauthenticated attackers, with knowledge of an administrator username, to impersonate that...
1,000,000 WordPress Sites Affected by Arbitrary File Read and SQL Injection Vulnerabilities in Avada Builder WordPress Plugin
On March 21st, 2026, we received a submission for an Arbitrary File Read and an SQL Injection vulnerability in Avada Builder, a WordPress plugin with an estimated 1,000,000 active installations. The arbitrary file read vulnerability can be used by authenticated attackers, with subscriber-level...
400,000 WordPress Sites Affected by Unauthenticated SQL Injection Vulnerability in Ally WordPress Plugin
On February 4th, 2026, we received a submission for an SQL Injection vulnerability in Ally, a WordPress plugin estimated to have more than 400,000 active installations. This vulnerability can be leveraged to extract sensitive data from the database, such as password hashes. Props to Drew Webber...
Wordfence Intelligence Weekly WordPress Vulnerability Report (December 8, 2025 to December 14, 2025)
Last week, there were 246 vulnerabilities disclosed in 226 WordPress Plugins and 9 WordPress Themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 81 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities...
Attackers Actively Exploiting Critical Vulnerability in Sneeit Framework Plugin
On June 10th, 2025, we received a submission for a Remote Code Execution vulnerability in Sneeit Framework, a WordPress plugin with an estimated 1,700 active installations. The plugin is bundled in multiple premium themes. This vulnerability can be leveraged to execute code remotely. The vendor...
Attackers Actively Exploiting Critical Vulnerability in King Addons for Elementor Plugin
On July 24th, 2025, we received a submission for a Privilege Escalation vulnerability in King Addons for Elementor, a WordPress plugin with more than 10,000 active installations. This vulnerability makes it possible for an unauthenticated attacker to grant themselves administrative privileges by...
Mass Exploit Campaign Targeting Arbitrary Plugin Installation Vulnerabilities
📢 Calling all Vulnerability Researchers and Bug Bounty Hunters!📢 🚀 Operation: Maximum Impact Challenge ! Now through November 10, 2025, earn 2X bounty rewards forall in-scope submissions in software with at least 5,000 active installs and fewer than 5 million active installs. Bounties up to $31,2...
40,000 WordPress Sites Affected by Arbitrary File Read Vulnerability in UiCore Elements WordPress Plugin
📢 Calling all Vulnerability Researchers and Bug Bounty Hunters!📢 🌞 Spring into Summer with Wordfence! Now through September 4, 2025, earn 2X bounty rewards forall in-scope submissions from our ‘High Threat’ list in software with fewer than 5 million active installs. Bounties up to $31,200 per...
Attackers Actively Exploiting Critical Vulnerability in Alone Theme
📢 Calling all Vulnerability Researchers and Bug Bounty Hunters!📢 🌞 Spring into Summer with Wordfence! Now through August 4, 2025, earn 2X bounty rewards forall in-scope submissions from our ‘High Threat’ list in software with fewer than 5 million active installs. Bounties up to $31,200 per...
Attackers Actively Exploiting Critical Vulnerability in Motors Theme
📢 Calling all Vulnerability Researchers and Bug Bounty Hunters! 📢 🌞 Spring into Summer with Wordfence! Now through August 4, 2025, earn 2X bounty rewards forall in-scope submissions from our ‘High Threat’ list in software with fewer than 5 million active installs. Bounties up to $31,200 per...
Sophisticated & Stealthy Formjacking Malware Targets E-Commerce Checkout Pages
📢In case you missed it, Wordfence just published itsannual WordPress security report for 2024. Read it now to learn more about the evolving risk landscape of WordPress so you can keep your sites protected in 2025 and beyond. The Wordfence Threat Intelligence team recently uncovered a sophisticate...
Revolutionizing WordPress Bug Bounty and Security: Latest Enhancements to the Wordfence Bug Bounty Program
We are excited to share some updates on our Bug Bounty Program today! It has been over six months since the launch of our program, during which weve awarded approximately $242,000 in bounties. Since then, our team has triaged around 2,140 vulnerability submissions, with about 1,320 deemed in-scop...
Threat Actors Using Obfuscation in Attempt to Evade Detection
As part of our product lineup, we offer security monitoring and malware removal services to our Wordfence Care and Response customers. In the event of a security incident, our incident response team will investigate the root cause, find and remove malware from your site, and help with other...
The Wordfence 2022 State of WordPress Security Report
Today, the Wordfence Threat Intelligence team is releasing our 2022 State of WordPress Security Report as a free White Paper. In our report, we look at changes in the threat landscape, analyze impactful trends, and provide recommendations based on our findings. While most of our recommendations...
How Much is Your Hacked Site Worth?
The Wordfence Threat Intelligence team has recently concluded an investigation of online marketplaces, colloquially known as “shops” by threat actors, selling access to compromised services. While contemporary threat actors primarily coordinate and conduct business through Telegram channels,...
