521 matches found
Wordfence Intelligence Weekly WordPress Vulnerability Report (Mar 27, 2023 to Apr 2, 2023)
Last week, there were 82 vulnerabilities disclosed in 70 WordPress Plugins and 1 WordPress theme that have been added to the Wordfence Intelligence Vulnerability Database, and there were 34 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities in...
Wordfence Intelligence Weekly WordPress Vulnerability Report (November 27, 2023 to December 3, 2023)
Wordfence just launched its bug bounty program. Through December 20th 2023, all researchers will earn 6.25x our normal bounty rates when Wordfence handles responsible disclosure for our Holiday Bug Extravaganza! Register as a researcher and submit your vulnerabilities today! Last week, there were...
Wordfence Intelligence Weekly WordPress Vulnerability Report (June 26, 2023 to July 2, 2023)
Last week, there were 66 vulnerabilities disclosed in 56 WordPress Plugins and 1 WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 34 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities i...
Wordfence Intelligence Weekly WordPress Vulnerability Report (Apr 10, 2023 to Apr 16, 2023)
Last week, there were 69 vulnerabilities disclosed in 60 WordPress plugins and 4 WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 32 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities i...
Wordfence Intelligence Weekly WordPress Vulnerability Report (April 15, 2024 to April 21, 2024)
Did you know were running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there were 209 vulnerabilities disclosed in 169 WordPres...
Wordfence Intelligence Weekly WordPress Vulnerability Report (April 1, 2024 to April 7, 2024)
Did you know were running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there were 193 vulnerabilities disclosed in 154 WordPres...
Wordfence Intelligence Weekly WordPress Vulnerability Report (July 3, 2023 to July 9, 2023)
Last week, there were 61 vulnerabilities disclosed in 54 WordPress Plugins and 1 WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 28 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities i...
Wordfence Intelligence Weekly WordPress Vulnerability Report (Mar 20, 2023 to Mar 26, 2023)
Last week, there were 80 vulnerabilities disclosed in 69 WordPress Plugins and 1 WordPress theme that have been added to the Wordfence Intelligence Vulnerability Database, and there were 31 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities in...
Wordfence Intelligence Weekly WordPress Vulnerability Report (May 5, 2025 to May 11, 2025)
In case you missed it, Wordfence just published itsannual WordPress security report for 2024. Read it now to learn more about the evolving risk landscape of WordPress so you can keep your sites protected in 2025 and beyond. Last week, there were 224 vulnerabilities disclosed in 207 WordPress...
Wordfence Intelligence Weekly WordPress Vulnerability Report (December 9, 2024 to December 15, 2024)
Time to wrap up this year and kick-off the new year with a bang! We’re wrapping up the year with ourEnd of Year Holiday Extravaganza , High-Risk Bonus Blitz Challenge , and Superhero Challenge for the Wordfence Bug Bounty Program. Through January 6th, 2025: All in-scope vulnerability types for...
Wordfence Intelligence Weekly WordPress Vulnerability Report (April 8, 2024 to April 14, 2024)
Did you know were running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there were 219 vulnerabilities disclosed in 209 WordPres...
Vulnerability Patched in Sassy Social Share Plugin
Update: This article has been updated for accuracy: while we initially did create a rule to block this vulnerability we later found that the vulnerability was already blocked by an existing rule. Note: To receive disclosures like this in your inbox the moment they’re published, you can subscribe ...
Wordfence Intelligence Weekly WordPress Vulnerability Report (December 4, 2023 to December 10, 2023)
Wordfence just launched its bug bounty program. Through December 20th 2023, all researchers will earn 6.25x our normal bounty rates when Wordfence handles responsible disclosure for our Holiday Bug Extravaganza! Register as a researcher and submit your vulnerabilities today! Last week, there were...
Wordfence Intelligence Weekly WordPress Vulnerability Report (March 11, 2024 to March 17, 2024)
Did you know were running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there were 163 vulnerabilities disclosed in 126 WordPres...
Wordfence Intelligence Weekly WordPress Vulnerability Report (November 11, 2024 to November 17, 2024)
Calling all superheroes and hunters! Introducing the End of Year Holiday Extravaganza and the WordPress Superhero Challenge for the Wordfence Bug Bounty Program! Through December 9th, 2024: All in-scope vulnerability types for WordPress plugins/themes with = 1,000 active installations are in-scop...
Wordfence Intelligence Weekly WordPress Vulnerability Report (February 26, 2024 to March 3, 2024)
Did you know were running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there were 121 vulnerabilities disclosed in 88 WordPress...
Wordfence Intelligence Weekly WordPress Vulnerability Report (January 1, 2024 to January 7, 2024)
Wordfence just launched its bug bounty program. For the first 6 months, all awarded bounties receive a 10% bonus. View the announcement to learn more now! Last week, there were 85 vulnerabilities disclosed in 74 WordPress Plugins and 2 WordPress themes that have been added to the Wordfence...
Over 100 WordPress Repository Plugins Affected by Shortcode-based Stored Cross-Site Scripting
On August 14, 2023, the Wordfence Threat Intelligence team began a research project to find Stored Cross-Site Scripting XSS via Shortcode vulnerabilities in WordPress repository plugins. This type of vulnerability enables threat actors with contributor-level permissions or higher to inject...
