Lucene search
K
WordfenceMost viewed

522 matches found

Wordfence Blog
Wordfence Blog
added 2024/11/05 5:6 p.m.23 views

Announcing The Wordfence Audit Log: Off-Site Real-Time Security Event Logging for WordPress

Today the Wordfence team is proud to announce an exciting new feature: The Wordfence Audit Log, included in the Wordfence 8.0 release. The audit log captures and stores security-related events on your website as they happen, and sends them securely to an off-site location to protect them from...

7AI score
Exploits0
Wordfence Blog
Wordfence Blog
added 2024/08/16 2:45 p.m.23 views

10,000 WordPress Sites Affected by Arbitrary File Read and Delete Vulnerability in InPost PL and InPost for WooCommerce WordPress Plugins

📢 Did you know Wordfence runs a Bug Bounty Program for all WordPress plugin and themes at no cost to vendors? Through October 14th, researchers can earn up to $31,200, for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find a vulnerability, submit the details directly to us, an...

10CVSS7.8AI score0.00983EPSS
Exploits0
Wordfence Blog
Wordfence Blog
added 2024/07/01 4:11 p.m.23 views

WordPress Security Research Series: WordPress Request Architecture and Hooks

Welcome to Part 1 of the WordPress Security Research Beginner Series! If you haven’t had a chance, please review the series introduction blog post for more details on the goal of this series and what to expect. Before diving into the security features of WordPress, its critical to understand the...

7.1AI score
Exploits0
Wordfence Blog
Wordfence Blog
added 2024/04/23 3:0 p.m.23 views

$493 Bounty Awarded for Arbitrary Options Update Vulnerability Patched in WP Datepicker WordPress Plugin

🎉 Did you know were running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! On April 14th, 2024, during our Bug Extravaganza, we received a...

6.5CVSS6.8AI score0.00911EPSS
Exploits0
Wordfence Blog
Wordfence Blog
added 2024/02/29 2:2 p.m.23 views

Spring into Action! Earn up to $10,000 with our Extended Bug Bounty Program Extravaganza through Memorial Day!

Spring into action and kick-start your spring cleaning with a tech twist! Were excited to announce the extension of our Bug Bounty Extravaganza through Memorial Day, May 27th, 2024. Now, you have a golden opportunity to earn up to $10,000 for reporting vulnerabilities in WordPress software over t...

7.6AI score
Exploits0
Wordfence Blog
Wordfence Blog
added 2023/02/21 5:48 p.m.23 views

Authorization vs. Intent: Why You Should Always Verify Both

The Wordfence Threat Intelligence team has observed a recent increase in the number of partial vulnerability patches that don’t properly address separate underlying issues. More specifically, we have been seeing an increase in Missing Authorization vulnerabilities that are fixed using tools...

0.1AI score
Exploits0
Wordfence Blog
Wordfence Blog
added 2021/11/22 7:28 p.m.23 views

GoDaddy Breached – Plaintext Passwords – 1.2M Affected

There is an update available here: GoDaddy Breach Widens to tsoHost, Media Temple, 123Reg, Domain Factory, Heart Internet, and Host Europe This morning, GoDaddy disclosed that an unknown attacker had gained unauthorized access to the system used to provision the company’s Managed WordPress sites,...

6.8AI score
Exploits0
Wordfence Blog
Wordfence Blog
added 2026/02/20 7:0 p.m.22 views

Wordfence Bug Bounty Program Monthly Report – January 2026

Last month in January 2026, the Wordfence Bug Bounty Program received 897 vulnerability submissions from our growing community of security researchers working to improve the overall security posture of the WordPress ecosystem. These submissions are reviewed, triaged, and processed by the Wordfenc...

6.4AI score
Exploits0
Wordfence Blog
Wordfence Blog
added 2025/11/21 4:13 p.m.22 views

Wordfence Bug Bounty Program Monthly Report – October 2025

Last month in October 2025, the Wordfence Bug Bounty Program received 486 vulnerability submissions from our growing community of security researchers working to improve the overall security posture of the WordPress ecosystem. These submissions are reviewed, triaged, and processed by the Wordfenc...

