Category: Blog – Wordfence

📢 Did you know Wordfence runs a Bug Bounty Program for all WordPress plugin and themes at no cost to vendors? Researchers can earn up to $31,200 per vulnerability, for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find…

Read more →

Last month in December 2025, the Wordfence Bug Bounty Program received 759 vulnerability submissions from our growing community of security researchers working to improve the overall security posture of the WordPress ecosystem. These submissions are reviewed, triaged, and processed by…

Read more →

📢 Did you know Wordfence runs a Bug Bounty Program for all WordPress plugin and themes at no cost to vendors? Researchers can earn up to $31,200 per vulnerability, for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find…

Read more →

On January 12th, 2026, we received a submission for a Backdoor vulnerability in the LA-Studio Element Kit for Elementor, a WordPress plugin with more than 20,000+ active installations. This vulnerability makes it possible for an unauthenticated attacker to create malicious…

Read more →

On December 10th, 2025, we received a submission for a Privilege Escalation vulnerability in Advanced Custom Fields: Extended, a WordPress plugin with more than 100,000+ active installations. This vulnerability makes it possible for an unauthenticated attacker to grant themselves administrative…

Read more →

📢 Did you know Wordfence runs a Bug Bounty Program for all WordPress plugin and themes at no cost to vendors? Researchers can earn up to $31,200 per vulnerability, for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find…

Read more →

📢 Did you know Wordfence runs a Bug Bounty Program for all WordPress plugin and themes at no cost to vendors? Researchers can earn up to $31,200 per vulnerability, for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find…

Read more →

On November 27th, 2025, we received a submission for a Site Reset and Privilege Escalation vulnerability in Demo Importer Plus, a WordPress plugin with more than 10,000 active installations. This vulnerability can be leveraged to trigger a full site reset…

Read more →

Last week, there were disclosed in and that have been added to the Wordfence Intelligence Vulnerability Database, and there were that contributed to WordPress Security last week. Review those vulnerabilities in this report now to ensure your site is not…

Read more →

Last week, there were disclosed in and that have been added to the Wordfence Intelligence Vulnerability Database, and there were that contributed to WordPress Security last week. Review those vulnerabilities in this report now to ensure your site is not…

Read more →

Last month in November 2025, the Wordfence Bug Bounty Program received 746 vulnerability submissions from our growing community of security researchers working to improve the overall security posture of the WordPress ecosystem. These submissions are reviewed, triaged, and processed by…

Read more →

Last week, there were disclosed in and that have been added to the Wordfence Intelligence Vulnerability Database, and there were that contributed to WordPress Security last week. Review those vulnerabilities in this report now to ensure your site is not…

Read more →

On June 10th, 2025, we received a submission for a Remote Code Execution vulnerability in Sneeit Framework, a WordPress plugin with an estimated 1,700 active installations. The plugin is bundled in multiple premium themes. This vulnerability can be leveraged to…

Read more →

On November 18th, 2025, we received a submission for an unauthenticated Remote Code Execution vulnerability in Advanced Custom Fields: Extended, a WordPress plugin with more than 100,000 active installations. This vulnerability can be leveraged to execute code remotely. The post…

Read more →

On July 24th, 2025, we received a submission for a Privilege Escalation vulnerability in King Addons for Elementor, a WordPress plugin with more than 10,000 active installations. This vulnerability makes it possible for an unauthenticated attacker to grant themselves administrative…

Read more →

Last week, there were disclosed in and that have been added to the Wordfence Intelligence Vulnerability Database, and there were that contributed to WordPress Security last week. Review those vulnerabilities in this report now to ensure your site is not…

Read more →

Last month in October 2025, the Wordfence Bug Bounty Program received 486 vulnerability submissions from our growing community of security researchers working to improve the overall security posture of the WordPress ecosystem. The post Wordfence Bug Bounty Program Monthly Report…

Read more →

📢 Calling all Vulnerability Researchers and Bug Bounty Hunters! 📢 📁 The LFInder Challenge: Refine your LFI hunting skills with an expanded scope. Now through November 24, 2025, all LFI vulnerabilities in software with at least 25 active installs are…

Read more →

On October 11th, 2025, we received a submission for an Account Takeover via Email Log Disclosure vulnerability in Post SMTP, a WordPress plugin with more than 400,000 active installations. This vulnerability makes it possible for an unauthenticated attacker to view…

Read more →

📢 Calling all Vulnerability Researchers and Bug Bounty Hunters! 📢 📁 The LFInder Challenge: Refine your LFI hunting skills with an expanded scope. Now through November 24, 2025, all LFI vulnerabilities in software with at least 25 active installs are…

Read more →