Last week, there were 179 vulnerabilities disclosed in 163 WordPress Plugins and 2 WordPress Themes that have been added to the Wordfence...
Feed
Wordfence Intelligence Weekly WordPress Vulnerability Report (November 24, 2025 to November 30, 2025)
Last week, there were 74 vulnerabilities disclosed in 67 WordPress Plugins and 2 WordPress Themes that have been added to the Wordfence Intelligence...
Attackers Actively Exploiting Critical Vulnerability in Sneeit Framework Plugin
On June 10th, 2025, we received a submission for a Remote Code Execution vulnerability in Sneeit Framework, a WordPress plugin with an estimated...
100,000 WordPress Sites Affected by Remote Code Execution Vulnerability in Advanced Custom Fields: Extended WordPress Plugin
On November 18th, 2025, we received a submission for an unauthenticated Remote Code Execution vulnerability in Advanced Custom Fields: Extended, a...
Attackers Actively Exploiting Critical Vulnerability in King Addons for Elementor Plugin
On July 24th, 2025, we received a submission for a Privilege Escalation vulnerability in King Addons for Elementor, a WordPress plugin with more...
Wordfence Intelligence Weekly WordPress Vulnerability Report (November 17, 2025 to November 23, 2025)
Last week, there were 140 vulnerabilities disclosed in 129 WordPress Plugins and 1 WordPress Theme that have been added to the Wordfence...
The Price of ‘Free’: How Nulled Plugins Are Used to Weaken Your Defense
The Wordfence Threat Intelligence Team has discovered a new malware campaign that highlights the hidden risks associated with “nulled plugins”, or...
Pushing Boundaries With Claude Code
Claude Code stormed onto the programming scene when Anthropic launched it in February of this year. It moved, what Andrej Karpathy has called “The...
WordPress SQLsplorer Challenge: Bigger Scope and Bounties for All Researchers in the Wordfence Bug Bounty Program
From now through September 22, 2025, we’re running our SQLsplorer Challenge, focused on SQL Injection vulnerabilities. During this challenge, we’re...
Revolutionizing Responsible Disclosure: Introducing the Wordfence Vulnerability Management Portal for WordPress Vendors
The Wordfence team is excited to announce the official launch of the Wordfence Vulnerability Management Portal, the latest addition to the Wordfence...