7.7AI score
Exploits0
Wordfence Blog
Wordfence Blog
added 2025/08/28 3:46 p.m.22 views

Wordfence Intelligence Weekly WordPress Vulnerability Report (August 18, 2025 to August 24, 2025)

Calling all Vulnerability Researchers and Bug Bounty Hunters! Spring into Summer with Wordfence! Now through September 4, 2025, earn 2X bounty rewards forall in-scope submissions from our 'High Threat' list in software with fewer than 5 million active installs. Bounties up to $31,200 per...

10CVSS8.9AI score0.16399EPSS
Exploits11
Wordfence Blog
Wordfence Blog
added 2025/06/19 2:32 p.m.22 views

Wordfence Intelligence Weekly WordPress Vulnerability Report (June 9, 2025 to June 15, 2025)

Calling all Vulnerability Researchers and Bug Bounty Hunters! Spring into Summer with Wordfence! Now through August 4, 2025, earn 2X bounty rewards forall in-scope submissions from our 'High Threat' list in software with fewer than 5 million active installs. Bounties up to $31,200 per...

10CVSS9.9AI score0.04474EPSS
Exploits8
Wordfence Blog
Wordfence Blog
added 2025/05/05 2:32 p.m.22 views

WordPress Security Research Series: Setting Up Your Research Lab

Welcome to Part 3 of the WordPress Security Research Beginner Series! If you haven’t yet, take a minute to check out the series introduction to get a sense of what this series is all about. You’ll also want to catch up on Part 1, where we dig into WordPress request architecture and hooks, and Par...

9.8CVSS7.3AI score0.92319EPSS
Exploits4
Wordfence Blog
Wordfence Blog
added 2025/04/09 4:38 p.m.22 views

100,000 WordPress Sites Affected by Administrative User Creation Vulnerability in SureTriggers WordPress Plugin

📢Did you know Wordfence runs aBug Bounty Program for all WordPress plugins and themes at no cost to vendors? Researchers can earn up to $31,200 per vulnerability , for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find a vulnerability, submit the details directly to us, and we...

8.1CVSS8.2AI score0.76126EPSS
Exploits8
Wordfence Blog
Wordfence Blog
added 2023/10/24 12:20 a.m.22 views

Wordfence Reviews and Where to Find Them

Just a quick note. If youre looking for objective Wordfence reviews, you can find them on the official WordPress plugin repository in the Wordfence reviews section which is linked to from the Wordfence entry in the official WordPress repository. The Wordfence plugin is available in the repository...

6.6AI score
Exploits0
Wordfence Blog
Wordfence Blog
added 2023/07/28 1:2 p.m.22 views

PSA: Wordfence Brand Being Actively Used in Phishing Campaigns

Earlier this week we became aware that malicious actors are using Wordfence brand image to run a phishing scam on WordPress and Wordfence users, posing as unknown login notifications from their own website while linking to a fake login page, clearly aiming to steal WordPress login credentials. If...

7AI score
Exploits0
Wordfence Blog
Wordfence Blog
added 2023/02/28 5:6 p.m.22 views

The WordPress Ecosystem is Becoming More Secure with Responsible Disclosure Becoming More Common

The Wordfence 2022 State of WordPress Security Report was released on January 24th, 2023. One area that we reviewed in this report were the vulnerabilities disclosed in 2022. Keeping in mind that some vulnerabilities affected multiple plugins, themes, and WordPress core, a total of 2,370...

9AI score
Exploits0
Wordfence Blog
Wordfence Blog
added 2023/01/23 7:50 p.m.22 views

PSA: Your Site Isn’t Hacked By This Bitcoin Scam, Keep the Money

On January 19th, 2023, a member of the Wordfence Threat Intelligence team received an email from their personal blog, claiming the site had been hacked, and we received two reports from Wordfence users who received the same message. The email claimed that the site had been hacked due to a...

