This site uses cookies in accordance with our Privacy Policy.
Wordfence Intelligence is an industry-leading WordPress vulnerability database and evolving Threat Intelligence platform that contains over 12,000 records for vulnerabilities in WordPress plugins, themes, and core. The database is actively maintained by a team of highly credentialed and industry-leading vulnerability researchers and analysts with dozens of vulnerabilities added per week.
Wordfence Intelligence provides access to more than just an industry leading public interface for WordPress vulnerabilities. It also provides access to:
All completely FREE for both commercial and personal use.
Our mission with Wordfence Intelligence is to ensure that high-quality robust vulnerability information remains easily accessible and free for everyone, including enterprises.
Vulnerabilities in open-source software, such as WordPress, are discovered by a community of researchers dedicating hours to testing and reviewing code. Though our own analysts spend numerous hours maintaining the database and ensuring its accuracy, independent researchers discover the vast majority of vulnerabilities in the WordPress ecosystem. We believe it is wrong to paywall this information and make a profit off of these researchers dedicating their time and energy to making the WordPress ecosystem more secure, especially when they do so for free to give back to the community. Their work should be open and freely shared with the individuals and organizations that need this data to remain secure.
That is why we opt to make our vulnerability information free through all of our delivery methods, and reward researchers through our Bug Bounty Program. It is also why we have the best WordPress vulnerability database on the market despite not charging for any form of access to the data within it.
Staying on top of the latest vulnerabilities is critical for ensuring the security of WordPress sites. While adequate security controls and our industry-leading web application firewall provide crucial protection for WordPress sites, it's still important to know when software on a site includes a known vulnerability so that plugin or theme can be updated or removed immediately. No security solution is perfect, so maintaining layers of security is critical. Site owners, enterprises, and organizations can set up Slack or Discord webhook integration to be notified of the latest vulnerabilities in a central location, and can also use our HTTP webhook integration to build a custom application to serve their customers and ensure they’re notified of vulnerabilities as soon as they are disclosed. No other WordPress vulnerability database on the market offers free access to webhook integrations.
Learn how to get started with webhooks here.
Access to high quality information about vulnerabilities in WordPress products has never been easier, or more cost-effective. Wordfence Intelligence provides access to two vulnerability data feeds formatted in JSON containing all relevant vulnerability data, including affected software name and slug, a concise title and description, affected version and patched version, CVSS Score, CWE ID, and recommended remediation. This information can easily be integrated into a variety of applications to better serve the security needs of site owners, organizations, and enterprises. We've seen hosting providers implement our data to run vulnerability scans for their customers, and we've seen independent researchers and site owners build integrations for tools like WP CLI and Nuclei.
No other WordPress vulnerability database on the market provides free access to their complete database of vulnerability information maintained by industry-leading security professionals, nor is there any other database that has the quality of information we do.
Review the documentation to get started using the vulnerability database API today.
Wordfence Intelligence has been designed by Security Researchers with Security Researchers in mind. Our bug bounty program is designed to reward researchers contributing valuable time to the security of WordPress by spending countless hours finding vulnerabilities and ensuring they get patched. In our program, vulnerabilities that take more time to find, are less common, or are highly impactful get rewarded the most, while those that are easy to find, more common, or are generally less impactful get rewarded the least. We've also made it easy for researchers to register profiles to showcase their work and achievements, all in a central location.
Learn more about the Bug Bounty Program and get started as a researcher here.
Wordfence Intelligence isn't just a high quality vulnerability database. On the dashboard, you can find statistics such as how many attacks we've blocked in the past 24 hours, 7 days, and 30 days, how many IPs are on our IP Threat Feed, the top 10 attacking IPs within a 24 hour period, the top 10 targeted WordPress vulnerabilities, and more. In addition, any vulnerabilities that warrant the release of it's own firewall rule display individual attack statistics below the vulnerability description so users can view attack volume if these vulnerabilities are being actively exploited.
One major benefit of the Wordfence Intelligence platform is the ability to conduct robust searches across our database of vulnerabilities. We are not aware of any competitors with a comparable vulnerability search engine. With our database it is possible to search by researcher, vulnerability type, vulnerability severity, title, date range, and more, making security research, journalism, and due diligence a breeze for anyone using the Wordfence Intelligence search engine.
Our vulnerability database isn't managed by a single person, or a bunch of interns. It's run and managed by some of the top WordPress vulnerability researchers in the industry. This means that all of the vulnerability data you see is reviewed and analyzed by industry professionals with numerous security certifications including CISSP, OSCP, OSWE, Security+, GWAPT, and more. You don’t need to worry about verifying whether a vulnerability is valid, or be concerned about whether the severity of the vulnerability is accurate. You can be assured that we put forth the best, most accurate information available to help site owners and organizations.
Wordfence Intelligence has integrated its datasets into the Wordfence CLI scanner so users have easy access to scan sites and networks for known vulnerabilities in WordPress plugins, themes, and core. This is completely free to use for commercial purposes, so hosting providers and enterprises can integrate this data as they see fit to conduct vulnerability scanning in a highly scalable and performant way for their clients.
You can learn more about Wordfence CLI and potential use cases here.
If you're looking to easily search the most comprehensive WordPress vulnerability database when conducting plugin or theme vulnerability research, or you're interested in checking out the latest attack data and trends then we recommend getting familiar with the Wordfence Intelligence public interface.
If you'd like to earn rewards for your security contributions to WordPress, or have a public profile showcasing all of your contributions and milestones, you can learn more about the Wordfence Intelligence Bug Bounty Program by clicking "Learn More," and register as a researcher today.
If you'd like to receive real-time updates on vulnerabilities added/modified/deleted to the Wordfence Intelligence WordPress Vulnerability Database, then our HTTP and Slack/Discord Webhook Integrations are a perfect fit for you. You can get started with webhooks by creating an account on wordfence.com then navigating to
If you need access to a comprehensive and complete database dump of the thousands of known vulnerabilities affecting WordPress plugins, themes, and core, formatted in JSON, to integrate into a product, service, or custom integration then you can familiarize yourself with the Wordfence Intelligence Vulnerability Data API Endpoints.
If you'd like to conduct server-level vulnerability scanning without building a custom service or integration, then get started with Wordfence CLI, a robust security scanner built to detect WordPress-based vulnerabilities and PHP/other malware in a highly performant and scalable way, today.