Swift Insights
Wordfence Intelligence Weekly WordPress Vulnerability Report (May 11, 2026 to May 17, 2026)
Last week, there were 78 vulnerabilities disclosed in 62 WordPress Plugins and 2 WordPress Themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 59 Vulnerability Researchers that contributed to WordPress Security last week....
How a Webmail Log File Became a Root-Level Backdoor
THREAT ANALYSIS May 2026 · Forensic Case Study A forensic breakdown of how an attacker turned CyberPanel’s SnappyMail logging into a persistent webshell that survived every WordPress cleanup attempt. A WordPress site owner reported redirect malware on their site. They...
Wordfence Intelligence Weekly WordPress Vulnerability Report (May 4, 2026 to May 10, 2026)
Last week, there were 75 vulnerabilities disclosed in 59 WordPress Plugins and 2 WordPress Themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 56 Vulnerability Researchers that contributed to WordPress Security last week....
200,000 WordPress Sites at Risk from Critical Authentication Bypass Vulnerability in Burst Statistics Plugin
On May 8, 2026, PRISM, Wordfence Threat Intelligence’s autonomous vulnerability research platform, discovered a critical Authentication Bypass vulnerability in Burst Statistics, a WordPress plugin with more than 200,000 active installations. The vulnerability was...
1,000,000 WordPress Sites Affected by Arbitrary File Read and SQL Injection Vulnerabilities in Avada Builder WordPress Plugin
Wordfence Intelligence Weekly WordPress Vulnerability Report (April 27, 2026 to May 3, 2026)
Last week, there were 87 vulnerabilities disclosed in 198 WordPress Plugins and 5 WordPress Themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 60 Vulnerability Researchers that contributed to WordPress Security last week....
Authenticated Arbitrary File Upload Vulnerability Patched in Slider Revolution 7 WordPress Plugin
On April 18th, 2026, we received a submission for an Authenticated Arbitrary File Upload vulnerability in Slider Revolution, a WordPress plugin. Although the plugin has more than 5,000,000 active installations, we estimate that only around 45,000 sites are using a...
Attackers Actively Exploiting Critical Vulnerability in Breeze Cache Plugin
On April 22nd, 2026, we publicly disclosed a critical Arbitrary File Upload vulnerability in Breeze Cache, a WordPress plugin with an estimated 400,000 active installations. This vulnerability can be leveraged by unauthenticated attackers to upload arbitrary files,...
Wordfence Intelligence Weekly WordPress Vulnerability Report (April 20, 2026 to April 26, 2026)
Last week, there were 157 vulnerabilities disclosed in 122 WordPress Plugins and 27 WordPress Themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 69 Vulnerability Researchers that contributed to WordPress Security last...
Wordfence Intelligence Weekly WordPress Vulnerability Report (April 13, 2026 to April 19, 2026)
Last week, there were 139 vulnerabilities disclosed in 116 WordPress Plugins and 10 WordPress Themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 84 Vulnerability Researchers that contributed to WordPress Security last...