Category: Blog – Wordfence

On June 13th, 2025, we received a submission for an Arbitrary File Read vulnerability in UiCore Elements, a WordPress plugin with more than 40,000 active installations. This vulnerability makes it possible for an unauthenticated attacker to read arbitrary files on…

Read more →

Claude Code stormed onto the programming scene when Anthropic launched it in February of this year. It moved, what Andrej Karpathy has called “The Autonomy Slider” from around a three to a solid eight. What this means is that you…

Read more →

Last week, there were 107 vulnerabilities disclosed in 91 WordPress Plugins and 8 WordPress Themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 43 Vulnerability Researchers that contributed to WordPress Security last week. Review those…

Read more →

SQL Injection (SQLi), a vulnerability almost as old as database-driven web applications themselves (CWE-89), persists as a classic example of failing to neutralize user-supplied input before it’s used in a SQL query. So why does this well-understood vulnerability type continue…

Read more →

Claude Code stormed onto the programming scene when Anthropic launched it in February of this year. It moved, what Andrej Karpathy has called “The Autonomy Slider” from around a three to a solid eight. What this means is that you…

Read more →

From now through September 22, 2025, we’re running our SQLsplorer Challenge, focused on SQL Injection vulnerabilities. During this challenge, we’re expanding the scope of the Wordfence Bug Bounty Program to encourage deeper research into SQL Injection vulnerabilities and broader participation…

Read more →

📢 Calling all Vulnerability Researchers and Bug Bounty Hunters! 📢 🌞 Spring into Summer with Wordfence! Now through August 4, 2025, earn 2X bounty rewards for all in-scope submissions from our ‘High Threat’ list in software with fewer than 5…

Read more →

On July 18th, 2025, we received a submission for an Arbitrary File Upload vulnerability in AI Engine, a WordPress plugin with more than 100,000 active installations. This vulnerability can be used by authenticated attackers, with subscriber-level access and above, to…

Read more →

On May 30th, 2025, we received a submission for an Arbitrary File Upload via Plugin Installation vulnerability in Alone, a WordPress theme with more than 9,000 sales. This vulnerability makes it possible for an unauthenticated attacker to upload arbitrary files…

Read more →

On June 24th, 2025, we received a submission for an Arbitrary File Upload and an Arbitrary File Deletion vulnerability in HT Contact Form, a WordPress plugin with more than 10,000 active installations. The arbitrary file upload vulnerability can be used…

Read more →

📢 Calling all Vulnerability Researchers and Bug Bounty Hunters! 📢 🌞 Spring into Summer with Wordfence! Now through August 4, 2025, earn 2X bounty rewards for all in-scope submissions from our ‘High Threat’ list in software with fewer than 5…

Read more →

📢 Calling all Vulnerability Researchers and Bug Bounty Hunters! 📢 🌞 Spring into Summer with Wordfence! Now through August 4, 2025, earn 2X bounty rewards for all in-scope submissions from our ‘High Threat’ list in software with fewer than 5…

Read more →

📢 Calling all Vulnerability Researchers and Bug Bounty Hunters! 📢 🌞 Spring into Summer with Wordfence! Now through August 4, 2025, earn 2X bounty rewards for all in-scope submissions from our ‘High Threat’ list in software with fewer than 5…

Read more →

On June 21st, 2025, we received a submission for an Arbitrary File Deletion vulnerability in SureForms, a WordPress plugin with more than 200,000 active installations. This vulnerability makes it possible for unauthenticated threat actors to specify arbitrary file paths in…

Read more →

The Wordfence team is excited to announce the official launch of the Wordfence Vulnerability Management Portal, the latest addition to the Wordfence Intelligence suite. This new interface is designed to improve and simplify the vulnerability disclosure process between the Wordfence…

Read more →

On June 20th, 2025, we received a submission for an Arbitrary File Deletion vulnerability in Forminator, a WordPress plugin with more than 600,000 active installations. This vulnerability makes it possible for unauthenticated threat actors to specify arbitrary file paths in…

Read more →

📢 Calling all Vulnerability Researchers and Bug Bounty Hunters! 📢 🌞 Spring into Summer with Wordfence! Now through August 4, 2025, earn 2X bounty rewards for all in-scope submissions from our ‘High Threat’ list in software with fewer than 5…

Read more →

The Wordfence Threat Intelligence Team recently identified an interesting malware family on May 16, 2025 during a site clean. This malware family shared a codebase but varied in features across different versions, including credit card skimming and WordPress credential theft.…

Read more →

The Wordfence Threat Intelligence Team recently identified an interesting malware family on May 16, 2025 during a site clean. This malware family shared a codebase but varied in features across different versions, including credit card skimming and WordPress credential theft.…

Read more →

On May 2nd, 2025, we received a submission for a Privilege Escalation vulnerability in Motors, a WordPress theme with more than 22,000 sales. This vulnerability makes it possible for an unauthenticated attacker to change the password of any user, including…

Read more →