Claude Code stormed onto the programming scene when Anthropic launched it in February of this year. It moved, what Andrej Karpathy has called “The Autonomy Slider” from around a three to a solid eight. What this means is that you…
Category: Blog – Wordfence
WordPress SQLsplorer Challenge: Bigger Scope and Bounties for All Researchers in the Wordfence Bug Bounty Program
From now through September 22, 2025, weβre running our SQLsplorer Challenge, focused on SQL Injection vulnerabilities. During this challenge, weβre expanding the scope of the Wordfence Bug Bounty Program to encourage deeper research into SQL Injection vulnerabilities and broader participation…
Wordfence Intelligence Weekly WordPress Vulnerability Report (July 21, 2025 to July 27, 2025)
π’ Calling all Vulnerability Researchers and Bug Bounty Hunters! π’ π Spring into Summer with Wordfence! Now through August 4, 2025, earn 2X bounty rewards for all in-scope submissions from our ‘High Threat’ list in software with fewer than 5…
100,000 WordPress Sites Affected by Arbitrary File Upload Vulnerability in AI Engine WordPress Plugin
On July 18th, 2025, we received a submission for an Arbitrary File Upload vulnerability in AI Engine, a WordPress plugin with more than 100,000 active installations. This vulnerability can be used by authenticated attackers, with subscriber-level access and above, to…
Attackers Actively Exploiting Critical Vulnerability in Alone Theme
On May 30th, 2025, we received a submission for an Arbitrary File Upload via Plugin Installation vulnerability in Alone, a WordPress theme with more than 9,000 sales. This vulnerability makes it possible for an unauthenticated attacker to upload arbitrary files…
10,000 WordPress Sites Affected by Critical Vulnerabilities in HT Contact Form WordPress Plugin
On June 24th, 2025, we received a submission for an Arbitrary File Upload and an Arbitrary File Deletion vulnerability in HT Contact Form, a WordPress plugin with more than 10,000 active installations. The arbitrary file upload vulnerability can be used…
Wordfence Intelligence Weekly WordPress Vulnerability Report (July 14, 2025 to July 20, 2025)
π’ Calling all Vulnerability Researchers and Bug Bounty Hunters! π’ π Spring into Summer with Wordfence! Now through August 4, 2025, earn 2X bounty rewards for all in-scope submissions from our ‘High Threat’ list in software with fewer than 5…
Wordfence Intelligence Weekly WordPress Vulnerability Report (July 7, 2025 to July 13, 2025)
π’ Calling all Vulnerability Researchers and Bug Bounty Hunters! π’ π Spring into Summer with Wordfence! Now through August 4, 2025, earn 2X bounty rewards for all in-scope submissions from our ‘High Threat’ list in software with fewer than 5…
Wordfence Intelligence Weekly WordPress Vulnerability Report (June 30, 2025 to July 6, 2025)
π’ Calling all Vulnerability Researchers and Bug Bounty Hunters! π’ π Spring into Summer with Wordfence! Now through August 4, 2025, earn 2X bounty rewards for all in-scope submissions from our ‘High Threat’ list in software with fewer than 5…
200,000 WordPress Sites Affected by Arbitrary File Deletion Vulnerability in SureForms WordPress Plugin
On June 21st, 2025, we received a submission for an Arbitrary File Deletion vulnerability in SureForms, a WordPress plugin with more than 200,000 active installations. This vulnerability makes it possible for unauthenticated threat actors to specify arbitrary file paths in…
Revolutionizing Responsible Disclosure: Introducing the Wordfence Vulnerability Management Portal for WordPress Vendors
The Wordfence team is excited to announce the official launch of the Wordfence Vulnerability Management Portal, the latest addition to the Wordfence Intelligence suite. This new interface is designed to improve and simplify the vulnerability disclosure process between the Wordfence…
600,000 WordPress Sites Affected by Arbitrary File Deletion Vulnerability in Forminator WordPress Plugin
On June 20th, 2025, we received a submission for an Arbitrary File Deletion vulnerability in Forminator, a WordPress plugin with more than 600,000 active installations. This vulnerability makes it possible for unauthenticated threat actors to specify arbitrary file paths in…
Wordfence Intelligence Weekly WordPress Vulnerability Report (June 16, 2025 to June 22, 2025)
📢 Calling all Vulnerability Researchers and Bug Bounty Hunters! 📢 🌞 Spring into Summer with Wordfence! Now through August 4, 2025, earn 2X bounty rewards for all in-scope submissions from our ‘High Threat’ list in software with fewer than 5…
A Deep Dive into a Modular Malware Family
The Wordfence Threat Intelligence Team recently identified an interesting malware family on May 16, 2025 during a site clean. This malware family shared a codebase but varied in features across different versions, including credit card skimming and WordPress credential theft.…
A Deep Dive into a Modular Malware Family
The Wordfence Threat Intelligence Team recently identified an interesting malware family on May 16, 2025 during a site clean. This malware family shared a codebase but varied in features across different versions, including credit card skimming and WordPress credential theft.…
Attackers Actively Exploiting Critical Vulnerability in Motors Theme
On May 2nd, 2025, we received a submission for a Privilege Escalation vulnerability in Motors, a WordPress theme with more than 22,000 sales. This vulnerability makes it possible for an unauthenticated attacker to change the password of any user, including…
Wordfence Intelligence Weekly WordPress Vulnerability Report (June 9, 2025 to June 15, 2025)
📢 Calling all Vulnerability Researchers and Bug Bounty Hunters! 📢Β 🌞 Spring into Summer with Wordfence! Now through August 4, 2025, earn 2X bounty rewards for all in-scope submissions from our ‘High Threat’ list in software with fewer than 5…
100,000 WordPress Sites Affected by Privilege Escalation via MCP in AI Engine WordPress Plugin
On May 21st, 2025, our Wordfence Threat Intelligence team identified and began the responsible disclosure process for an Insufficient Authorization to Privilege Escalation via MCP (Model Context Protocol) vulnerability in the AI Engine plugin, which is actively installed on more…
Wordfence Intelligence Weekly WordPress Vulnerability Report (June 2, 2025 to June 8, 2025)
📢 Calling all Vulnerability Researchers and Bug Bounty Hunters! 📢Β 🌞 Spring into Summer with Wordfence! Now through August 4, 2025, earn 2X bounty rewards for all in-scope submissions from our ‘High Threat’ list in software with fewer than 5…
33,000 WordPress Sites Affected by Privilege Escalation Vulnerability in RealHomes WordPress Theme
On May 4th, 2025, we received a submission for a Privilege Escalation vulnerability in RealHomes, a WordPress theme with more than 33,000 sales. This vulnerability can be used by authenticated attackers, with subscriber-level access and above, to grant themselves administrative…