Wordfence Research and News

Blog icon

Get Spooked By Huge Scope and Rewards in the Wordfence Bug Bounty Cybersecurity Month Spooktacular Haunt!

In celebration of Cybersecurity Awareness Month and the ‘Secure Our World‘ theme for this year, we’re brewing up some extra-exciting opportunities to propel our mission to Secure the Web.

7,000 WordPress Sites Affected by Unauthenticated Critical Vulnerabilities in LatePoint WordPress Plugin

On September 17, 2024, our Wordfence Threat Intelligence team identified and began the responsible disclosure process for two critical vulnerabilities in the LatePoint plugin, which is estimated to be actively installed on more than 7,000 WordPress websites.

Wordfence Intelligence Weekly WordPress Vulnerability Report (September 23, 2024 to September 29, 2024)

📢 Did you know Wordfence runs a Bug Bounty Program for all WordPress plugins and themes at no cost to vendors?

8,000 WordPress Sites affected by Arbitrary File Upload Vulnerability in WP Hotel Booking WordPress Plugin

On August 3rd, 2024, we received a submission for an Arbitrary File Upload vulnerability in WP Hotel Booking, a WordPress plugin with more than 8,000 active installations.

A (Beta) Audio Roundup of September’s WordPress Vulnerabilities

For those of you that want to stay abreast of the newest vulnerabilities in the WP ecosystem, but like to multitask, here’s an audio roundup of the vulnerabilities we published in the month of September.

Wordfence Intelligence Weekly WordPress Vulnerability Report (September 16, 2024 to September 22, 2024)

📢 Did you know Wordfence runs a Bug Bounty Program for all WordPress plugins and themes at no cost to vendors?

90,000 WordPress Sites Affected by Arbitrary File Upload and Authentication Bypass Vulnerabilities in Jupiter X Core WordPress Plugin

On August 6th, 2024, we received a submission for an Arbitrary File Upload vulnerability in Jupiter X Core, a WordPress plugin with more than 90,000 active installations.

20,000 WordPress Sites Affected by Privilege Escalation Vulnerability in WCFM – WooCommerce Frontend Manager WordPress Plugin

On August 28th, 2024, we received a submission for a Privilege Escalation via Account Takeover vulnerability in WCFM - WooCommerce Frontend Manager, a WordPress plugin with more than 20,000 active installations.

Wordfence Intelligence Weekly WordPress Vulnerability Report (September 9, 2024 to September 15, 2024)

📢 Did you know Wordfence runs a Bug Bounty Program for all WordPress plugins and themes at no cost to vendors?

GPU Hosting and Open Source AI Will Revolutionize or Kill WordPress

On the eve of WordCamp US 2024 we find ourselves in the midst of a revolution.
  • Ask Wordfence
  • General Security
  • Holiday
  • Learning
  • Long Read
  • Miscellaneous
  • Monthly Attack Activity Report
  • Podcasts
  • PSA
  • Research
  • SEO
  • Threat Research
  • Uncategorized
  • Videos
  • Vulnerabilities
  • Wordfence
  • Wordfence CLI
  • Wordfence Intelligence
  • WordPress Security

    • Breaking WordPress Security Research in your inbox as it happens.

    Example of a news story

    This site uses cookies in accordance with our Privacy Policy.