Lucene search
K
WordfenceMost viewed

522 matches found

Wordfence Blog
Wordfence Blog
added 2023/06/21 5:15 p.m.17 views

Wordfence 7.10.0 Released!

Wordfence remains the number one security plugin of choice for website owners serious about protecting their investment and their customers. Our Threat Intelligence team and engineering team stay abreast of the newest threats and ensure that Wordfence is able to protect against them. But keeping ...

6.7AI score
Exploits0
Wordfence Blog
Wordfence Blog
added 2023/05/24 7:59 p.m.17 views

Wordfence Firewall Blocks Bizarre Large-Scale XSS Campaign

The Wordfence Threat Intelligence team has been monitoring an increase in attacks targeting a Cross-Site Scripting vulnerability in Beautiful Cookie Consent Banner, a WordPress plugin installed on over 40,000 sites. The vulnerability, which was fully patched in January in version 2.10.2, offers...

5.6AI score
Exploits0
Wordfence Blog
Wordfence Blog
added 2022/03/01 11:21 p.m.17 views

Ukraine Universities Hacked As Russian Invasion Started

Note: This article has been updated to reflect that the hosting provider "Njalla", which routed the malicious traffic involved in this attack, is based in Sweden, not in Finland, although IP geolocation data indicates that the specific server that the traffic transited may be based in Finland. We...

0.9AI score
Exploits0
Wordfence Blog
Wordfence Blog
added 2022/02/01 7:37 p.m.17 views

Announcing Wordfence Care and Wordfence Response

Today Im incredibly excited to announce that we are launching two new products: Wordfence Care and Wordfence Response. Lets start with a fun animation that explains our new product suite! In the post below, Ill describe in detail the two incredible new products we are launching and why they are...

6.6AI score
Exploits0
Wordfence Blog
Wordfence Blog
added 2021/10/12 1:0 p.m.17 views

Wordfence Helps Enable Education in Uganda

I want to share something very exciting and truly wonderful with you all today. Wordfence just completed a project where we partnered with Far Away Friends, a Denver-based non-profit working in partnership with local leaders in Uganda, to bring light and electricity to a school campus in a remote...

6.6AI score
Exploits0
Wordfence Blog
Wordfence Blog
added 2026/05/28 5:14 p.m.16 views

Wordfence Intelligence Weekly WordPress Vulnerability Report (May 18, 2026 to May 24, 2026)

Last week, there were 101 vulnerabilities disclosed in 88 WordPress Plugins and 1 WordPress Theme that have been added to the Wordfence Intelligence Vulnerability Database, and there were 69 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities i...

6.9AI score
Exploits0
Wordfence Blog
Wordfence Blog
added 2026/05/13 4:56 p.m.16 views

200,000 WordPress Sites at Risk from Critical Authentication Bypass Vulnerability in Burst Statistics Plugin

On May 8, 2026, PRISM, Wordfence Threat Intelligence’s autonomous vulnerability research platform, discovered a critical Authentication Bypass vulnerability in Burst Statistics, a WordPress plugin with more than 200,000 active installations. The vulnerability was introduced in the code on April 2...

9.8CVSS6.1AI score0.14608EPSS
Exploits10
Wordfence Blog
Wordfence Blog
added 2026/01/15 4:14 p.m.16 views

Wordfence Intelligence Weekly WordPress Vulnerability Report (January 5, 2026 to January 11, 2026)

Did you know Wordfence runs aBug Bounty Program for all WordPress plugin and themes at no cost to vendors? Researchers can earn up to $31,200 per vulnerability , for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find a vulnerability, submit the details directly to us, and we...

9.8CVSS7AI score0.01709EPSS
Exploits7
Wordfence Blog
Wordfence Blog
added 2025/11/04 6:13 p.m.16 views

100,000 WordPress Sites Affected by Privilege Escalation Vulnerability in AI Engine WordPress Plugin

On October 4th, 2025, we received a submission for a Sensitive Information Exposure vulnerability in AI Engine, a WordPress plugin with more than 100,000 active installations. This vulnerability can be exploited by unauthenticated attackers to extract the bearer token and then get full access to...

9.8CVSS7.7AI score0.75063EPSS
Exploits5
Wordfence Blog
Wordfence Blog
added 2025/10/09 2:29 p.m.16 views

Wordfence Intelligence Weekly WordPress Vulnerability Report (September 29, 2025 to October 5, 2025)

Calling all Vulnerability Researchers and Bug Bounty Hunters! Operation: Maximum Impact Challenge ! Now through November 10, 2025, earn 2X bounty rewards forall in-scope submissions in software with at least 5,000 active installs and fewer than 5 million active installs. Bounties up to $31,200 pe...

9.8CVSS8.5AI score0.02196EPSS
Exploits10
Wordfence Blog
Wordfence Blog
added 2025/10/07 4:22 p.m.16 views

Attackers Actively Exploiting Critical Vulnerability in Service Finder Bookings Plugin

📢 Calling all Vulnerability Researchers and Bug Bounty Hunters!📢 🚀 Operation: Maximum Impact Challenge ! Now through November 10, 2025, earn 2X bounty rewards forall in-scope submissions in software with at least 5,000 active installs and fewer than 5 million active installs. Bounties up to $31,2...

9.8CVSS7.5AI score0.04469EPSS
Exploits2
Wordfence Blog
Wordfence Blog
added 2025/10/02 2:22 p.m.16 views

Wordfence Intelligence Weekly WordPress Vulnerability Report (September 22, 2025 to September 28, 2025)

Calling all Vulnerability Researchers and Bug Bounty Hunters! Operation: Maximum Impact Challenge ! Now through November 10, 2025, earn 2X bounty rewards forall in-scope submissions in software with at least 5,000 active installs and fewer than 5 million active installs. Bounties up to $31,200 pe...

9.8CVSS8AI score0.1107EPSS
Exploits1
Wordfence Blog
Wordfence Blog
added 2025/05/14 7:29 p.m.16 views

10,000 WordPress Sites Affected by Remote Code Execution Vulnerability in UiPress lite WordPress Plugin

📢In case you missed it, Wordfence just published itsannual WordPress security report for 2024. Read it now to learn more about the evolving risk landscape of WordPress so you can keep your sites protected in 2025 and beyond. On March 29th, 2025, we received a submission for a Remote Code Executio...

8.8CVSS8.8AI score0.00881EPSS
Exploits0
Wordfence Blog
Wordfence Blog
added 2025/04/29 4:26 p.m.16 views

Wordfence: The World’s Leading Quality WordPress Vulnerability Intelligence Provider

On April 8th, 2024, we released our 2024 Annual WordPress Security Report, highlighting key trends and insights across the evolving landscape of WordPress security. Today, we want to shine a spotlight on Wordfence’s contributions through our Bug Bounty Program, and reaffirm our commitment to...

8.8AI score
Exploits0
Wordfence Blog
Wordfence Blog
added 2022/03/03 6:37 p.m.16 views

We’re Now Blocking 10,000 Requests Per Hour in Ukraine From Known Malicious IPs

48 hours ago we deployed our commercial real-time threat intelligence automatically, and for free, to all Ukrainian websites with the .UA top-level domain. That has made over 8,000 sites in Ukraine using the free version of Wordfence significantly more secure. At noon-UTC on March 2nd, those site...

2.2AI score
Exploits0
Wordfence Blog
Wordfence Blog
added 2021/11/02 2:4 p.m.16 views

Vulnerability in WP DSGVO Tools (GDPR) Plugin Allows Unauthenticated Page Deletion

Note: To receive disclosures like this in your inbox the moment they’re published, you can subscribe to our WordPress Security Mailing List. On September 27, 2021, the Wordfence Threat Intelligence team initiated the disclosure process for a vulnerability we found in WP DSGVO Tools GDPR, a...

6.4CVSS8.8AI score0.0393EPSS
Exploits1
Wordfence Blog
Wordfence Blog
added 2026/01/23 3:29 p.m.15 views

Wordfence Bug Bounty Program Monthly Report – December 2025

Last month in December 2025, the Wordfence Bug Bounty Program received 759 vulnerability submissions from our growing community of security researchers working to improve the overall security posture of the WordPress ecosystem. These submissions are reviewed, triaged, and processed by the Wordfen...

6.8AI score
Exploits0
Wordfence Blog
Wordfence Blog
added 2025/07/30 4:14 p.m.15 views

100,000 WordPress Sites Affected by Arbitrary File Upload Vulnerability in AI Engine WordPress Plugin

📢 Calling all Vulnerability Researchers and Bug Bounty Hunters!📢 🌞 Spring into Summer with Wordfence! Now through August 4, 2025, earn 2X bounty rewards forall in-scope submissions from our ‘High Threat’ list in software with fewer than 5 million active installs. Bounties up to $31,200 per...

8.8CVSS8.2AI score0.01057EPSS
Exploits2
Wordfence Blog
Wordfence Blog
added 2025/07/25 2:1 p.m.15 views

10,000 WordPress Sites Affected by Critical Vulnerabilities in HT Contact Form WordPress Plugin

📢 Calling all Vulnerability Researchers and Bug Bounty Hunters!📢 🌞 Spring into Summer with Wordfence! Now through August 4, 2025, earn 2X bounty rewards forall in-scope submissions from our ‘High Threat’ list in software with fewer than 5 million active installs. Bounties up to $31,200 per...

9.8CVSS8.3AI score0.0161EPSS
Exploits2
Wordfence Blog
Wordfence Blog
added 2025/03/12 7:50 p.m.15 views

Use Genuine Wordfence and Stay Secure, Stay Supported, and Avoid Malware, Vulnerabilities and Backdoors

Genuine Wordfence is only available on Wordfence.com or from the WordPress Plugin Repository. Given our popularity and excellent reputation, there are unfortunately quite a few nulled or counterfeit versions of Wordfence, and plugins that modify Wordfence in the wild. Some of these counterfeit...

7.1AI score
Exploits0
Wordfence Blog
Wordfence Blog
added 2024/01/31 4:36 p.m.15 views

The Wordfence 2023 State of WordPress Security Report

Today, the Wordfence Threat Intelligence team is releasing our 2023 State of WordPress Security Report as a free White Paper. In our report, we look at changes in the threat landscape, analyze impactful trends, and provide recommendations based on our findings. While most of our recommendations...

7.3AI score
Exploits0
Wordfence Blog
Wordfence Blog
added 2023/09/13 3:15 p.m.15 views

Malware Scanning: An Essential Layer of Website Security

Wordfence recently launched Wordfence CLI, a high performance command line malware scanner, which makes use of our extensive set of malware detection signatures to rapidly scan file systems for infections. In recent years, the WordPress community has seen a shift in emphasis towards prevention,...

7.7AI score
Exploits0
Wordfence Blog
Wordfence Blog
added 2022/06/29 6:3 p.m.15 views

Securing Port 443: The Gateway To A New Universe

At Wordfence our business is to secure over 4 million WordPress websites and keep them secure. My background is in network operations, and then I transitioned into software development because my ops role was at a scale where I found myself writing a lot of code. This led me to founding startups,...

7.3AI score
Exploits0
Wordfence Blog
Wordfence Blog
added 2022/06/01 2:51 p.m.15 views

The Cybersecurity CIA Triad: What You Need to Know as a WordPress Site Owner

One of the core concepts of cybersecurity is known as the CIA Triad. There are three pillars to the triad, with each pillar being designed to address an aspect of securing data. These three pillars are Confidentiality, Integrity, and Availability. The Confidentiality pillar is intended to prevent...

0.5AI score
Exploits0
Wordfence Blog
Wordfence Blog
added 2021/12/01 2:55 p.m.15 views

XSS Vulnerability Patched in Plugin Designed to Enhance WooCommerce

Note: To receive disclosures like this in your inbox the moment they’re published, you can subscribe to our WordPress Security Mailing List. On November 11, 2021 the Wordfence Threat Intelligence team initiated the responsible disclosure process for a vulnerability we discovered in “Variation...

3.5CVSS6.1AI score0.00531EPSS
Exploits0
Wordfence Blog
Wordfence Blog
added 2021/07/02 7:13 p.m.15 views

Episode 124: PrintNightmare 0Day Exploit Accidentally Leaked Online

Security researchers accidentally leaked zero-day exploit code for a new Windows bug, now called PrintNightmare, while easily exploitable vulnerabilities in the ProfilePress plugin, previously called WP User Avatar, were patched quickly. An unprotected cloud database containing over 814 million...

7.9AI score
Exploits0
Wordfence Blog
Wordfence Blog
added 2026/02/05 4:20 p.m.14 views

Wordfence Intelligence Weekly WordPress Vulnerability Report (January 26, 2026 to February 1, 2026)

Did you know Wordfence runs aBug Bounty Program for all WordPress plugin and themes at no cost to vendors? Researchers can earn up to $31,200 per vulnerability , for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find a vulnerability, submit the details directly to us, and we...

9.8CVSS6.5AI score0.12024EPSS
Exploits1
Wordfence Blog
Wordfence Blog
added 2026/01/19 9:23 p.m.14 views

100,000 WordPress Sites Affected by Privilege Escalation Vulnerability in Advanced Custom Fields: Extended WordPress Plugin

On December 10th, 2025, we received a submission for a Privilege Escalation vulnerability in Advanced Custom Fields: Extended, a WordPress plugin with more than 100,000+ active installations. This vulnerability makes it possible for an unauthenticated attacker to grant themselves administrative...

9.8CVSS5.7AI score0.00982EPSS
Exploits0
Wordfence Blog
Wordfence Blog
added 2025/12/02 7:47 p.m.14 views

100,000 WordPress Sites Affected by Remote Code Execution Vulnerability in Advanced Custom Fields: Extended WordPress Plugin

On November 18th, 2025, we received a submission for an unauthenticated Remote Code Execution vulnerability in Advanced Custom Fields: Extended, a WordPress plugin with more than 100,000 active installations. This vulnerability can be leveraged to execute code remotely. Props to dudekmar who...

9.8CVSS9AI score0.73557EPSS
Exploits10
Wordfence Blog
Wordfence Blog
added 2025/09/15 4:26 p.m.14 views

Attackers Actively Exploiting Critical Vulnerability in Case Theme User Plugin

📢 Calling all Vulnerability Researchers and Bug Bounty Hunters!📢 🚀 Operation: Maximum Impact Challenge ! Now through November 10, 2025, earn 2X bounty rewards forall in-scope submissions in software with at least 5,000 active installs and fewer than 5 million active installs. Bounties up to $31,2...

9.8CVSS7.8AI score0.00714EPSS
Exploits0
Wordfence Blog
Wordfence Blog
added 2025/09/08 3:38 p.m.14 views

600,000 WordPress Sites Affected by PHP Object Injection Vulnerability in Fluent Forms WordPress Plugin

📢 Calling all Vulnerability Researchers and Bug Bounty Hunters!📢 💉 Participate in theSQLsplorer Challenge! Now through September 22, 2025, all SQL Injection vulnerabilities in software with at least 25 active installs are considered in-scope for all researchers, regardless of researcher tier AND...

6.5CVSS8.1AI score0.0053EPSS
Exploits0
Wordfence Blog
Wordfence Blog
added 2025/07/08 4:0 p.m.14 views

Revolutionizing Responsible Disclosure: Introducing the Wordfence Vulnerability Management Portal for WordPress Vendors

The Wordfence team is excited to announce the official launch of the Wordfence Vulnerability Management Portal, the latest addition to the Wordfence Intelligence suite. This new interface is designed to improve and simplify the vulnerability disclosure process between the Wordfence team and...

7.1AI score
Exploits0
Wordfence Blog
Wordfence Blog
added 2025/04/08 5:54 p.m.14 views

2024 Annual WordPress Security Report by Wordfence

The 2024 WordPress security landscape saw significant changes, with new Bug Bounty Programs such as Wordfence’s creating opportunities for numerous researchers to earn a sustainable income by examining WordPress software. Despite another record year for disclosed vulnerabilities in 2025, the risi...

9AI score
Exploits0
Wordfence Blog
Wordfence Blog
added 2025/03/10 4:8 p.m.14 views

WordPress Security Research Series: WordPress Security Architecture

Welcome to Part 2 of the WordPress Security Research Beginner Series! If you haven’t had a chance, please review the series introduction blog post for more details on the goal of this series and what to expect as well as Part 1, which covers WordPress Request Architecture and Hooks. In WordPress...

7.7AI score
Exploits0
Wordfence Blog
Wordfence Blog
added 2024/11/12 9:50 p.m.14 views

WordPress Database Scanning For Malware Released in Wordfence CLI 5.0.1

Today we’re excited to announce the recent release of Wordfence CLI version 5.0.1 which includes a much requested feature from security analysts, hosting providers and ops teams: Database scanning for WordPress. Now you can scan any WordPress database you have access to for malware and...

7.6AI score
Exploits0
Wordfence Blog
Wordfence Blog
added 2024/08/15 1:3 p.m.14 views

Earn Up to $31,200 Per Vulnerability: Introducing the WordPress Bug Bounty Superhero Challenge!

Today, we’re incredibly excited to launch a new challenge for the Wordfence Bug Bounty Program: the WordPress Superhero Challenge! Through October 14th, we’re introducing a new active installation count range for our bounties for plugins and themes with 5,000,000+ active installations and we are...

8.8AI score
Exploits0
Wordfence Blog
Wordfence Blog
added 2024/07/01 4:20 p.m.14 views

WordPress Security Research: A Beginner’s Series

Learn How To Find WordPress Vulnerabilities Step-by-Step Welcome to the inaugural post of our WordPress Security Research Beginners Series! With the success of the Wordfence Bug Bounty Program, we wanted to provide emerging vulnerability researchers, and experienced Bug Bounty Hunters, with a...

7.7AI score
Exploits0
Wordfence Blog
Wordfence Blog
added 2024/06/28 3:10 p.m.15 views

3 More Plugins Infected in WordPress.org Supply Chain Attack Due to Compromised Developer Passwords

Update 1: As of 12:36PM EST, another plugin has been infected. Weve updated the list below to include this fourth plugin and the plugins team has been notified. Update 2: As of 2:20 PM EST, two more plugins appear to have malicious commits, however, the releases have not officially been made...

7.1AI score
Exploits0
Wordfence Blog
Wordfence Blog
added 2023/04/07 5:59 p.m.14 views

Friday Long Read: What To Do About AI

This is a Friday long-read, so grab a warm cup of something and kick back because were going to take our time on this. The world is about to profoundly change. I know youre nervous - perhaps excited and optimistic, but if youve been paying attention and have been watching the trajectory of this...

6.5AI score
Exploits0
Wordfence Blog
Wordfence Blog
added 2022/12/14 7:4 p.m.14 views

Wordfence Launches Free Vulnerability Database For Commercial Use – And Launches Security Portal

Today we are incredibly excited to announce that Wordfence is launching an entirely free vulnerability database API and web interface, available for commercial use by hosting companies, security organizations, threat analysts, security researchers, and the WordPress user community. This is part o...

6.8AI score
Exploits0
Wordfence Blog
Wordfence Blog
added 2022/10/27 8:38 p.m.14 views

Wordfence Premium Price Increase Coming in December – The First Since 2016

It has been over 6 years since we last raised our prices. Since then our team has more than doubled in size and we have introduced significant improvements to the core Wordfence product, launched a range of free and paid products, and introduced new services that include 24 hour incident response...

0.3AI score
Exploits0
Wordfence Blog
Wordfence Blog
added 2026/07/02 6:34 p.m.13 views

Wordfence Intelligence Weekly WordPress Vulnerability Report (June 22, 2026 to June 28, 2026)

Last week, there were 201 vulnerabilities disclosed in 171 WordPress Plugins and 9 WordPress Themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 112 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilitie...

