Vulnerability Submission and CVE Request Form

Wordfence is a Certified Numbering Authority (CNA), which grants us the ability to assign CVE IDs to WordPress plugin, theme, and core vulnerabilities. Please fill out the following form to request a CVE ID or to submit a vulnerability that will be added to our public database of vulnerabilities. All vulnerabilities reported to us without previous CVE ID assignment will be assigned a CVE ID. The Wordfence Threat Intelligence team will review your submission and report back within 1-3 business days with a CVE ID assignment and a link your published vulnerability, if already patched. We may request additional information.

All CVE IDs assigned by Wordfence are added to our vulnerability database as part of Wordfence Intelligence.

A guide to responsible disclosure can be found here. If you have any questions, please send an email to

If you would like to encrypt any fields on this form, please use the provided PGP key.

Contact Information
Vulnerability Details
Affected Software

By submitting this form, you grant Wordfence rights to publish this information.