Did you know we’re running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through February 29th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there Continue reading Wordfence Intelligence Weekly WordPress Vulnerability Report (January 22, 2024 to January 28, 2024)
Today, the Wordfence Threat Intelligence team is releasing our 2023 State of WordPress Security Report as a free White Paper. In our report, we look at changes in the threat landscape, analyze impactful trends, and provide recommendations based on our Continue reading The Wordfence 2023 State of WordPress Security Report
Today, January 30, 2024, WordPress released version 6.4.3, which contains two security patches for longstanding, albeit minor, security concerns in WordPress Core. The first patch addresses an issue that allows users with Administrator (or Super Administrator on Multisite) privileges to Continue reading The WordPress 6.4.3 Security Update – What You Need to Know
Did you know we’re running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through February 29th, 2024 when you opt to have Wordfence handle responsible disclosure! On December 5th, Continue reading $1,275 Bounty Awarded For Arbitrary File Deletion Vulnerability Patched in MW WP Form WordPress Plugin
Did you know we’re running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through February 29th, 2024 when you opt to have Wordfence handle responsible disclosure! Today was another Continue reading Wordfence Researcher Featured on Critical Thinking Podcast: Sharing Advanced WordPress Bug Bounty Tips and Tricks
Did you know we’re running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through February 29th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there Continue reading Wordfence Intelligence Weekly WordPress Vulnerability Report (January 15, 2024 to January 21, 2024)
On December 14th, 2023, shortly after the launch of our Holiday Bug Extravaganza, we received a submission for an Arbitrary File Upload vulnerability in File Manager Pro, a WordPress plugin with an estimated 10,000+ active installations. This vulnerability made it Continue reading High Severity Arbitrary File Upload Vulnerability Patched in File Manager Pro WordPress Plugin
At Wordfence our mission is to Secure The Web. WordPress powers over 40% of the Web, and Wordfence secures over 4 million WordPress websites. Our last extravaganza, the Holiday Bug Extravaganza, was so successful we decided to do it again Continue reading Our Bug Bounty Program Extravaganza is Back and it’s Longer This Time – Earn up to $10,000 for Vulnerabilities in WordPress Software!
Note: This post refers to Wordfence CLI, the command line tool for operations teams to rapidly scan large numbers of WordPress websites for vulnerabilities and malware, not the Wordfence plugin which is deeply integrated into WordPress and provides additional functionality, Continue reading Introducing Wordfence CLI 3.0.1: Now With Automatic Remediation!
Wordfence just launched its bug bounty program. For the first 6 months, all awarded bounties receive a 10% bonus. View the announcement to learn more now! Last week, there were 67 vulnerabilities disclosed in 60 WordPress Plugins and no WordPress Continue reading Wordfence Intelligence Weekly WordPress Vulnerability Report (January 8, 2024 to January 14, 2024)
On December 11, 2023, we added an Unauthenticated Stored XSS vulnerability in the Popup Builder WordPress plugin to our Wordfence Intelligence Vulnerability Database. This vulnerability, which was originally reported by WPScan, allows an unauthenticated attacker to inject arbitrary JavaScript that Continue reading Website Takeover Campaign Takes Advantage of Unauthenticated Stored Cross-Site Scripting Vulnerability in Popup Builder Plugin
Wordfence just launched its bug bounty program. For the first 6 months, all awarded bounties receive a 10% bonus. View the announcement to learn more now! Last week, there were 85 vulnerabilities disclosed in 74 WordPress Plugins and 2 WordPress Continue reading Wordfence Intelligence Weekly WordPress Vulnerability Report (January 1, 2023 to January 7, 2023)
On December 14th, 2023, during our Bug Bounty Program Holiday Bug Extravaganza, we received a submission for an Authorization Bypass vulnerability in POST SMTP Mailer, a WordPress plugin with over 300,000+ active installations. This vulnerability makes it possible for unauthenticated Continue reading Type Juggling Leads to Two Vulnerabilities in POST SMTP Mailer WordPress Plugin
Wordfence just launched its bug bounty program. For the first 6 months, all awarded bounties receive a 10% bonus. View the announcement to learn more now! Over the last two weeks, there were 263 vulnerabilities disclosed in 217 WordPress Plugins Continue reading Wordfence Intelligence Weekly WordPress Vulnerability Report (December 18, 2023 to December 31, 2023)
After an incredibly successful few weeks, the Wordfence Holiday Bug Extravaganza came to a close yesterday. We’d like to sincerely thank everyone who spent time researching, finding, and submitting vulnerabilities. Your efforts have helped to make the WordPress community and Continue reading The 2023 Wordfence Holiday Bug Extravaganza Reaches An Exciting Conclusion!
Wordfence just launched its bug bounty program. For the first 6 months, all awarded bounties receive a 10% bonus. View the announcement to learn more now! Last week, there were 16 vulnerabilities disclosed in 16 WordPress Plugins and no WordPress Continue reading Wordfence Intelligence Weekly WordPress Vulnerability Report (December 11, 2023 to December 17, 2023)
Note: This post refers to Wordfence CLI, the command line tool for operations teams to rapidly scan large numbers of WordPress websites for vulnerabilities and malware, not the Wordfence plugin which is deeply integrated into WordPress and provides additional functionality, Continue reading Wordfence CLI 2.1.0 Adds Email Capability and Unattended Configuration
Wordfence just launched its bug bounty program. Through December 20th 2023, all researchers will earn 6.25x our normal bounty rates when Wordfence handles responsible disclosure for our Holiday Bug Extravaganza! Register as a researcher and submit your vulnerabilities today! Last week, there were 109 vulnerabilities disclosed in Continue reading Wordfence Intelligence Weekly WordPress Vulnerability Report (December 4, 2023 to December 10, 2023)
On August 14, 2023, the Wordfence Threat Intelligence team began a research project to find Stored Cross-Site Scripting (XSS) via Shortcode vulnerabilities in WordPress repository plugins. This type of vulnerability enables threat actors with contributor-level permissions or higher to inject Continue reading Over 100 WordPress Repository Plugins Affected by Shortcode-based Stored Cross-Site Scripting
Wordfence just launched its bug bounty program. Through December 20th 2023, all researchers will earn 6.25x our normal bounty rates when Wordfence handles responsible disclosure for our Holiday Bug Extravaganza! The researcher who reported this vulnerability was awarded $2,751.00! Register Continue reading Critical Unauthenticated Remote Code Execution Found in Backup Migration Plugin