On April 6th, 2026, we publicly disclosed a critical Arbitrary File Upload vulnerability in Ninja Forms – File Upload, a WordPress plugin with an...
Feed
Wordfence Intelligence Weekly WordPress Vulnerability Report (April 6, 2026 to April 12, 2026)
Last week, there were 153 vulnerabilities disclosed in 117 WordPress Plugins and 23 WordPress Themes that have been added to the Wordfence...
Attackers Actively Exploiting Critical Vulnerability in Kali Forms Plugin
On March 2nd, 2026, we received a submission through our Bug Bounty Program for a Remote Code Execution vulnerability in Kali Forms, a WordPress...
The Increasing Role of AI in Vulnerability Research
At Wordfence, we run a bug bounty program that pays out mid-six figures per year to researchers in bug bounties for WordPress related...
Wordfence Intelligence Weekly WordPress Vulnerability Report (March 30, 2026 to April 5, 2026)
Last week, there were 54 vulnerabilities disclosed in 49 WordPress Plugins that have been added to the Wordfence Intelligence Vulnerability...
200,000 WordPress Sites Affected by Arbitrary File Deletion Vulnerability in Perfmatters WordPress Plugin
50,000 WordPress Sites affected by Arbitrary File Upload Vulnerability in Ninja Forms – File Upload WordPress Plugin
On January 8th, 2026, we received a submission for an Arbitrary File Upload vulnerability in Ninja Forms – File Upload, a WordPress plugin with an...
Important Notice: Preserving Free Access While Evolving the Wordfence Intelligence Vulnerability API
In 2022, Wordfence introduced a completely free vulnerability database to support the WordPress security community. We made sure that included...
10,000 WordPress Sites Protected Against Site Reset and Privilege Escalation Vulnerability in Demo Importer Plus WordPress Plugin
On November 27th, 2025, we received a submission for a Site Reset and Privilege Escalation vulnerability in Demo Importer Plus, a WordPress plugin...
Wordfence Intelligence Weekly WordPress Vulnerability Report (December 8, 2025 to December 14, 2025)
Last week, there were 224 vulnerabilities disclosed in 205 WordPress Plugins and 9 WordPress Themes that have been added to the Wordfence...