📢 Calling all Vulnerability Researchers and Bug Bounty Hunters! 📢 🌞 Spring into Summer with Wordfence! Now through August 4, 2025, earn 2X bounty rewards for all in-scope submissions from our ‘High Threat’ list in software with fewer than 5…
Tag: Blog – Wordfence
100,000 WordPress Sites Affected by Arbitrary File Upload Vulnerability in AI Engine WordPress Plugin
On July 18th, 2025, we received a submission for an Arbitrary File Upload vulnerability in AI Engine, a WordPress plugin with more than 100,000 active installations. This vulnerability can be used by authenticated attackers, with subscriber-level access and above, to…
Attackers Actively Exploiting Critical Vulnerability in Alone Theme
On May 30th, 2025, we received a submission for an Arbitrary File Upload via Plugin Installation vulnerability in Alone, a WordPress theme with more than 9,000 sales. This vulnerability makes it possible for an unauthenticated attacker to upload arbitrary files…
10,000 WordPress Sites Affected by Critical Vulnerabilities in HT Contact Form WordPress Plugin
On June 24th, 2025, we received a submission for an Arbitrary File Upload and an Arbitrary File Deletion vulnerability in HT Contact Form, a WordPress plugin with more than 10,000 active installations. The arbitrary file upload vulnerability can be used…
Wordfence Intelligence Weekly WordPress Vulnerability Report (July 14, 2025 to July 20, 2025)
📢 Calling all Vulnerability Researchers and Bug Bounty Hunters! 📢 🌞 Spring into Summer with Wordfence! Now through August 4, 2025, earn 2X bounty rewards for all in-scope submissions from our ‘High Threat’ list in software with fewer than 5…
Wordfence Intelligence Weekly WordPress Vulnerability Report (July 7, 2025 to July 13, 2025)
📢 Calling all Vulnerability Researchers and Bug Bounty Hunters! 📢 🌞 Spring into Summer with Wordfence! Now through August 4, 2025, earn 2X bounty rewards for all in-scope submissions from our ‘High Threat’ list in software with fewer than 5…
Wordfence Intelligence Weekly WordPress Vulnerability Report (June 30, 2025 to July 6, 2025)
📢 Calling all Vulnerability Researchers and Bug Bounty Hunters! 📢 🌞 Spring into Summer with Wordfence! Now through August 4, 2025, earn 2X bounty rewards for all in-scope submissions from our ‘High Threat’ list in software with fewer than 5…
200,000 WordPress Sites Affected by Arbitrary File Deletion Vulnerability in SureForms WordPress Plugin
On June 21st, 2025, we received a submission for an Arbitrary File Deletion vulnerability in SureForms, a WordPress plugin with more than 200,000 active installations. This vulnerability makes it possible for unauthenticated threat actors to specify arbitrary file paths in…
Revolutionizing Responsible Disclosure: Introducing the Wordfence Vulnerability Management Portal for WordPress Vendors
The Wordfence team is excited to announce the official launch of the Wordfence Vulnerability Management Portal, the latest addition to the Wordfence Intelligence suite. This new interface is designed to improve and simplify the vulnerability disclosure process between the Wordfence…
600,000 WordPress Sites Affected by Arbitrary File Deletion Vulnerability in Forminator WordPress Plugin
On June 20th, 2025, we received a submission for an Arbitrary File Deletion vulnerability in Forminator, a WordPress plugin with more than 600,000 active installations. This vulnerability makes it possible for unauthenticated threat actors to specify arbitrary file paths in…