Wordfence Research and News

Blog icon

Unauthenticated Stored Cross-Site Scripting Vulnerability Patched in WordPress Core

WordPress 6.5.2 was released yesterday, on April 9, 2024. It included a single security patch, along with a handful of bug fixes.

$937 Bounty Awarded for Privilege Escalation and Local File Inclusion Vulnerabilities Patched in MasterStudy LMS WordPress Plugin

🎉 Did you know we’re running a Bug Bounty Extravaganza again?

$657 Bounty Awarded for Arbitrary File Upload Patched in WEmanage App Worker WordPress Plugin

On February 1st, 2024, during our Bug Bounty Extravaganza, we received a submission for an Arbitrary File Upload vulnerability in Management App for WooCommerce, a WordPress plugin with 1,000+ active installations.

Wordfence Intelligence Weekly WordPress Vulnerability Report (March 25, 2024 to March 31, 2024)

🎉 Did you know we’re running a Bug Bounty Extravaganza again?

$5,500 Bounty Awarded for Unauthenticated SQL Injection Vulnerability Patched in LayerSlider WordPress Plugin

On March 25th, 2024, during our second Bug Bounty Extravaganza, we received a submission for an unauthenticated SQL Injection vulnerability in LayerSlider, a WordPress plugin with more than 1,000,000 estimated active installations.

Introducing New Pricing For Wordfence CLI!

We have an exciting announcement today about the Wordfence CLI project.

Unauthenticated Stored Cross-Site Scripting Vulnerability Patched in WP-Members Membership Plugin – $500 Bounty Awarded

🎉 Did you know we’re running a Bug Bounty Extravaganza again?

Wordfence Intelligence Weekly WordPress Vulnerability Report (March 18, 2024 to March 24, 2024)

🎉 Did you know we’re running a Bug Bounty Extravaganza again?

Wordfence Intelligence Weekly WordPress Vulnerability Report (March 11, 2024 to March 17, 2024)

🎉 Did you know we’re running a Bug Bounty Extravaganza again?

$601 Bounty Awarded for Interesting Cross-Site Request Forgery to Local JS File Inclusion Vulnerability Patched in File Manager WordPress Plugin

🎉 Did you know we’re running a Bug Bounty Extravaganza again?