Wordfence Intelligence Weekly WordPress Vulnerability Report (May 6, 2024 to May 12, 2024)
Did you know were running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there were 184 vulnerabilities disclosed in 146 WordPres...
Wordfence Intelligence Weekly WordPress Vulnerability Report (November 20, 2023 to November 26, 2023)
Wordfence just launched its bug bounty program. For the first 6 months, all awarded bounties receive a 10% bonus. View the announcement to learn more now! Last week, there were 115 vulnerabilities disclosed in 87 WordPress Plugins and 1 WordPress themes that have been added to the Wordfence...
Wordfence Intelligence Weekly WordPress Vulnerability Report (November 6, 2023 to November 12, 2023)
Wordfence just launched its bug bounty program. Over the next 6 months, all awarded bounties receive a 10% bonus. View the announcement to learn more now! Please note there was a minor error in the heading of the email, and this report only runs from November 6th to November 12th. Last week, ther...
Wordfence Intelligence Weekly WordPress Vulnerability Report (June 5, 2023 to June 11, 2023)
Last week, there were 45 vulnerabilities disclosed in 30 WordPress Plugins and no WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 17 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities ...
Russian Hacktivist Group Targets Political Websites with DDOS Attacks
A Russian hacktivist group calling itself “The People’s Cyberarmy” called on its members to target the American Democratic party website at with DDOS Distributed Denial of Service attacks this morning, November 8th, 2022, which is Election Day in the United States. A post in their Telegram channe...
Wordfence Intelligence Weekly WordPress Vulnerability Report (August 19, 2024 to August 25, 2024)
Did you know Wordfence runs a Bug Bounty Program for all WordPress plugin and themes at no cost to vendors? Through October 14th, researchers can earn up to $31,200, for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find a vulnerability, submit the details directly to us, and ...
Wordfence Intelligence Weekly WordPress Vulnerability Report (May 1, 2023 to May 7, 2023)
Last week, there were 58 vulnerabilities disclosed in 43 WordPress Plugins and 3 WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 27 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities i...
Wordfence Intelligence Weekly WordPress Vulnerability Report (June 3, 2024 to June 9, 2024)
Did you know Wordfence runs a Bug Bounty Program for all WordPress plugin and themes at no cost to vendors? Researchers can earn up to $10,400, for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find a vulnerability, submit the details directly to us, and we handle all the rest...
Wordfence Intelligence Weekly WordPress Vulnerability Report (December 16, 2024 to January 5, 2025)
Did you know Wordfence runs aBug Bounty Program for all WordPress plugin and themes at no cost to vendors? Researchers can earn up to $31,200 per vulnerability , for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find a vulnerability, submit the details directly to us, and we...
Wordfence Intelligence Weekly WordPress Vulnerability Report (August 12, 2024 to August 18, 2024)
Did you know Wordfence runs a Bug Bounty Program for all WordPress plugin and themes at no cost to vendors? Through October 14th, researchers can earn up to $31,200, for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find a vulnerability, submit the details directly to us, and ...
Wordfence Intelligence Weekly WordPress Vulnerability Report (September 30, 2024 to October 6, 2024)
Calling all superheroes and haunters! Introducing the Cybersecurity Month Spooktacular Haunt and the WordPress Superhero Challenge for the Wordfence Bug Bounty Program! Through November 11th, 2024: All in-scope vulnerability types for WordPress plugins/themes with = 1,000 active installations are...
PSA: High Severity File Upload Vulnerability in Elementor Patched
On December 6, 2023, the Wordfence team noticed a changelog entry for version 3.18.1 of Elementor, a WordPress plugin installed on nearly 9 million sites. We did not discover the original vulnerability and only became aware of it after reviewing the changelog containing a partial patch. We...
Wordfence Intelligence Weekly WordPress Vulnerability Report (September 23, 2024 to September 29, 2024)
Did you know Wordfence runs aBug Bounty Program for all WordPress plugins and themes at no cost to vendors? Through October 7th, 2024, XSS vulnerabilities in all plugins and themes with =1,000 Active Installs are in scope for all researchers. In addition, through October 14th, 2024 , r esearchers...
2023’s Critical WordPress Vulnerabilities and How They Work
Did you know were running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through February 29th, 2024 when you opt to have Wordfence handle responsible disclosure! In 2023, the Wordfence Threat Intelligence teams primary focus...
Wordfence Intelligence Weekly WordPress Vulnerability Report (October 21, 2024 to October 27, 2024)
Calling all superheroes and haunters! Introducing the Cybersecurity Month Spooktacular Haunt and the WordPress Superhero Challenge for the Wordfence Bug Bounty Program! Through November 11th, 2024: All in-scope vulnerability types for WordPress plugins/themes with = 1,000 active installations are...
Wordfence Intelligence Weekly WordPress Vulnerability Report (February 12, 2024 to February 18, 2024)
Did you know were running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through February 29th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there were 78 vulnerabilities disclosed in 63...