6.8AI score
Exploits0
Wordfence Blog
Wordfence Blog
added 2022/08/09 4:4 p.m.22 views

Ukrainian Website Threat Landscape Throughout 2022

The Russian invasion of Ukraine began on February 20, 2022. By mid-March it was clear the cyber-war had begun, and the attacks have been consistent ever since. Prior to this, on March 1, 2022, Wordfence reported on an attack campaign on Ukrainian university websites. In response, we deployed our...

0.5AI score
Exploits0
Wordfence Blog
Wordfence Blog
added 2026/02/19 6:42 p.m.21 views

Wordfence Intelligence Weekly WordPress Vulnerability Report (February 9, 2026 to February 15, 2026)

Triple Threat Bug Bounty Challenge Hunt High Threat vulnerabilities and earn triple the incentives! Now through April 6, 2026 , earn three stacked bonuses on all valid submissions from our ' High Threat Vulnerabilities' list: 2x all high threat vulnerability bounties excluding 5,000,000+ installs...

9.9CVSS7.6AI score0.32714EPSS
Exploits22
Wordfence Blog
Wordfence Blog
added 2026/02/03 5:21 p.m.21 views

Quarterly WordPress Threat Intelligence Report – Q4 2025

As the leader in WordPress security, Wordfence provides unparalleled security coverage that fully encompasses protection, active monitoring, detection, and response all built around our threat intelligence, demonstrating a strong commitment to security. Our mission is to ensure comprehensive...

5.8AI score
Exploits0
Wordfence Blog
Wordfence Blog
added 2026/01/29 5:5 p.m.21 views

Wordfence Intelligence Weekly WordPress Vulnerability Report (January 19, 2026 to January 25, 2026)

Did you know Wordfence runs aBug Bounty Program for all WordPress plugin and themes at no cost to vendors? Researchers can earn up to $31,200 per vulnerability , for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find a vulnerability, submit the details directly to us, and we...

9.9CVSS6.5AI score0.01078EPSS
Exploits14
Wordfence Blog
Wordfence Blog
added 2025/11/26 3:2 p.m.21 views

Wordfence Intelligence Weekly WordPress Vulnerability Report (November 17, 2025 to November 23, 2025)

Last week, there were 167 vulnerabilities disclosed in 152 WordPress Plugins and 2 WordPress Themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 69 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities...

9.8CVSS8.4AI score0.02203EPSS
Exploits1
Wordfence Blog
Wordfence Blog
added 2025/08/21 2:13 p.m.21 views

Wordfence Intelligence Weekly WordPress Vulnerability Report (August 11, 2025 to August 17, 2025)

Calling all Vulnerability Researchers and Bug Bounty Hunters! Spring into Summer with Wordfence! Now through September 4, 2025, earn 2X bounty rewards forall in-scope submissions from our 'High Threat' list in software with fewer than 5 million active installs. Bounties up to $31,200 per...

9.9CVSS8.8AI score0.37349EPSS
Exploits12
Wordfence Blog
Wordfence Blog
added 2025/04/21 3:59 p.m.21 views

50,000 WordPress Sites Affected by Arbitrary File Upload Vulnerability in Greenshift WordPress Plugin

📢In case you missed it, Wordfence just published itsannual WordPress security report for 2024. Read it now to learn more about the evolving risk landscape of WordPress so you can keep your sites protected in 2025 and beyond. On April 14th, 2025, we received a submission for an Arbitrary File Uplo...

8.8CVSS7.8AI score0.02027EPSS
Exploits1
Wordfence Blog
Wordfence Blog
added 2025/04/03 5:22 p.m.21 views

50,000 WordPress Sites Affected by Privilege Escalation Vulnerability in Uncanny Automator WordPress Plugin

📢Did you know Wordfence runs aBug Bounty Program for all WordPress plugins and themes at no cost to vendors? Researchers can earn up to $31,200 per vulnerability , for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find a vulnerability, submit the details directly to us, and we...

8.8CVSS9.3AI score0.02474EPSS
Exploits0
Wordfence Blog
Wordfence Blog
added 2024/06/12 3:17 p.m.21 views

Introducing the 0-day Threat Hunt Bug Bounty Promo Through July 11th, 2024!

