Wordfence is excited to announce our new Refer-A-Researcher Program! Refer new researchers to our Bug Bounty Program and earn up to 20% commissions on their first 5 valid
vulnerability submissions. Apply today and start earning.

📢 Did you know Wordfence runs a Bug Bounty Program for all WordPress plugins and themes at no cost to vendors? Researchers can earn up to $31,200 per vulnerability, for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find a vulnerability, submit the details directly to us, and we handle all the rest. Last …Read More

📢 Did you know Wordfence runs a Bug Bounty Program for all WordPress plugin and themes at no cost to vendors? Researchers can earn up to $31,200 per vulnerability, for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find a vulnerability, submit the details directly to us, and we handle all the rest. Special …Read More

💥 Time to wrap up this year and kick-off the new year with a bang! We’re wrapping up the year with our End of Year Holiday Extravaganza, High-Risk Bonus Blitz Challenge, and Superhero Challenge for the Wordfence Bug Bounty Program. Through January 6th, 2025: All in-scope vulnerability types for WordPress plugins/themes with >= 1,000 active installations are in-scope for ALL …Read More

💥 Time to wrap up this year and kick-off the new year with a bang! We’re wrapping up the year with our End of Year Holiday Extravaganza, High-Risk Bonus Blitz Challenge, and Superhero Challenge for the Wordfence Bug Bounty Program. Through January 6th, 2025: All in-scope vulnerability types for WordPress plugins/themes with >= 1,000 active installations are in-scope for ALL …Read More

On October 23th, 2024, we received a submission for a Missing Authorization to Payment Refund and Subscription Cancellation vulnerability in WPForms, a WordPress plugin with more than 6,000,000 active installations. This vulnerability makes it possible for an authenticated attacker, with subscriber-level access and above, to refund Stripe payments and cancel Stripe subscriptions.

💥 Time to wrap up this year and kick-off the new year with a bang! We’re wrapping up the year with our End of Year Holiday Extravaganza, High-Risk Bonus Blitz Challenge, and Superhero Challenge for the Wordfence Bug Bounty Program. Through January 6th, 2025: All in-scope vulnerability types for WordPress plugins/themes with >= 1,000 active installations are in-scope for ALL …Read More

🦸 💥 Calling all superheroes and hunters! Introducing the End of Year Holiday Extravaganza and the WordPress Superhero Challenge for the Wordfence Bug Bounty Program! Through December 9th, 2024: All in-scope vulnerability types for WordPress plugins/themes with >= 1,000 active installations are in-scope for ALL researchers All plugins and themes with 50-999 active installs hosted in …Read More

200,000 WordPress Sites Affected by Unauthenticated Critical Vulnerabilities in Anti-Spam by CleanTalk WordPress Plugin

🦸 💥 Calling all superheroes and hunters! Introducing the End of Year Holiday Extravaganza and the WordPress Superhero Challenge for the Wordfence Bug Bounty Program! Through December 9th, 2024: All in-scope vulnerability types for WordPress plugins/themes with >= 1,000 active installations are in-scope for ALL researchers All plugins and themes with 50-999 active installs hosted in …Read More

🦸 💥 Calling all superheroes and hunters! Introducing the End of Year Holiday Extravaganza and the WordPress Superhero Challenge for the Wordfence Bug Bounty Program! Through December 9th, 2024: All in-scope vulnerability types for WordPress plugins/themes with >= 1,000 active installations are in-scope for ALL researchers All plugins and themes with 50-999 active installs hosted in …Read More

On November 6th, 2024, our Wordfence Threat Intelligence team identified and began the responsible disclosure process for an Authentication Bypass vulnerability in the Really Simple Security plugin, and in the Really Simple Security Pro and Pro Multisite plugins, which are actively installed on more than 4,000,000 WordPress websites. The vulnerability makes it possible for an attacker to gain access to any account on the site, including the administrator account, when the two-factor authentication feature is enabled.

The holidays are here, and so is your chance to earn big while helping secure the WordPress ecosystem! For all submissions to our Bug Bounty Program from November 12, 2024, to December 9, 2024, we’re rolling out our End of Year Holiday Extravaganza promotion to give back to our security researchers and help clean up …Read More

Today we’re excited to announce the recent release of Wordfence CLI version 5.0.1 Now you can scan any WordPress database you have access to for malware and spamvertising with the new db-scan feature. If you are managing many WordPress sites at the server level, the Wordfence CLI is a must-have.

On October 19th, 2024, we received a submission for an Arbitrary File Read and Deletion vulnerability in WPLMS, a WordPress premium theme with more than 28,000 sales. This vulnerability makes it possible for unauthenticated threat actors to read and delete arbitrary files, including the wp-config.php file, which can make site takeover and remote code execution possible.

