📢 Calling all Vulnerability Researchers and Bug Bounty Hunters! 📢 🌞 Spring into Summer with Wordfence! Now through August 4, 2025, earn 2X bounty rewards for all in-scope submissions from our ‘High Threat’ list in software with fewer than 5…
Tag: Blog – Wordfence
100,000 WordPress Sites Affected by Privilege Escalation via MCP in AI Engine WordPress Plugin
On May 21st, 2025, our Wordfence Threat Intelligence team identified and began the responsible disclosure process for an Insufficient Authorization to Privilege Escalation via MCP (Model Context Protocol) vulnerability in the AI Engine plugin, which is actively installed on more…
Wordfence Intelligence Weekly WordPress Vulnerability Report (June 2, 2025 to June 8, 2025)
📢 Calling all Vulnerability Researchers and Bug Bounty Hunters! 📢 🌞 Spring into Summer with Wordfence! Now through August 4, 2025, earn 2X bounty rewards for all in-scope submissions from our ‘High Threat’ list in software with fewer than 5…
33,000 WordPress Sites Affected by Privilege Escalation Vulnerability in RealHomes WordPress Theme
On May 4th, 2025, we received a submission for a Privilege Escalation vulnerability in RealHomes, a WordPress theme with more than 33,000 sales. This vulnerability can be used by authenticated attackers, with subscriber-level access and above, to grant themselves administrative…
33,000 WordPress Sites Affected by Privilege Escalation Vulnerability in RealHomes WordPress Theme
On May 4th, 2025, we received a submission for a Privilege Escalation vulnerability in RealHomes, a WordPress theme with more than 33,000 sales. This vulnerability can be used by authenticated attackers, with subscriber-level access and above, to grant themselves administrative…
Wordfence Intelligence Weekly WordPress Vulnerability Report (May 26, 2025 to June 1, 2025)
📢 In case you missed it, Wordfence just published its annual WordPress security report for 2024. Read it now to learn more about the evolving risk landscape of WordPress so you can keep your sites protected in 2025 and beyond. …
Malware Masquerades as Legitimate, Hidden WordPress Plugin with Remote Code Execution Capabilities
The Wordfence Threat Intelligence team recently discovered an interesting malware variant that appears in the file system as a normal WordPress plugin containing a comment header, a handful of functions as well as a simple admin interface. Just like previous…
9,000 WordPress Sites Affected by Arbitrary File Upload and Deletion Vulnerabilities in WP User Frontend Pro WordPress Plugin
On March 24th, 2025, we received a submission for an Arbitrary File Upload and an Arbitrary File Deletion vulnerability in WP User Frontend Pro, a WordPress plugin with an estimated 9,000 active installations. The arbitrary file upload vulnerability can be…
Malware Masquerades as Legitimate, Hidden WordPress Plugin with Remote Code Execution Capabilities
The Wordfence Threat Intelligence team recently discovered an interesting malware variant that appears in the file system as a normal WordPress plugin containing a comment header, a handful of functions as well as a simple admin interface. Just like previous…
Wordfence Intelligence Weekly WordPress Vulnerability Report (May 19, 2025 to May 25, 2025)
📢 In case you missed it, Wordfence just published its annual WordPress security report for 2024. Read it now to learn more about the evolving risk landscape of WordPress so you can keep your sites protected in 2025 and beyond. …