Spikes in Attacks Serve as a Reminder to Update Plugins
The Wordfence Threat Intelligence team continually monitors trends in the attack data we collect. Occasionally an unusual trend will arise from this data, and we have spotted one such trend standing out over the Thanksgiving holiday in the U.S. and the first weekend in December. Attack attempts...
Not Just for the Government: Using the NIST Framework to Secure WordPress
When setting up a WordPress website, it is easy to focus on the look and feel of the website, while overlooking the important aspect of security. This makes sense, because the security of a website is largely invisible until something goes wrong. Installing a cybersecurity plugin like Wordfence...
Wordfence Intelligence Launches New Malware Hash Feed!
Today, the Wordfence team is launching a Malware Hash Feed as part of our Wordfence Intelligence API. This gives our Enterprise users another way to rapidly and definitively identify malware targeting web applications. As the world’s foremost WordPress security provider, Wordfence has an expertly...
WordPress Malware Camouflaged As Code
In today’s post we discuss emerging techniques that attackers are using to hide the presence of malware. In the example we discuss below, the attacker’s goal is to make everything look routine to an analyst so that they do not dig deeper and discover the presence of malware and what it is doing. ...
Wordfence Intelligence Weekly WordPress Vulnerability Report (April 13, 2026 to April 19, 2026)
Last week, there were 139 vulnerabilities disclosed in 118 WordPress Plugins and 10 WordPress Themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 85 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilitie...
30,000 WordPress Sites Affected by Authentication Bypass Vulnerability in Tutor LMS Pro WordPress Plugin
On December 30th, 2025, we received a submission for an Authentication Bypass vulnerability in Tutor LMS Pro, a WordPress plugin estimated to have more than 30,000 active installations. The vulnerability makes it possible for an unauthenticated attacker to gain access to any account on a site...
Rogue WordPress Plugin Conceals Multi-Tiered Credit Card Skimmers in Fake PNG Files
The Wordfence Threat Intelligence Team recently discovered a sophisticated malware campaign targeting WordPress e-commerce sites, specifically those using the WooCommerce plugin. This malware exhibits advanced features including custom encryption methods, fake images used to conceal malicious...
Pushing Boundaries With Claude Code
Claude Code stormed onto the programming scene when Anthropic launched it in February of this year. It moved, what Andrej Karpathy has called "The Autonomy Slider" from around a three to a solid eight. What this means is that you can give Claude Code direction, it will come up with a plan to...
33,000 WordPress Sites Affected by Privilege Escalation Vulnerability in RealHomes WordPress Theme
🌞Spring Into Summer Challenge: Critical Threats = Critical Rewards. 🌞 🔥 Now through August 4, 2025, earn 2X bounty rewards for all in-scope submissions from our'High Threat' list in software with fewer than 5 million active installs. Submit bold. Earn big! 🔥 On May 4th, 2025, we received a...
Wordfence Bug Bounty Researchers: Unlock More Earning Potential With New “Refer A Researcher” Program
Today, we at Wordfence are excited to announce a groundbreaking addition to our Wordfence Bug Bounty Program: the Refer-A-Researcher Program! Refer new researchers to our program and earn commissions when they submit valid vulnerabilities. This is a great opportunity to earn even more with the...
WordPress XSSplorer Challenge: An Expanded Scope for All Researchers in the Wordfence Bug Bounty Program
From now through October 7th, 2024, we are expanding the scope of our Bug Bounty Program to include all Cross-Site Scripting XSS vulnerabilities—both Reflected and Stored—in any WordPress plugin or theme with at least 1,000 active installations for all researchers. This temporary scope expansion...
Post Action Report: Bad Firewall Rule Released to WPEngine Customers Wednesday
On Wednesday afternoon a small percentage of WPEngine websites using a paid version of Wordfence experienced a 500 Internal Server Error or white screen on their sites due to an erroneous firewall rule that we released. If you have experienced this issue, please check your email which contains...
Attackers Actively Exploiting Sensitive Information Exposure Vulnerability in Gravity SMTP Plugin
On March 30th, 2026, we publicly disclosed a Sensitive Information Exposure vulnerability in Gravity SMTP, a WordPress plugin with an estimated 100,000 active installations. This vulnerability can be leveraged by unauthenticated attackers to retrieve detailed system configuration data and,...
Attackers Actively Exploiting Critical Vulnerability in Breeze Cache Plugin
On April 22nd, 2026, we publicly disclosed a critical Arbitrary File Upload vulnerability in Breeze Cache, a WordPress plugin with an estimated 400,000 active installations. This vulnerability can be leveraged by unauthenticated attackers to upload arbitrary files, including PHP backdoors, and...
Wordfence Bug Bounty Program Monthly Report – February 2026
Last month in February 2026, the Wordfence Bug Bounty Program received 1078 vulnerability submissions from our growing community of security researchers working to improve the overall security posture of the WordPress ecosystem. These submissions are reviewed, triaged, and processed by the...
