Wordfence Vulnerability Submission Form

Thanks for choosing to submit a vulnerability to the Wordfence Intelligence Vulnerability Database! Wordfence is a Certified Numbering Authority (CNA), which grants us the ability to assign CVE IDs to WordPress plugin, theme, and core vulnerabilities. Please fill out the following form to request a CVE ID or to submit a vulnerability that will be added to our public database of vulnerabilities. All vulnerabilities reported to us without a CVE ID assignment will be assigned a CVE ID. Please make sure to fill out the form with as much detail as possible to help speed up the triage process.

As a reminder, you are not currently signed in, which means you are ineligible to participate in the bug bounty program upon submission of the vulnerability form. If you'd like your vulnerability report to be submitted with participation in the bug bounty program, and the vulnerability automatically associated with your researcher profile, please make sure to sign in or complete your registration today!

Contact Details
*
*
Software Details
Type of Software *
Software Name *
Software Slug *
If you're unsure of what to enter here, please use <= and provide the latest version of the software in which the vulnerability was confirmed to be present.
Vulnerability Details
Describe the vulnerability you have discovered, concisely and accurately.
Select the most appropriate CWE for this vulnerability. You can search by name or by CWE number if needed.
Add any researchers (other than yourself) that contributed to this discovery.
Proof of Concept
Other Details
Have you requested a CVE from another CNA for this vulnerability? *
Have you reported this to another vendor, other than the software vendor? *

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation