50,000 WordPress Sites Affected by Privilege Escalation Vulnerability in Uncanny Automator WordPress Plugin

📢Did you know Wordfence runs aBug Bounty Program for all WordPress plugins and themes at no cost to vendors? Researchers can earn up to $31,200 per vulnerability , for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find a vulnerability, submit the details directly to us, and we...

Wordfence Intelligence Weekly WordPress Vulnerability Report (March 24, 2025 to March 30, 2025)

Did you know Wordfence runs aBug Bounty Program for all WordPress plugins and themes at no cost to vendors? Researchers can earn up to $31,200 per vulnerability , for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find a vulnerability, submit the details directly to us, and we...

20,000 WordPress Sites Affected by Arbitrary File Upload and Deletion Vulnerabilities in WP Ultimate CSV Importer WordPress Plugin

📢Did you know Wordfence runs aBug Bounty Program for all WordPress plugins and themes at no cost to vendors? Researchers can earn up to $31,200 per vulnerability , for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find a vulnerability, submit the details directly to us, and we...

Wordfence Intelligence Weekly WordPress Vulnerability Report (March 17, 2025 to March 23, 2025)

Did you know Wordfence runs aBug Bounty Program for all WordPress plugins and themes at no cost to vendors? Researchers can earn up to $31,200 per vulnerability , for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find a vulnerability, submit the details directly to us, and we...

Wordfence Intelligence Weekly WordPress Vulnerability Report (March 10, 2025 to March 16, 2025)

Did you know Wordfence runs aBug Bounty Program for all WordPress plugins and themes at no cost to vendors? Researchers can earn up to $31,200 per vulnerability , for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find a vulnerability, submit the details directly to us, and we...

Wordfence Intelligence Weekly WordPress Vulnerability Report (March 3, 2025 to March 9, 2025)

Did you know Wordfence runs aBug Bounty Program for all WordPress plugins and themes at no cost to vendors? Researchers can earn up to $31,200 per vulnerability , for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find a vulnerability, submit the details directly to us, and we...

Use Genuine Wordfence and Stay Secure, Stay Supported, and Avoid Malware, Vulnerabilities and Backdoors

Genuine Wordfence is only available on Wordfence.com or from the WordPress Plugin Repository. Given our popularity and excellent reputation, there are unfortunately quite a few nulled or counterfeit versions of Wordfence, and plugins that modify Wordfence in the wild. Some of these counterfeit...

WordPress Security Research Series: WordPress Security Architecture

Welcome to Part 2 of the WordPress Security Research Beginner Series! If you haven’t had a chance, please review the series introduction blog post for more details on the goal of this series and what to expect as well as Part 1, which covers WordPress Request Architecture and Hooks. In WordPress...

Wordfence Intelligence Weekly WordPress Vulnerability Report (February 24, 2025 to March 2, 2025)

Did you know Wordfence runs aBug Bounty Program for all WordPress plugins and themes at no cost to vendors? Researchers can earn up to $31,200 per vulnerability , for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find a vulnerability, submit the details directly to us, and we...

Enhancing the Wordfence Bug Bounty Program: New Incentives & a Stronger Focus on High-Impact Research

Last year was a year of growth and refinement for the Wordfence Threat Intelligence team. In December of 2023, we launched our Bug Bounty Program, rewarding security researchers for identifying and reporting in-scope vulnerabilities to further our mission of Securing the Web while contributing to...

Wordfence Intelligence Weekly WordPress Vulnerability Report (February 17, 2025 to February 23, 2025)

Did you know Wordfence runs aBug Bounty Program for all WordPress plugins and themes at no cost to vendors? Researchers can earn up to $31,200 per vulnerability , for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find a vulnerability, submit the details directly to us, and we...

100,000 WordPress Sites Affected by Arbitrary File Upload, Read and Deletion Vulnerability in Everest Forms WordPress Plugin

📢Did you know Wordfence runs aBug Bounty Program for all WordPress plugins and themes at no cost to vendors? Researchers can earn up to $31,200 per vulnerability , for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find a vulnerability, submit the details directly to us, and we...

Wordfence Intelligence Weekly WordPress Vulnerability Report (February 10, 2025 to February 16 2025)

Did you know Wordfence runs aBug Bounty Program for all WordPress plugins and themes at no cost to vendors? Researchers can earn up to $31,200 per vulnerability , for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find a vulnerability, submit the details directly to us, and we...

Creative SVG File Upload to Local File Inclusion Vulnerability Affecting 90,000 Sites Patched in Jupiter X Core WordPress Plugin

📢Did you know Wordfence runs aBug Bounty Program for all WordPress plugins and themes at no cost to vendors? Researchers can earn up to $31,200 per vulnerability , for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find a vulnerability, submit the details directly to us, and we...

Wordfence Intelligence Weekly WordPress Vulnerability Report (February 3, 2025 to February 9, 2025)

Did you know Wordfence runs aBug Bounty Program for all WordPress plugins and themes at no cost to vendors? Researchers can earn up to $31,200 per vulnerability , for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find a vulnerability, submit the details directly to us, and we...

30,000 WordPress Sites Affected by Arbitrary File Upload Vulnerability in Security & Malware scan by CleanTalk WordPress Plugin

On December 7th, 2024, we received a submission for an Arbitrary File Upload vulnerability in Security & Malware scan by CleanTalk, a WordPress plugin with more than 30,000 active installations. This vulnerability makes it possible for an unauthenticated attacker to upload arbitrary files to a...

Wordfence Intelligence Weekly WordPress Vulnerability Report (January 27, 2025 to February 2, 2025)

Did you know Wordfence runs aBug Bounty Program for all WordPress plugins and themes at no cost to vendors? Researchers can earn up to $31,200 per vulnerability , for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find a vulnerability, submit the details directly to us, and we...

Wordfence Intelligence Weekly WordPress Vulnerability Report (January 20, 2025 to January 26, 2025)

Did you know Wordfence runs aBug Bounty Program for all WordPress plugins and themes at no cost to vendors? Researchers can earn up to $31,200 per vulnerability , for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find a vulnerability, submit the details directly to us, and we...

Wordfence Intelligence Weekly WordPress Vulnerability Report (January 13, 2025 to January 19, 2025)

Did you know Wordfence runs aBug Bounty Program for all WordPress plugins and themes at no cost to vendors? Researchers can earn up to $31,200 per vulnerability , for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find a vulnerability, submit the details directly to us, and we...

Wordfence Bug Bounty Researchers: Unlock More Earning Potential With New “Refer A Researcher” Program

Today, we at Wordfence are excited to announce a groundbreaking addition to our Wordfence Bug Bounty Program: the Refer-A-Researcher Program! Refer new researchers to our program and earn commissions when they submit valid vulnerabilities. This is a great opportunity to earn even more with the...

Wordfence Intelligence Weekly WordPress Vulnerability Report (January 6, 2025 to January 12, 2025)

Did you know Wordfence runs aBug Bounty Program for all WordPress plugins and themes at no cost to vendors? Researchers can earn up to $31,200 per vulnerability , for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find a vulnerability, submit the details directly to us, and we...

Wordfence Intelligence Weekly WordPress Vulnerability Report (December 16, 2024 to January 5, 2025)

Did you know Wordfence runs aBug Bounty Program for all WordPress plugin and themes at no cost to vendors? Researchers can earn up to $31,200 per vulnerability , for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find a vulnerability, submit the details directly to us, and we...

Wordfence Intelligence Weekly WordPress Vulnerability Report (December 9, 2024 to December 15, 2024)

Time to wrap up this year and kick-off the new year with a bang! We’re wrapping up the year with ourEnd of Year Holiday Extravaganza , High-Risk Bonus Blitz Challenge , and Superhero Challenge for the Wordfence Bug Bounty Program. Through January 6th, 2025: All in-scope vulnerability types for...

Wordfence Intelligence Weekly WordPress Vulnerability Report (December 2, 2024 to December 8, 2024)

Time to wrap up this year and kick-off the new year with a bang! We’re wrapping up the year with ourEnd of Year Holiday Extravaganza , High-Risk Bonus Blitz Challenge , and Superhero Challenge for the Wordfence Bug Bounty Program. Through January 6th, 2025: All in-scope vulnerability types for...

6,000,000 WordPress Sites Protected Against Payment Refund and Subscription Cancellation Vulnerability in WPForms WordPress Plugin

💥 Time to wrap up this year and kick-off the new year with a bang! We’re wrapping up the year with ourEnd of Year Holiday Extravaganza , High-Risk Bonus Blitz Challenge , and Superhero Challenge for the Wordfence Bug Bounty Program. Through January 6th, 2025: All in-scope vulnerability types for...

Wordfence Intelligence Weekly WordPress Vulnerability Report (November 25, 2024 to December 1, 2024)

Time to wrap up this year and kick-off the new year with a bang! We’re wrapping up the year with ourEnd of Year Holiday Extravaganza , High-Risk Bonus Blitz Challenge , and Superhero Challenge for the Wordfence Bug Bounty Program. Through January 6th, 2025: All in-scope vulnerability types for...