At Wordfence our mission is to Secure The Web. WordPress powers over 40% of the Web, and Wordfence secures over 5 million WordPress websites. Thats why we’ve decided to run another exciting and new promotion for our Bug Bounty Program. With this promotion, our goal is to get more of the highest...

7.8AI score
Exploits0
Wordfence Blog
Wordfence Blog
added 2024/03/19 3:2 p.m.21 views

SQL Injection Vulnerability Patched in Tutor LMS WordPress Plugin

Did you know were running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! On February 15th, 2024, during our second Bug Bounty Extravaganza, ...

6.5CVSS8.1AI score0.03135EPSS
Exploits0
Wordfence Blog
Wordfence Blog
added 2024/02/20 3:4 p.m.21 views

SQL Injection Vulnerability Patched in RSS Aggregator by Feedzy WordPress Plugin

🎉 Did you know were running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through February 29th, 2024 when you opt to have Wordfence handle responsible disclosure! On February 1st, 2024, during our second Bug Bounty...

6.5CVSS7.8AI score0.00714EPSS
Exploits0
Wordfence Blog
Wordfence Blog
added 2023/11/10 8:56 p.m.21 views

Fostering Innovation in Web Security

Ive always created growth by focusing on free. It started back in 2003 when I launched WorkZoo in London. WorkZoo was a job search engine that ended up being one of Time Magazines top 50 websites of 2005. These days we take free search capability for granted, but 20 years ago, before Nginx came...

7.6AI score
Exploits0
Wordfence Blog
Wordfence Blog
added 2023/09/06 12:59 p.m.21 views

Stored Cross-Site Scripting Vulnerability Patched in Newsletter WordPress Plugin

On August 16, 2023, our Wordfence Threat Intelligence team identified and began the responsible disclosure process for a stored Cross-Site Scripting XSS vulnerability in the Newsletter plugin, which is actively installed on more than 300,000 WordPress websites. The vulnerability enables threat...

4.9CVSS6.3AI score0.00437EPSS
Exploits2
Wordfence Blog
Wordfence Blog
added 2023/03/07 7:9 p.m.21 views

Wordfence Intelligence: Because Community Created Vulnerabilities Are Community Property

Last August, at Black Hat 2022 in Las Vegas, we launched Wordfence Intelligence, a product designed to provide large enterprise customers with rich IP threat data, malware signatures, malware hashes, and vulnerability data to help keep enterprise customers and networks secure. Our mission at...

0.8AI score
Exploits0
Wordfence Blog
Wordfence Blog
added 2022/10/26 4:0 p.m.21 views

What Does The Fox Hack? Breaking Down the Anonymous Fox F-Automatical Script

While performing routine security research, one of our threat analysts discovered the latest version of a Command and Control C2 script, which is referred to as F-Automatical within the script’s code and was commonly known as FoxAuto in older versions. This is the seventh version of this automati...

7.8AI score
Exploits0
Wordfence Blog
Wordfence Blog
added 2022/09/07 2:56 p.m.21 views

PSA: Nearly 5 Million Attacks Blocked Targeting 0-Day in BackupBuddy Plugin

Late evening, on September 6, 2022, the Wordfence Threat Intelligence team was alerted to the presence of a vulnerability being actively exploited in BackupBuddy, a WordPress plugin we estimate has around 140,000 active installations. This vulnerability makes it possible for unauthenticated users...

7.6AI score0.63761EPSS
Exploits2
Wordfence Blog
Wordfence Blog
added 2022/03/30 1:11 p.m.21 views

Reflected XSS in Spam protection, AntiSpam, FireWall by CleanTalk

Update - after this article was published, Denis Shagimuratov of CleanTalk reached out to us on Twitter. It appears that they didnt receive our disclosure because our contact at the company was no longer the correct recipient for this type of issue. On February 15, 2022, the Wordfence Threat...

