Tag: Blog – Wordfence

📢 Calling all Vulnerability Researchers and Bug Bounty Hunters! 📢 📁 The LFInder Challenge: Refine your LFI hunting skills with an expanded scope. Now through November 24, 2025, all LFI vulnerabilities in software with at least 25 active installs are…

Read more →

📢 Calling all Vulnerability Researchers and Bug Bounty Hunters! 📢 🚀  Operation: Maximum Impact Challenge! Now through November 10, 2025, earn 2X bounty rewards for all in-scope submissions in software with at least 5,000 active installs and fewer than 5…

Read more →

On October 4th, 2025, we received a submission for a Sensitive Information Exposure vulnerability in AI Engine, a WordPress plugin with more than 100,000 active installations. The post 100,000 WordPress Sites Affected by Privilege Escalation Vulnerability in AI Engine WordPress…

Read more →

On October 11th, 2025, we received a submission for an Account Takeover via Email Log Disclosure vulnerability in Post SMTP, a WordPress plugin with more than 400,000 active installations. The post 400,000 WordPress Sites Affected by Account Takeover Vulnerability in…

Read more →

📢 Calling all Vulnerability Researchers and Bug Bounty Hunters! 📢 🚀  Operation: Maximum Impact Challenge! Now through November 10, 2025, earn 2X bounty rewards for all in-scope submissions in software with at least 5,000 active installs and fewer than 5…

Read more →

On September 25th, 2025, we received a submission for a Privilege Escalation vulnerability in WP Freeio, a WordPress plugin bundled in the Freeio premium theme with more than 1,700 sales. This vulnerability makes it possible for an unauthenticated attacker to…

Read more →

The Wordfence Threat Intelligence Team recently discovered a sophisticated malware campaign targeting WordPress e-commerce sites, specifically those using the WooCommerce plugin. This malware exhibits advanced features including custom encryption methods, fake images used to conceal malicious payloads, a robust persistence…

Read more →

On October 3rd, 2025, we received a submission for an Arbitrary File Read vulnerability in Anti-Malware Security and Brute-Force Firewall, a WordPress plugin with more than 100,000 active installations. The post 100,000 WordPress Sites Affected by Arbitrary File Read Vulnerability…

Read more →

On September 25th, 2024, and on October 3rd, 2024, we received submissions through our Bug Bounty Program for Arbitrary Plugin Installation vulnerabilities in the GutenKit and Hunk Companion WordPress plugins, which have over 40,000 and 8,000 active installations, respectively. The…

Read more →

📢 Calling all Vulnerability Researchers and Bug Bounty Hunters! 📢 🚀  Operation: Maximum Impact Challenge! Now through November 10, 2025, earn 2X bounty rewards for all in-scope submissions in software with at least 5,000 active installs and fewer than 5…

Read more →

While some malware stands out by making an effort to blend in, obfuscation is generally the go-to way in which attackers attempt to evade detection and hide their scripts. In this case, we are referring to malware using variable functions…

Read more →

Last month in September 2025, the Wordfence Bug Bounty Program received 374 vulnerability submissions from our growing community of security researchers working to improve the overall security posture of the WordPress ecosystem. These submissions are reviewed, triaged, and processed by…

Read more →

📢 Calling all Vulnerability Researchers and Bug Bounty Hunters! 📢 🚀  Operation: Maximum Impact Challenge! Now through November 10, 2025, earn 2X bounty rewards for all in-scope submissions in software with at least 5,000 active installs and fewer than 5…

Read more →

As the leader in WordPress security, Wordfence provides unparalleled security coverage that fully encompasses protection, active monitoring, detection, and response all built around our threat intelligence, demonstrating a strong commitment to security. Our mission is to ensure comprehensive defense-in-depth for…

Read more →

On August 11th, 2025, we received a submission for an Arbitrary File Read vulnerability in Slider Revolution, a WordPress plugin that’s estimated to have more than 4,000,000 active installations. This vulnerability makes it possible for an authenticated attacker, with contributor-level…

Read more →

📢 Calling all Vulnerability Researchers and Bug Bounty Hunters! 📢 🚀  Operation: Maximum Impact Challenge! Now through November 10, 2025, earn 2X bounty rewards for all in-scope submissions in software with at least 5,000 active installs and fewer than 5…

Read more →

On June 8th, 2025, we received a submission through our Bug Bounty Program for an Authentication Bypass vulnerability in Service Finder Bookings, a WordPress plugin bundled with the Service Finder theme. This theme has been sold to approximately 6,000 customers.…

Read more →

Local File Inclusion (LFI) occurs when user-controlled input is used to build a path to a file that is then included by the application. In WordPress (and PHP web applications in general), this means values from $_GET, $_POST, $_REQUEST, or…

Read more →

📢 Calling all Vulnerability Researchers and Bug Bounty Hunters! 📢 🚀  Operation: Maximum Impact Challenge! Now through November 10, 2025, earn 2X bounty rewards for all in-scope submissions in software with at least 5,000 active installs and fewer than 5…

Read more →

📢 Calling all Vulnerability Researchers and Bug Bounty Hunters! 📢 🚀  Operation: Maximum Impact Challenge! Now through November 10, 2025, earn 2X bounty rewards for all in-scope submissions in software with at least 5,000 active installs and fewer than 5…

Read more →