Wordfence Research and News

Blog icon
Newest

Wordfence Intelligence Weekly WordPress Vulnerability Report (March 11, 2024 to March 17, 2024)

πŸŽ‰ Did you know we’re running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000,Β for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there were disclosed in and that have been added to the Wordfence Intelligence Vulnerability Database, and …
Read More

$601 Bounty Awarded for Interesting Cross-Site Request Forgery to Local JS File Inclusion Vulnerability Patched in File Manager WordPress Plugin

πŸŽ‰ Did you know we’re running a Bug Bounty Extravaganza again?

SQL Injection Vulnerability Patched in Tutor LMS WordPress Plugin

πŸŽ‰ Did you know we’re running a Bug Bounty Extravaganza again?

Too Much Escaping Backfires, Allows Shortcode-Based XSS Vulnerability in Contact Form Entries WordPress Plugin

πŸŽ‰ Did you know we’re running a Bug Bounty Extravaganza again?

Record Breaking $153,000+ Already Invested into the Security of the WordPress Ecosystem by Wordfence – More to Come!

πŸŽ‰ Did you know we’re running a Bug Bounty Extravaganza again?

$1,313 Bounty Awarded for Privilege Escalation Vulnerability Patched in RegistrationMagic WordPress Plugin

πŸŽ‰ Did you know we’re running a Bug Bounty Extravaganza again?

Wordfence Intelligence Weekly WordPress Vulnerability Report (March 4, 2024 to March 10, 2024)

πŸŽ‰ Did you know we’re running a Bug Bounty Extravaganza again?

Critical Vulnerability Remains Unpatched in Two Permanently Closed MiniOrange WordPress Plugins – $1,250 Bounty Awarded

πŸŽ‰ Did you know we’re running a Bug Bounty Extravaganza again?

Unauthenticated Stored XSS Vulnerability Patched in Ultimate Member WordPress Plugin

On February 28th, 2024, during our second Bug Bounty Extravaganza, we received a submission for an unauthenticated stored Cross-Site Scripting (XSS) vulnerability in Ultimate Member, a WordPress plugin with more than 200,000+ active installations.

Wordfence Intelligence Weekly WordPress Vulnerability Report (February 26, 2024 to March 3, 2024)

πŸŽ‰ Did you know we’re running a Bug Bounty Extravaganza again?