Wordfence Research and News

Blog icon

Wordfence Intelligence Weekly WordPress Vulnerability Report (July 8, 2024 to July 14, 2024)

📢 Did you know Wordfence runs a Bug Bounty Program for all WordPress plugin and themes at no cost to vendors?

Wordfence Intelligence Weekly WordPress Vulnerability Report (July 1, 2024 to July 7, 2024)

📢 Did you know Wordfence runs a Bug Bounty Program for all WordPress plugin and themes at no cost to vendors?

Wordfence Intelligence Weekly WordPress Vulnerability Report (June 24, 2024 to June 30, 2024)

📢 Did you know Wordfence runs a Bug Bounty Program for all WordPress plugin and themes at no cost to vendors?

3 More Plugins Infected in WordPress.org Supply Chain Attack Due to Compromised Developer Passwords

Update #1: As of 12:36PM EST, another plugin has been infected.

Wordfence Intelligence Weekly WordPress Vulnerability Report (June 17, 2024 to June 23, 2024)

📢 Did you know Wordfence runs a Bug Bounty Program for all WordPress plugin and themes at no cost to vendors?

Developer Accounts Compromised Due to Credential Reuse in WordPress.org Supply Chain Attack

On June 24th, 2024, the Wordfence Threat Intelligence Team became aware of a WordPress plugin, Social Warfare, that was infected with malware through the WordPress repository.

Supply Chain Attack on WordPress.org Plugins Leads to 5 Maliciously Compromised WordPress Plugins

On Monday June 24th, 2024 the Wordfence Threat Intelligence team became aware of a plugin, Social Warfare, that was injected with malicious code on June 22, 2024 based on a forum post by the WordPress.org Plugin Review team.

Wordfence Intelligence Weekly WordPress Vulnerability Report (June 10, 2024 to June 16, 2024)

📢 Did you know Wordfence runs a Bug Bounty Program for all WordPress plugin and themes at no cost to vendors?

Wordfence Intelligence Weekly WordPress Vulnerability Report (June 3, 2024 to June 9, 2024)

📢 Did you know Wordfence runs a Bug Bounty Program for all WordPress plugin and themes at no cost to vendors?

Introducing the 0-day Threat Hunt Bug Bounty Promo Through July 11th, 2024!

Update: As of July 12, 2024, we decided to make the vulnerabilities that were in-scope for the 0-day Threat Hunt indefinitely in-scope of our program.