Wordfence Intelligence Weekly WordPress Vulnerability Report (January 29, 2024 to February 4, 2024)
Did you know were running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through February 29th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there were 122 vulnerabilities disclosed in 110...
All In One SEO Pack Vulnerabilities Impacting 3 Million Sites Patched
On January 26, 2023, the Wordfence Team responsibly disclosed two vulnerabilities in All In One SEO Pack, a WordPress plugin installed on over 3 Million sites which provides search engine optimization tools designed to help content creators optimize their sites and reach more users. Both reported...
Wordfence Intelligence Weekly WordPress Vulnerability Report (June 1, 2026 to June 7, 2026)
Last week, there were 160 vulnerabilities disclosed in 143 WordPress Plugins and 2 WordPress Themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 97 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities...
Wordfence Intelligence Weekly WordPress Vulnerability Report (July 15, 2024 to July 21, 2024)
Did you know Wordfence runs a Bug Bounty Program for all WordPress plugin and themes at no cost to vendors? Researchers can earn up to $10,400, for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find a vulnerability, submit the details directly to us, and we handle all the rest...
WordPress 5.9.2 Security Update Fixes XSS and Prototype Pollution Vulnerabilities
Last night, just after 6pm Pacific time, on Thursday March 10, 2022, the WordPress core team released WordPress version 5.9.2, which contains security patches for a high-severity vulnerability as well as two medium-severity issues. The high-severity issue affects version 5.9.0 and 5.9.1 and allow...
Wordfence Intelligence Weekly WordPress Vulnerability Report (March 31, 2025 to April 6, 2025)
In case you missed it, Wordfence just published itsannual WordPress security report for 2024. Read it now to learn more about the evolving risk landscape of WordPress so you can keep your sites protected in 2025 and beyond. Last week, there were 551 vulnerabilities disclosed in 485 WordPress...
Wordfence Intelligence Weekly WordPress Vulnerability Report (January 27, 2025 to February 2, 2025)
Did you know Wordfence runs aBug Bounty Program for all WordPress plugins and themes at no cost to vendors? Researchers can earn up to $31,200 per vulnerability , for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find a vulnerability, submit the details directly to us, and we...
How To Find XSS (Cross-Site Scripting) Vulnerabilities in WordPress Plugins and Themes
Yesterday, we announced the WordPress XSSplorer Challenge for the Wordfence Bug Bounty Program. The objective of this promotion is to help beginners get started in WordPress bug bounty hunting by opening up the scope of our Bug Bounty Program. Cross-Site Scripting vulnerabilities reported in...
Wordfence Intelligence Weekly WordPress Vulnerability Report (January 13, 2025 to January 19, 2025)
Did you know Wordfence runs aBug Bounty Program for all WordPress plugins and themes at no cost to vendors? Researchers can earn up to $31,200 per vulnerability , for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find a vulnerability, submit the details directly to us, and we...
Wordfence Intelligence Weekly WordPress Vulnerability Report (October 14, 2024 to October 20, 2024)
Calling all superheroes and haunters! Introducing the Cybersecurity Month Spooktacular Haunt and the WordPress Superhero Challenge for the Wordfence Bug Bounty Program! Through November 11th, 2024: All in-scope vulnerability types for WordPress plugins/themes with = 1,000 active installations are...
Wordfence Intelligence Weekly WordPress Vulnerability Report (May 27, 2024 to June 2, 2024)
Did you know Wordfence runs a Bug Bounty Program for all WordPress plugin and themes at no cost to vendors? Researchers can earn up to $10,400, for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find a vulnerability, submit the details directly to us, and we handle all the rest...
Wordfence Intelligence Weekly WordPress Vulnerability Report (March 18, 2024 to March 24, 2024)
Did you know were running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there were 94 vulnerabilities disclosed in 81 WordPress...
Wordfence Intelligence Weekly WordPress Vulnerability Report (Mar 6, 2023 to Mar 12, 2023)
Last week, there were 60 vulnerabilities disclosed in 40 WordPress Plugins and 1 WordPress theme that have been added to the Wordfence Intelligence Vulnerability Database, and there were 16 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities in...
Wordfence Intelligence Weekly WordPress Vulnerability Report (April 28, 2025 to May 4, 2025)
In case you missed it, Wordfence just published itsannual WordPress security report for 2024. Read it now to learn more about the evolving risk landscape of WordPress so you can keep your sites protected in 2025 and beyond. Last week, there were 84 vulnerabilities disclosed in 68 WordPress Plugin...
Wordfence Intelligence Weekly WordPress Vulnerability Report (August 26, 2024 to September 1, 2024)
Did you know Wordfence runs a Bug Bounty Program for all WordPress plugin and themes at no cost to vendors? Through October 7th, 2024, XSS vulnerabilities in all plugins and themes with =1,000 Active Installs are in scope for all researchers. In addition, through October 14th, 2024, researchers c...
Wordfence Intelligence Weekly WordPress Vulnerability Report (May 20, 2024 to May 26, 2024)
Did you know Wordfence runs a Bug Bounty Program for all WordPress plugin and themes at no cost to vendors? Researchers can earn up to $10,400, for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find a vulnerability, submit the details directly to us, and we handle all the rest...