Wordfence Intelligence Weekly WordPress Vulnerability Report (November 18, 2024 to November 24, 2024)

Calling all superheroes and hunters! Introducing the End of Year Holiday Extravaganza and the WordPress Superhero Challenge for the Wordfence Bug Bounty Program! Through December 9th, 2024: All in-scope vulnerability types for WordPress plugins/themes with = 1,000 active installations are in-scop...

200,000 WordPress Sites Affected by Unauthenticated Critical Vulnerabilities in Anti-Spam by CleanTalk WordPress Plugin

Calling all superheroes and hunters! Introducing the End of Year Holiday Extravaganza and the WordPress Superhero Challenge for the Wordfence Bug Bounty Program! Through December 9th, 2024: All in-scope vulnerability types for WordPress plugins/themes with = 1,000 active installations are in-scop...

Wordfence Intelligence Weekly WordPress Vulnerability Report (November 11, 2024 to November 17, 2024)

Calling all superheroes and hunters! Introducing the End of Year Holiday Extravaganza and the WordPress Superhero Challenge for the Wordfence Bug Bounty Program! Through December 9th, 2024: All in-scope vulnerability types for WordPress plugins/themes with = 1,000 active installations are in-scop...

Wordfence Intelligence Weekly WordPress Vulnerability Report (November 4, 2024 to November 10, 2024)

Calling all superheroes and hunters! Introducing the End of Year Holiday Extravaganza and the WordPress Superhero Challenge for the Wordfence Bug Bounty Program! Through December 9th, 2024: All in-scope vulnerability types for WordPress plugins/themes with = 1,000 active installations are in-scop...

4,000,000 WordPress Sites Using Really Simple Security Free and Pro Versions Affected by Critical Authentication Bypass Vulnerability

Introductory Note: This is one of the more serious vulnerabilities that we have reported on in our 12 year history as a security provider for WordPress. This vulnerability affects Really Simple Security, formerly known as Really Simple SSL , installed on over 4 million websites, and allows an...

Wrap Up the Year with the Biggest Scope and Rewards Yet: Join the Wordfence Bug Bounty Program End of Year Holiday Extravaganza!

The holidays are here, and so is your chance to earn big while helping secure the WordPress ecosystem! For all submissions to our Bug Bounty Program from November 12, 2024, to December 9, 2024 , we’re rolling out our End of Year Holiday Extravaganza promotion to give back to our security...

WordPress Database Scanning For Malware Released in Wordfence CLI 5.0.1

Today we’re excited to announce the recent release of Wordfence CLI version 5.0.1 which includes a much requested feature from security analysts, hosting providers and ops teams: Database scanning for WordPress. Now you can scan any WordPress database you have access to for malware and...

28,000 WordPress Sites Affected by Arbitrary File Read and Deletion Vulnerability in WPLMS WordPress Theme

🦸 👻 Calling all superheroes and haunters! Introducing theCybersecurity Month Spooktacular Haunt and the WordPress Superhero Challenge for the Wordfence Bug Bounty Program! Through November 11th, 2024: All in-scope vulnerability types for WordPress plugins/themes with = 1,000 active installations...

Wordfence Price Increases Coming December 5th, 2024

We haven't raised our prices in a relatively high inflation environment in 2 years, and in the case of Wordfence Care and Response, for 2.5 years. So that time has come, and we want to let our free and paid user community know ahead of time. We’re giving you almost a month forewarning before we...

Wordfence Intelligence Weekly WordPress Vulnerability Report (October 28, 2024 to November 3, 2024)

Calling all superheroes and haunters! Introducing the Cybersecurity Month Spooktacular Haunt and the WordPress Superhero Challenge for the Wordfence Bug Bounty Program! Through November 11th, 2024: All in-scope vulnerability types for WordPress plugins/themes with = 1,000 active installations are...

Announcing The Wordfence Audit Log: Off-Site Real-Time Security Event Logging for WordPress

Today the Wordfence team is proud to announce an exciting new feature: The Wordfence Audit Log, included in the Wordfence 8.0 release. The audit log captures and stores security-related events on your website as they happen, and sends them securely to an off-site location to protect them from...

Wordfence Intelligence Weekly WordPress Vulnerability Report (October 21, 2024 to October 27, 2024)

Calling all superheroes and haunters! Introducing the Cybersecurity Month Spooktacular Haunt and the WordPress Superhero Challenge for the Wordfence Bug Bounty Program! Through November 11th, 2024: All in-scope vulnerability types for WordPress plugins/themes with = 1,000 active installations are...

