This site uses cookies in accordance with our Privacy Policy.
Wordfence Research and News
Newest
$493 Bounty Awarded for Arbitrary Options Update Vulnerability Patched in WP Datepicker WordPress Plugin
🎉 Did you know we’re running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! On April 14th, 2024, during our Bug Extravaganza, we received a submission for an Arbitrary Options Update …
Read More
$2,063 Bounty Awarded for Privilege Escalation Vulnerability Patched in User Registration WordPress Plugin
🎉 Did you know we’re running a Bug Bounty Extravaganza again?
$400 Bounty Awarded for SQL Injection Vulnerability Patched in WP Activity Log Premium WordPress Plugin
🎉 Did you know we’re running a Bug Bounty Extravaganza again?
$1,250 Bounty Awarded for Unauthenticated SQL Injection Vulnerability Patched in Email Subscribers by Icegram Express WordPress Plugin
🎉 Did you know we’re running a Bug Bounty Extravaganza again?
$937 Bounty Awarded for Privilege Escalation and Local File Inclusion Vulnerabilities Patched in MasterStudy LMS WordPress Plugin
🎉 Did you know we’re running a Bug Bounty Extravaganza again?
$657 Bounty Awarded for Arbitrary File Upload Patched in WEmanage App Worker WordPress Plugin
On February 1st, 2024, during our Bug Bounty Extravaganza, we received a submission for an Arbitrary File Upload vulnerability in Management App for WooCommerce, a WordPress plugin with 1,000+ active installations.
$5,500 Bounty Awarded for Unauthenticated SQL Injection Vulnerability Patched in LayerSlider WordPress Plugin
On March 25th, 2024, during our second Bug Bounty Extravaganza, we received a submission for an unauthenticated SQL Injection vulnerability in LayerSlider, a WordPress plugin with more than 1,000,000 estimated active installations.
$601 Bounty Awarded for Interesting Cross-Site Request Forgery to Local JS File Inclusion Vulnerability Patched in File Manager WordPress Plugin
🎉 Did you know we’re running a Bug Bounty Extravaganza again?
SQL Injection Vulnerability Patched in Tutor LMS WordPress Plugin
🎉 Did you know we’re running a Bug Bounty Extravaganza again?
Too Much Escaping Backfires, Allows Shortcode-Based XSS Vulnerability in Contact Form Entries WordPress Plugin
🎉 Did you know we’re running a Bug Bounty Extravaganza again?
Breaking WordPress Security Research in your inbox as it happens.
