Tag: Blog – Wordfence

📢 Calling all Vulnerability Researchers and Bug Bounty Hunters! 📢 🚀  Operation: Maximum Impact Challenge! Now through November 10, 2025, earn 2X bounty rewards for all in-scope submissions in software with at least 5,000 active installs and fewer than 5…

Read more →

While some malware stands out by making an effort to blend in, obfuscation is generally the go-to way in which attackers attempt to evade detection and hide their scripts. In this case, we are referring to malware using variable functions…

Read more →

Last month in September 2025, the Wordfence Bug Bounty Program received 374 vulnerability submissions from our growing community of security researchers working to improve the overall security posture of the WordPress ecosystem. These submissions are reviewed, triaged, and processed by…

Read more →

📢 Calling all Vulnerability Researchers and Bug Bounty Hunters! 📢 🚀  Operation: Maximum Impact Challenge! Now through November 10, 2025, earn 2X bounty rewards for all in-scope submissions in software with at least 5,000 active installs and fewer than 5…

Read more →

As the leader in WordPress security, Wordfence provides unparalleled security coverage that fully encompasses protection, active monitoring, detection, and response all built around our threat intelligence, demonstrating a strong commitment to security. Our mission is to ensure comprehensive defense-in-depth for…

Read more →

On August 11th, 2025, we received a submission for an Arbitrary File Read vulnerability in Slider Revolution, a WordPress plugin that’s estimated to have more than 4,000,000 active installations. This vulnerability makes it possible for an authenticated attacker, with contributor-level…

Read more →

📢 Calling all Vulnerability Researchers and Bug Bounty Hunters! 📢 🚀  Operation: Maximum Impact Challenge! Now through November 10, 2025, earn 2X bounty rewards for all in-scope submissions in software with at least 5,000 active installs and fewer than 5…

Read more →

On June 8th, 2025, we received a submission through our Bug Bounty Program for an Authentication Bypass vulnerability in Service Finder Bookings, a WordPress plugin bundled with the Service Finder theme. This theme has been sold to approximately 6,000 customers.…

Read more →

Local File Inclusion (LFI) occurs when user-controlled input is used to build a path to a file that is then included by the application. In WordPress (and PHP web applications in general), this means values from $_GET, $_POST, $_REQUEST, or…

Read more →

📢 Calling all Vulnerability Researchers and Bug Bounty Hunters! 📢 🚀  Operation: Maximum Impact Challenge! Now through November 10, 2025, earn 2X bounty rewards for all in-scope submissions in software with at least 5,000 active installs and fewer than 5…

Read more →

📢 Calling all Vulnerability Researchers and Bug Bounty Hunters! 📢 🚀  Operation: Maximum Impact Challenge! Now through November 10, 2025, earn 2X bounty rewards for all in-scope submissions in software with at least 5,000 active installs and fewer than 5…

Read more →

Last month in August 2025, the Wordfence Bug Bounty Program received 438 vulnerability submissions from our growing community of security researchers working to improve the overall security posture of the WordPress ecosystem. These submissions are reviewed, triaged, and processed by…

Read more →

📢 Calling all Vulnerability Researchers and Bug Bounty Hunters! 📢 🚀  Operation: Maximum Impact Challenge! Now through November 10, 2025, earn 2X bounty rewards for all in-scope submissions in software with at least 5,000 active installs and fewer than 5…

Read more →

On May 31st, 2025, we received a submission for an Authentication Bypass via Social Login vulnerability in Case Theme User, a WordPress plugin with an estimated 12,000 active installations. The plugin is bundled in multiple premium themes. This vulnerability makes…

Read more →

📢 Calling all Vulnerability Researchers and Bug Bounty Hunters! 📢 🚀  Operation: Maximum Impact Challenge! Now through November 10, 2025, earn 2X bounty rewards for all in-scope submissions in software with at least 5,000 active installs and fewer than 5…

Read more →

The Wordfence Threat Intelligence Team has discovered a new malware campaign that highlights the hidden risks associated with “nulled plugins”, or premium plugins that have been tampered with by third parties. This campaign is particularly concerning because it doesn’t just…

Read more →

On August 17th, 2025, we received a submission for an authenticated PHP Object Injection vulnerability in Fluent Forms, a WordPress plugin with more than 600,000 active installations. This vulnerability can be leveraged via an existing POP chain present in the…

Read more →

📢 Calling all Vulnerability Researchers and Bug Bounty Hunters! 📢 🌞 Spring into Summer with Wordfence! Now through September 4, 2025, earn 2X bounty rewards for all in-scope submissions from our ‘High Threat’ list in software with fewer than 5…

Read more →

📢 Calling all Vulnerability Researchers and Bug Bounty Hunters! 📢 🌞 Spring into Summer with Wordfence! Now through September 4, 2025, earn 2X bounty rewards for all in-scope submissions from our ‘High Threat’ list in software with fewer than 5…

Read more →

On June 5th, 2025, we received a submission for a Privilege Escalation vulnerability in Dokan Pro, a WordPress plugin with more than 15,000 sales. This vulnerability makes it possible for an authenticated attacker, with vendor-level permission, to change the password…

Read more →