10,000 WordPress Sites Affected by Arbitrary File Upload Vulnerability in AI Power: Complete AI Pack WordPress Plugin

🦸 👻 Calling all superheroes and haunters! Introducing theCybersecurity Month Spooktacular Haunt and the WordPress Superhero Challenge for the Wordfence Bug Bounty Program! Through November 11th, 2024: All in-scope vulnerability types for WordPress plugins/themes with = 1,000 active installations...

Wordfence Intelligence Weekly WordPress Vulnerability Report (October 14, 2024 to October 20, 2024)

Calling all superheroes and haunters! Introducing the Cybersecurity Month Spooktacular Haunt and the WordPress Superhero Challenge for the Wordfence Bug Bounty Program! Through November 11th, 2024: All in-scope vulnerability types for WordPress plugins/themes with = 1,000 active installations are...

Wordfence Intelligence Weekly WordPress Vulnerability Report (October 7, 2024 to October 13, 2024)

Calling all superheroes and haunters! Introducing the Cybersecurity Month Spooktacular Haunt and the WordPress Superhero Challenge for the Wordfence Bug Bounty Program! Through November 11th, 2024: All in-scope vulnerability types for WordPress plugins/themes with = 1,000 active installations are...

Wordfence Intelligence Weekly WordPress Vulnerability Report (September 30, 2024 to October 6, 2024)

Calling all superheroes and haunters! Introducing the Cybersecurity Month Spooktacular Haunt and the WordPress Superhero Challenge for the Wordfence Bug Bounty Program! Through November 11th, 2024: All in-scope vulnerability types for WordPress plugins/themes with = 1,000 active installations are...

Get Spooked By Huge Scope and Rewards in the Wordfence Bug Bounty Cybersecurity Month Spooktacular Haunt!

Calling all vulnerability researchers! Get ready to immerse yourselves in the world of WordPress security with the Wordfence Cybersecurity Month Spooktacular Haunt , running from now through November 11th, 2024! What's Happening During This Cybersecurity Month Spooktacular Haunt? In celebration o...

7,000 WordPress Sites Affected by Unauthenticated Critical Vulnerabilities in LatePoint WordPress Plugin

🦸 👻 Calling all superheroes and haunters! Introducing theCybersecurity Month Spooktacular Haunt and the WordPress Superhero Challenge for the Wordfence Bug Bounty Program! Through November 11th, 2024: All in-scope vulnerability types for WordPress plugins/themes with = 1,000 active installations...

Wordfence Intelligence Weekly WordPress Vulnerability Report (September 23, 2024 to September 29, 2024)

Did you know Wordfence runs aBug Bounty Program for all WordPress plugins and themes at no cost to vendors? Through October 7th, 2024, XSS vulnerabilities in all plugins and themes with =1,000 Active Installs are in scope for all researchers. In addition, through October 14th, 2024 , r esearchers...

8,000 WordPress Sites affected by Arbitrary File Upload Vulnerability in WP Hotel Booking WordPress Plugin

📢 Did you know Wordfence runs aBug Bounty Program for all WordPress plugins and themes at no cost to vendors? Through October 7th, 2024, XSS vulnerabilities in all plugins and themes with =1,000 Active Installs are in scope for all researchers. In addition, through October 14th, 2024 , r esearche...

A (Beta) Audio Roundup of September’s WordPress Vulnerabilities

For those of you that want to stay abreast of the newest vulnerabilities in the WP ecosystem, but like to multitask, here's an audio roundup of the vulnerabilities we published in the month of September. This is something new I'm trying. The conversation is AI generated by Google's NotebookLM...

Wordfence Intelligence Weekly WordPress Vulnerability Report (September 16, 2024 to September 22, 2024)

Did you know Wordfence runs aBug Bounty Program for all WordPress plugins and themes at no cost to vendors? Through October 7th, 2024, XSS vulnerabilities in all plugins and themes with =1,000 Active Installs are in scope for all researchers. In addition, through October 14th, 2024 , r esearchers...

90,000 WordPress Sites Affected by Arbitrary File Upload and Authentication Bypass Vulnerabilities in Jupiter X Core WordPress Plugin

📢 Did you know Wordfence runs aBug Bounty Program for all WordPress plugins and themes at no cost to vendors? Through October 7th, 2024, XSS vulnerabilities in all plugins and themes with =1,000 Active Installs are in scope for all researchers. In addition, through October 14th, 2024 , r esearche...

20,000 WordPress Sites Affected by Privilege Escalation Vulnerability in WCFM – WooCommerce Frontend Manager WordPress Plugin

📢 Did you know Wordfence runs aBug Bounty Program for all WordPress plugins and themes at no cost to vendors? Through October 7th, 2024, XSS vulnerabilities in all plugins and themes with =1,000 Active Installs are in scope for all researchers. In addition, through October 14th, 2024 , r esearche...