10,000 WordPress Sites Protected Against Site Reset and Privilege Escalation Vulnerability in Demo Importer Plus WordPress Plugin
On November 27th, 2025, we received a submission for a Site Reset and Privilege Escalation vulnerability in Demo Importer Plus, a WordPress plugin with more than 10,000 active installations. This vulnerability can be leveraged to trigger a full site reset and assign the administrator role to the...
Attackers Actively Exploiting Critical Vulnerability in Post SMTP Plugin
On October 11th, 2025, we received a submission for an Account Takeover via Email Log Disclosure vulnerability in Post SMTP, a WordPress plugin with more than 400,000 active installations. This vulnerability makes it possible for an unauthenticated attacker to view email logs, including password...
WordPress SQLsplorer Challenge: Bigger Scope and Bounties for All Researchers in the Wordfence Bug Bounty Program
From now through September 22, 2025 , we’re running our SQLsplorer Challenge , focused on SQL Injection vulnerabilities. During this challenge, we’re expanding the scope of the Wordfence Bug Bounty Program to encourage deeper research into SQL Injection vulnerabilities and broader participation...
A Deep Dive into a Modular Malware Family
📢 Calling all Vulnerability Researchers and Bug Bounty Hunters!📢 🌞 Spring into Summer with Wordfence! Now through August 4, 2025, earn 2X bounty rewards forall in-scope submissions from our 'High Threat' list in software with fewer than 5 million active installs. Bounties up to $31,200 per...
100,000 WordPress Sites Affected by Privilege Escalation via MCP in AI Engine WordPress Plugin
🌞Spring Into Summer Challenge: Critical Threats = Critical Rewards. 🌞 🔥 Now through August 4, 2025, earn 2X bounty rewards for all in-scope submissions from our ‘High Threat’ list in software with fewer than 5 million active installs. Submit bold. Earn big! 🔥 On May 21st, 2025, our Wordfence Thre...
1.6 Million WordPress Sites Hit With 13.7 Million Attacks In 36 Hours From 16,000 IPs
Today, on December 9, 2021, our Threat Intelligence team noticed a drastic uptick in attacks targeting vulnerabilities that make it possible for attackers to update arbitrary options on vulnerable sites. This led us into an investigation which uncovered an active attack targeting over a million...
Wordfence Intelligence Weekly WordPress Vulnerability Report (June 29, 2026 to July 5, 2026)
Last week, there were 250 vulnerabilities disclosed in 181 WordPress Plugins and 41 WordPress Themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 101 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabiliti...
How a Webmail Log File Became a Root-Level Backdoor
THREAT ANALYSIS May 2026 · Forensic Case Study A forensic breakdown of how an attacker turned CyberPanel's SnappyMail logging into a persistent webshell that survived every WordPress cleanup attempt. A WordPress site owner reported redirect malware on their site. They found that clicking anywhere...
Wordfence Intelligence Weekly WordPress Vulnerability Report (May 4, 2026 to May 10, 2026)
Last week, there were 78 vulnerabilities disclosed in 62 WordPress Plugins and 2 WordPress Themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 59 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities i...
Wordfence Intelligence Weekly WordPress Vulnerability Report (April 6, 2026 to April 12, 2026)
Last week, there were 157 vulnerabilities disclosed in 141 WordPress Plugins and 23 WordPress Themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 79 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilitie...
Malware Using Variable Functions and Cookies For Obfuscation
📢 Calling all Vulnerability Researchers and Bug Bounty Hunters!📢 🚀 Operation: Maximum Impact Challenge ! Now through November 10, 2025, earn 2X bounty rewards forall in-scope submissions in software with at least 5,000 active installs and fewer than 5 million active installs. Bounties up to $31,2...
The Price of ‘Free’: How Nulled Plugins Are Used to Weaken Your Defense
The Wordfence Threat Intelligence Team has discovered a new malware campaign that highlights the hidden risks associated with "nulled plugins", or premium plugins that have been tampered with by third parties. This campaign is particularly concerning because it doesn't just infect websites: it...
15,000 WordPress Sites Affected by Privilege Escalation Vulnerability in Dokan Pro WordPress Plugin
📢 Calling all Vulnerability Researchers and Bug Bounty Hunters!📢 🌞 Spring into Summer with Wordfence! Now through September 4, 2025, earn 2X bounty rewards forall in-scope submissions from our ‘High Threat’ list in software with fewer than 5 million active installs. Bounties up to $31,200 per...
Wordfence Bug Bounty Program Monthly Report – July 2025
Last month in July 2025, the Wordfence Bug Bounty Program received 325 vulnerability submissions from our growing community of security researchers working to improve the overall security posture of the WordPress ecosystem. These submissions are reviewed, triaged, and processed by the Wordfence...