4.3CVSS0.3AI score0.02886EPSS
Exploits3
Wordfence Blog
Wordfence Blog
added 2021/10/13 2:0 p.m.21 views

Multiple Vulnerabilities in Brizy Page Builder Plugin Allow Site Takeover

Note: To receive disclosures like this in your inbox the moment they’re published, you can subscribe to our WordPress Security Mailing List. On August 19, 2021, the Wordfence Threat Intelligence team initiated the Responsible Disclosure process for Brizy - Page Builder, a WordPress plugin install...

6.5CVSS7.5AI score0.01682EPSS
Exploits1
Wordfence Blog
Wordfence Blog
added 2026/05/07 7:15 p.m.20 views

Wordfence Intelligence Weekly WordPress Vulnerability Report (April 27, 2026 to May 3, 2026)

Last week, there were 87 vulnerabilities disclosed in 198 WordPress Plugins and 5 WordPress Themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 61 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities ...

6AI score
Exploits0
Wordfence Blog
Wordfence Blog
added 2026/02/12 4:9 p.m.20 views

Wordfence Intelligence Weekly WordPress Vulnerability Report (February 2, 2026 to February 8, 2026)

Did you know Wordfence runs aBug Bounty Program for all WordPress plugin and themes at no cost to vendors? Researchers can earn up to $31,200 per vulnerability , for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find a vulnerability, submit the details directly to us, and we...

9.9CVSS6AI score0.0094EPSS
Exploits4
Wordfence Blog
Wordfence Blog
added 2025/12/04 3:54 p.m.20 views

Wordfence Intelligence Weekly WordPress Vulnerability Report (November 24, 2025 to November 30, 2025)

Last week, there were 126 vulnerabilities disclosed in 113 WordPress Plugins and 5 WordPress Themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 60 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities...

9.8CVSS8.7AI score0.43399EPSS
Exploits11
Wordfence Blog
Wordfence Blog
added 2025/11/13 3:35 p.m.20 views

Wordfence Intelligence Weekly WordPress Vulnerability Report (November 3, 2025 to November 9, 2025)

Calling all Vulnerability Researchers and Bug Bounty Hunters! The LFInder Challenge:Refine your LFI hunting skills with an expanded scope. Now through November 24, 2025, all LFI vulnerabilities in software with at least 25 active installs are considered in-scope for all researchers, regardless of...

9.8CVSS9.6AI score0.75063EPSS
Exploits9
Wordfence Blog
Wordfence Blog
added 2025/10/23 3:44 p.m.20 views

Wordfence Intelligence Weekly WordPress Vulnerability Report (October 13, 2025 to October 19, 2025)

Calling all Vulnerability Researchers and Bug Bounty Hunters! Operation: Maximum Impact Challenge ! Now through November 10, 2025, earn 2X bounty rewards forall in-scope submissions in software with at least 5,000 active installs and fewer than 5 million active installs. Bounties up to $31,200 pe...

9.9CVSS8.3AI score0.00915EPSS
Exploits5
Wordfence Blog
Wordfence Blog
added 2025/09/18 2:42 p.m.20 views

Wordfence Intelligence Weekly WordPress Vulnerability Report (September 8, 2025 to September 14, 2025)

Calling all Vulnerability Researchers and Bug Bounty Hunters! Operation: Maximum Impact Challenge ! Now through November 10, 2025, earn 2X bounty rewards forall in-scope submissions in software with at least 5,000 active installs and fewer than 5 million active installs. Bounties up to $31,200 pe...

9.8CVSS8.8AI score0.00746EPSS
Exploits4
Wordfence Blog
Wordfence Blog
added 2025/09/11 3:34 p.m.20 views

Wordfence Intelligence Weekly WordPress Vulnerability Report (September 1, 2025 to September 7, 2025)

Calling all Vulnerability Researchers and Bug Bounty Hunters! Operation: Maximum Impact Challenge ! Now through November 10, 2025, earn 2X bounty rewards forall in-scope submissions in software with at least 5,000 active installs and fewer than 5 million active installs. Bounties up to $31,200 pe...

