Wordfence is a Certified Numbering Authority (CNA), which grants us the ability to assign CVE IDs to WordPress plugin, theme, and core vulnerabilities. Please fill out the following form to request a CVE ID or to submit a vulnerability that will be added to our public database of vulnerabilities. All vulnerabilities reported to us without previous CVE ID assignment will be assigned a CVE ID. The Wordfence Threat Intelligence team will review your submission and report back within 1-3 business days with a CVE ID assignment and a link your published vulnerability, if already patched. We may request additional information.
All CVE IDs assigned by Wordfence are added to our vulnerability database as part of Wordfence Intelligence.
A guide to responsible disclosure can be found here. If you have any questions, please send an email to cve-request@wordfence.com.
If you would like to encrypt any fields on this form, please use the provided PGP key.