This site uses cookies in accordance with our Privacy Policy.
Wordfence Research and News
Category: Research
Too Much Escaping Backfires, Allows Shortcode-Based XSS Vulnerability in Contact Form Entries WordPress Plugin
🎉 Did you know we’re running a Bug Bounty Extravaganza again?
Record Breaking $153,000+ Already Invested into the Security of the WordPress Ecosystem by Wordfence – More to Come!
🎉 Did you know we’re running a Bug Bounty Extravaganza again?
$1,313 Bounty Awarded for Privilege Escalation Vulnerability Patched in RegistrationMagic WordPress Plugin
🎉 Did you know we’re running a Bug Bounty Extravaganza again?
Critical Vulnerability Remains Unpatched in Two Permanently Closed MiniOrange WordPress Plugins – $1,250 Bounty Awarded
🎉 Did you know we’re running a Bug Bounty Extravaganza again?
Unauthenticated Stored XSS Vulnerability Patched in Ultimate Member WordPress Plugin
On February 28th, 2024, during our second Bug Bounty Extravaganza, we received a submission for an unauthenticated stored Cross-Site Scripting (XSS) vulnerability in Ultimate Member, a WordPress plugin with more than 200,000+ active installations.
$2,751 Bounty Awarded for Arbitrary File Upload Vulnerability Patched in Avada WordPress Theme
🎉 Did you know we’re running a Bug Bounty Extravaganza again?
$2,063 Bounty Awarded for Unauthenticated SQL Injection Vulnerability Patched in Ultimate Member WordPress Plugin
🎉 Did you know we’re running a Bug Bounty Extravaganza again?
$1,313 Bounty Awarded for Privilege Escalation Vulnerability Patched in Academy LMS WordPress Plugin
🎉 Did you know we’re running a Bug Bounty Extravaganza again?
SQL Injection Vulnerability Patched in RSS Aggregator by Feedzy WordPress Plugin
🎉 Did you know we’re running a Bug Bounty Extravaganza again?
2023’s Critical WordPress Vulnerabilities and How They Work
🎉 Did you know we’re running a Bug Bounty Extravaganza again?
Breaking WordPress Security Research in your inbox as it happens.