We haven’t raised our prices in a relatively high inflation environment in 2 years, and in the case of Wordfence Care and Response, for 2.5 years. So that time has come, and we want to let our free and paid user community know ahead of time. We’re giving you almost a month forewarning before we …Read More

🦸 👻 Calling all superheroes and haunters! Introducing the Cybersecurity Month Spooktacular Haunt and the WordPress Superhero Challenge for the Wordfence Bug Bounty Program! Through November 11th, 2024: All in-scope vulnerability types for WordPress plugins/themes with >= 1,000 active installations are in-scope for ALL researchers Top-tier researchers earn automatic bonuses of between 10% to 120% …Read More

The audit log captures and stores security-related events on your website as they happen, and sends them securely to an off-site location to protect them from tampering, and to store them for your analysis.

🦸 👻 Calling all superheroes and haunters! Introducing the Cybersecurity Month Spooktacular Haunt and the WordPress Superhero Challenge for the Wordfence Bug Bounty Program! Through November 11th, 2024: All in-scope vulnerability types for WordPress plugins/themes with >= 1,000 active installations are in-scope for ALL researchers Top-tier researchers earn automatic bonuses of between 10% to 120% …Read More

🦸 👻 Calling all superheroes and haunters! Introducing the Cybersecurity Month Spooktacular Haunt and the WordPress Superhero Challenge for the Wordfence Bug Bounty Program! Through November 11th, 2024: All in-scope vulnerability types for WordPress plugins/themes with >= 1,000 active installations are in-scope for ALL researchers Top-tier researchers earn automatic bonuses of between 10% to 120% …Read More

🦸 👻 Calling all superheroes and haunters! Introducing the Cybersecurity Month Spooktacular Haunt and the WordPress Superhero Challenge for the Wordfence Bug Bounty Program! Through November 11th, 2024: All in-scope vulnerability types for WordPress plugins/themes with >= 1,000 active installations are in-scope for ALL researchers Top-tier researchers earn automatic bonuses of between 10% to 120% …Read More

In celebration of Cybersecurity Awareness Month and the ‘Secure Our World‘ theme for this year, we’re brewing up some extra-exciting opportunities to propel our mission to Secure the Web. The Cybersecurity Month Spooktacular Haunt gives researchers the chance to earn spooktacularly good rewards while fortifying the WordPress ecosystems’s defenses against vulnerabilities.

On September 17, 2024, our Wordfence Threat Intelligence team identified and began the responsible disclosure process for two critical vulnerabilities in the LatePoint plugin, which is estimated to be actively installed on more than 7,000 WordPress websites.

📢 Did you know Wordfence runs a Bug Bounty Program for all WordPress plugins and themes at no cost to vendors? Through October 7th, 2024, XSS vulnerabilities in all plugins and themes with >=1,000 Active Installs are in scope for all researchers. In addition, through October 14th, 2024, researchers can earn up to $31,200, for …Read More

On August 3rd, 2024, we received a submission for an Arbitrary File Upload vulnerability in WP Hotel Booking, a WordPress plugin with more than 8,000 active installations. This vulnerability can be used by authenticated attackers, with subscriber-level access and above, to upload arbitrary files to a vulnerable site and achieve remote code execution, which is typically leveraged for a complete site takeover.

For those of you that want to stay abreast of the newest vulnerabilities in the WP ecosystem, but like to multitask, here’s an audio roundup of the vulnerabilities we published in the month of September. This is something new I’m trying. The conversation is AI generated by Google’s NotebookLM podcast generation feature which I find …Read More

📢 Did you know Wordfence runs a Bug Bounty Program for all WordPress plugins and themes at no cost to vendors? Through October 7th, 2024, XSS vulnerabilities in all plugins and themes with >=1,000 Active Installs are in scope for all researchers. In addition, through October 14th, 2024, researchers can earn up to $31,200, for …Read More

On August 6th, 2024, we received a submission for an Arbitrary File Upload vulnerability in Jupiter X Core, a WordPress plugin with more than 90,000 active installations. This vulnerability makes it possible for an unauthenticated attacker to upload arbitrary files to a vulnerable site and achieve remote code execution, which is typically leveraged for a complete site takeover.

On August 28th, 2024, we received a submission for a Privilege Escalation via Account Takeover vulnerability in WCFM – WooCommerce Frontend Manager, a WordPress plugin with more than 20,000 active installations. This vulnerability makes it possible for an authenticated attacker to change the email of any user, including an administrator, which allows them to reset the password and take over the account and website

📢 Did you know Wordfence runs a Bug Bounty Program for all WordPress plugins and themes at no cost to vendors? Through October 7th, 2024, XSS vulnerabilities in all plugins and themes with >=1,000 Active Installs are in scope for all researchers. In addition, through October 14th, 2024, researchers can earn up to $31,200, for …Read More