6.3AI score
Exploits0
Wordfence Blog
Wordfence Blog
added 2026/06/10 4:53 p.m.13 views

Critical Unauthenticated Authentication Bypass Vulnerability Patched in UpdraftPlus WordPress Plugin

On June 2nd, 2026, we received a submission for a critical Unauthenticated Authentication Bypass vulnerability in UpdraftPlus, a WordPress plugin with more than 3 million active installations. Although the plugin has such a large install base, the vulnerability is only exploitable on sites that...

8.1CVSS7.8AI score0.03578EPSS
Exploits3
Wordfence Blog
Wordfence Blog
added 2026/05/28 7:19 p.m.13 views

15,000 WordPress Sites Affected by Administrator Account Creation Vulnerability in WP Maps Pro WordPress Plugin

On March 24th, 2026, we received a submission for an Unauthenticated Administrator Account Creation vulnerability in WP Maps Pro, a WordPress plugin with more than 15,000 sales. This vulnerability makes it possible for unauthenticated attackers to create new administrator accounts on the affected...

9.8CVSS6AI score0.09461EPSS
Exploits7
Wordfence Blog
Wordfence Blog
added 2026/04/09 6:12 p.m.13 views

Wordfence Intelligence Weekly WordPress Vulnerability Report (March 30, 2026 to April 5, 2026)

Last week, there were 56 vulnerabilities disclosed in 50 WordPress Plugins that have been added to the Wordfence Intelligence Vulnerability Database, and there were 38 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities in this report now to...

6AI score
Exploits0
Wordfence Blog
Wordfence Blog
added 2026/03/12 7:0 p.m.13 views

Wordfence Intelligence Weekly WordPress Vulnerability Report (March 2, 2026 to March 8, 2026)

Last week, there were 199 vulnerabilities disclosed in 84 WordPress Plugins and 107 WordPress Themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 59 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilitie...

9.9CVSS7.5AI score0.25532EPSS
Exploits7
Wordfence Blog
Wordfence Blog
added 2026/02/02 3:30 p.m.13 views

Important Notice: Preserving Free Access While Evolving the Wordfence Intelligence Vulnerability API

Update: Thanks to all of our readers who pointed out the incorrect year. The correct date is March 9th,2026 and we have updated this post to reflect that. We apologize for the oversight on our part in providing the wrong year in the post and email. This does not affect any Wordfence Free, Premium...

5.6AI score
Exploits0
Wordfence Blog
Wordfence Blog
added 2026/01/21 6:12 p.m.13 views

20,000 WordPress Sites Affected by Backdoor Vulnerability in LA-Studio Element Kit for Elementor WordPress Plugin

On January 12th, 2026, we received a submission for a Backdoor vulnerability in the LA-Studio Element Kit for Elementor, a WordPress plugin with more than 20,000+ active installations. This vulnerability makes it possible for an unauthenticated attacker to create malicious administrator users...

9.8CVSS5.6AI score0.01078EPSS
Exploits5
Wordfence Blog
Wordfence Blog
added 2025/06/02 4:20 p.m.13 views

Malware Masquerades as Legitimate, Hidden WordPress Plugin with Remote Code Execution Capabilities

📢In case you missed it, Wordfence just published itsannual WordPress security report for 2024. Read it now to learn more about the evolving risk landscape of WordPress so you can keep your sites protected in 2025 and beyond. The Wordfence Threat Intelligence team recently discovered an interestin...

8.3AI score
Exploits0
Wordfence Blog
Wordfence Blog
added 2024/01/15 1:6 p.m.13 views

Website Takeover Campaign Takes Advantage of Unauthenticated Stored Cross-Site Scripting Vulnerability in Popup Builder Plugin

On December 11, 2023, we added an Unauthenticated Stored XSS vulnerability in the Popup Builder WordPress plugin to our Wordfence Intelligence Vulnerability Database. This vulnerability, which was originally reported by WPScan, allows an unauthenticated attacker to inject arbitrary JavaScript tha...

6.4AI score
Exploits0
Total number of security vulnerabilities522