9.8CVSS8.7AI score0.01158EPSS
Exploits4
Wordfence Blog
Wordfence Blog
added 2025/08/06 5:43 p.m.20 views

How To Find SQL Injection Vulnerabilities in WordPress Plugins and Themes

SQL Injection SQLi , a vulnerability almost as old as database-driven web applications themselves CWE-89, persists as a classic example of failing to neutralize user-supplied input before it's used in a SQL query. So why does this well-understood vulnerability type continue to exist? In the...

9.8CVSS9.5AI score0.89431EPSS
Exploits15
Wordfence Blog
Wordfence Blog
added 2025/06/04 5:5 p.m.20 views

9,000 WordPress Sites Affected by Arbitrary File Upload and Deletion Vulnerabilities in WP User Frontend Pro WordPress Plugin

📢In case you missed it, Wordfence just published itsannual WordPress security report for 2024. Read it now to learn more about the evolving risk landscape of WordPress so you can keep your sites protected in 2025 and beyond. On March 24th, 2025, we received a submission for an Arbitrary File Uplo...

8.8CVSS7.8AI score0.00797EPSS
Exploits1
Wordfence Blog
Wordfence Blog
added 2025/04/28 4:56 p.m.20 views

Interesting WordPress Malware Disguised as Legitimate Anti-Malware Plugin

📢In case you missed it, Wordfence just published itsannual WordPress security report for 2024. Read it now to learn more about the evolving risk landscape of WordPress so you can keep your sites protected in 2025 and beyond. The Wordfence Threat Intelligence team recently discovered an interestin...

7.6AI score
Exploits0
Wordfence Blog
Wordfence Blog
added 2025/02/12 5:0 p.m.20 views

30,000 WordPress Sites Affected by Arbitrary File Upload Vulnerability in Security & Malware scan by CleanTalk WordPress Plugin

On December 7th, 2024, we received a submission for an Arbitrary File Upload vulnerability in Security & Malware scan by CleanTalk, a WordPress plugin with more than 30,000 active installations. This vulnerability makes it possible for an unauthenticated attacker to upload arbitrary files to a...

9.8CVSS8.3AI score0.01557EPSS
Exploits0
Wordfence Blog
Wordfence Blog
added 2024/07/09 4:10 p.m.20 views

7,000 WordPress Sites Affected by Privilege Escalation Vulnerability in ProfileGrid WordPress Plugin

📢 Did you know Wordfence runs a Bug Bounty Program for all WordPress plugin and themes at no cost to vendors? Researchers can earn up to $10,400, for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find a vulnerability, submit the details directly to us, and we handle all the...

8.8CVSS7.2AI score0.00768EPSS
Exploits0
Wordfence Blog
Wordfence Blog
added 2024/05/22 3:0 p.m.20 views

Up to 30X Faster PHP Malware Scans with Wordfence CLI 4.0.1

Most of our customers scan a single site or a small number of sites for PHP malware using the Wordfence Plugin, and they coordinate scanning across multiple sites with Wordfence Central. If you are responsible for securing a large hosting provider network as part of an operations or security team...

6.9AI score
Exploits0
Wordfence Blog
Wordfence Blog
added 2024/03/20 3:0 p.m.20 views

$601 Bounty Awarded for Interesting Cross-Site Request Forgery to Local JS File Inclusion Vulnerability Patched in File Manager WordPress Plugin

🎉 Did you know were running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! On February 15th, 2024, during our second Bug Bounty Extravaganza...

6.8CVSS7.7AI score0.10651EPSS
Exploits0
Wordfence Blog
Wordfence Blog
added 2024/01/22 4:17 p.m.20 views

Introducing Wordfence CLI 3.0.1: Now With Automatic Remediation!

Note: This post refers to Wordfence CLI, the command line tool for operations teams to rapidly scan large numbers of WordPress websites for vulnerabilities and malware, not the Wordfence plugin which is deeply integrated into WordPress and provides additional functionality, like a firewall,...

7.7AI score
Exploits0
Total number of security vulnerabilities522