Wordfence is a Certified Numbering Authority (CNA), which grants us the ability to assign CVE IDs to WordPress plugin, theme, and core vulnerabilities. Please fill out the following form to request a CVE ID or to submit a vulnerability that will be added to our public database of vulnerabilities. All vulnerabilities reported to us without previous CVE ID assignment will be assigned a CVE ID. The Wordfence Threat Intelligence team will review your submission and report back within 1-3 business days with a CVE ID assignment and a link your published vulnerability, if already patched. We may request additional information.
All CVE IDs assigned by Wordfence are added to our vulnerability database as part of Wordfence Intelligence.
If you would like to encrypt any fields on this form, please use the provided PGP key.
Please review our guide to responsible disclosure.
You have just indicated that you did not report this vulnerability to the vendor or developer of this product. Responsible disclosure is an important step in vulnerability discovery and, as such, we recommend that you initiate the responsible disclosure process for this prior to requesting a CVE ID. It is important that the vendor is made aware of this vulnerability so they can release a patch to protect their customers.
If you have any questions about responsible disclosure, please email us at firstname.lastname@example.org.