Wordfence Research and News

Blog icon
Category: Research

1,000,000 WordPress Sites Protected Against Unique Remote Code Execution Vulnerability in WPML WordPress Plugin

On June 19th, 2024, we received a submission for a Remote Code Execution via Twig Server-Side Template Injection vulnerability in WPML, a WordPress plugin with more than 1,000,000 active installations.

$4,998 Bounty Awarded and 100,000 WordPress Sites Protected Against Unauthenticated Remote Code Execution Vulnerability Patched in GiveWP WordPress Plugin

📢 Did you know Wordfence runs a Bug Bounty Program for all WordPress plugin and themes at no cost to vendors?

10,000 WordPress Sites Affected by Arbitrary File Read and Delete Vulnerability in InPost PL and InPost for WooCommerce WordPress Plugins

📢 Did you know Wordfence runs a Bug Bounty Program for all WordPress plugin and themes at no cost to vendors?

5,000 WordPress Sites Affected by Unauthenticated Remote Code Execution Vulnerability in JS Help Desk WordPress Plugin

📢 Did you know Wordfence runs a Bug Bounty Program for all WordPress plugin and themes at no cost to vendors?

Over 8,000 Exploit Attempts Already Blocked For Recently Patched Unauthenticated Arbitrary File Upload Vulnerability in 简数采集器 (Keydatas) WordPress Plugin

On June 18th, 2024, during the 0-day Threat Hunt Promo of our Bug Bounty Program, we received a submission for an Unauthenticated Arbitrary File Upload vulnerability in 简数采集器 (Keydatas), a WordPress plugin with more than 5,000 active installations.
The Aftermath of the WordPress.org Supply Chain Attack: New Malware and Techniques Emerge

The Aftermath of the WordPress.org Supply Chain Attack: New Malware and Techniques Emerge

On Monday June 24th, 2024 the Wordfence Threat Intelligence team was made aware of the presence of malware in the Social Warfare repository plugin.

10,000 WordPress Sites Affected by High Severity Vulnerabilities in BookingPress WordPress Plugin

10,000 WordPress Sites Affected by High Severity Vulnerabilities in BookingPress WordPress Plugin

7,000 WordPress Sites Affected by Privilege Escalation Vulnerability in ProfileGrid WordPress Plugin

📢 Did you know Wordfence runs a Bug Bounty Program for all WordPress plugin and themes at no cost to vendors? 

$3,094 Bounty Awarded and 150,000 WordPress Sites Protected Against Arbitrary File Upload Vulnerability Patched in Modern Events Calendar WordPress Plugin

📢 Did you know Wordfence runs a Bug Bounty Program for all WordPress plugin and themes at no cost to vendors? 

WordPress Security Research: A Beginner’s Series

Learn How To Find WordPress Vulnerabilities Step-by-Step Welcome to the inaugural post of our WordPress Security Research Beginner’s Series!
  • Ask Wordfence
  • General Security
  • Holiday
  • Learning
  • Long Read
  • Miscellaneous
  • Monthly Attack Activity Report
  • Podcasts
  • PSA
  • Research
  • SEO
  • Threat Research
  • Uncategorized
  • Videos
  • Vulnerabilities
  • Wordfence
  • Wordfence CLI
  • Wordfence Intelligence
  • WordPress Security

    • Breaking WordPress Security Research in your inbox as it happens.

    Example of a news story

    This site uses cookies in accordance with our Privacy Policy.